Security Concerns for SD-WAN: Look Before You Leap

Posted by on January 22nd, 2020 in Blog Posts, Security-as-a-Service, Software-Defined WAN (SD-WAN)

If you’re thinking about making a move to SD-WAN in the coming year, you already know that these solutions can help your organization build a more resilient and efficient Wide Area Network (WAN). And, for companies relying heavily on cloud-based applications like virtual desktop infrastructures (VDIs) or Unified Communication (UC) platforms, SD-WAN brings bandwidth reliability and performance at a much lower cost compared to adding more and more MPLS circuits. Overall, the best SD-WAN solutions bring greater control to the WAN infrastructure with the ability to mix and match the right transport services – MPLS, 4G LTE, and low-cost broadband internet – to the right application based on performance requirements and Quality of Experience (QoE) expectations. 

Look before you leap

Because of these benefits, it’s no wonder that SD-WAN adoption is on the rise. Gartner predicts that by the end of 2023, 60% of enterprises will have implemented SD-WAN, primarily to increase network agility and enhance support for cloud applications. (Source: Gartner). But, before jumping in head first, companies should also understand that there are some concerns around security. Let’s take a look at top considerations around security to help you make the right decision for your business. 

Stripped down security won’t cut it – The first generation of SD-WAN was all about adding protection on top of existing solutions, pushing organizations to buy bigger firewalls. This after-the-fact approach is problematic, considering companies often have multiple branch offices or remote locations to secure. Bringing in firewalls for each location adds high costs to the overall WAN solution and can hurt the performance of business-critical apps like voice and video. Other SD-WAN offerings opt for basic and stripped-down firewalls and VPN capabilities, which also requires encrypting traffic. These options are problematic because they need a lot of setup time and management effort. 

What to look for instead – Companies need SD-WAN solutions that don’t skimp on security. If your team is going down the SD-WAN path, organizations should make sure their solutions include enterprise-grade security features, including next-generation firewall (NGFW) technology. Only NGFW tech can effectively detect and block the kind of sophisticated attacks hackers are cooking up today. These tools let companies enforce security policies at the application, port, and protocol levels. SD-WAN solutions serious about security should also include anti-malware, web-filtering tools, network access control, SSL inspection, and other solutions to protect applications and data in motion. 

Multi-cloud environments make it tough to enforce consistent policies – In a multi-cloud environment, businesses leverage multiple public and private clouds for different application workloads. Managing all of these separate cloud environments is a real challenge for the IT team, especially when it comes to security. Maintaining consistent security policies and tracking devices and data that are continually shifting across environments is almost unmanageable.   

What to look for instead – For a software-defined WAN to work in a multi-cloud environment, teams should be able to set and carry out consistent security policies, protocols, and functions across all different platforms in real-time. This includes consistent enforcement between branch offices, the cloud, and various SaaS environments. For protection against sophisticated cyberattacks like ransomware and crypto-malware, SD-WAN strategies should also include AI-based sandboxing tools for added security. 

Added security doesn’t help if you can’t manage it – To bridge security gaps, companies often take the approach of adding stand-alone security solutions to protect their SD-WAN infrastructure. This piece-meal approach is especially common for organizations that are increasingly SaaS dependent. The problem? These bolt-on solutions usually come with independent management software and interfaces. IT teams can become quickly overwhelmed by security tool sprawl, causing inconsistencies in enforcement along with limited visibility and control over the company’s complete security framework.  

What to look for instead – SD-WAN solutions should enable consistent enforcement of policies at the data center, in the cloud, and at the branch. Cloud Access Security Broker (CASB) software and services meet these needs by enabling companies to extend the security controls of on-premises infrastructure to cloud services. CASB software acts as a go-between between cloud service users and providers to enforce uniform security, compliance, and governance policies for cloud applications.

Make your move with confidence

When it comes to SD-WAN infrastructures, one of the biggest security challenges is finding ways to apply a consistent security framework to the environment. Organizations can address these concerns with integrated security and SD-WAN solutions that are tied together into a single platform. Those solutions that bring together integrated deployment and management options enable teams to optimize this more flexible network architecture, without the burden of additional security risks. Want to learn more? At Intelletrace we can help you evaluate your options around SD-WAN or answer questions about building a secure and reliable network infrastructure. Let’s get started!

"When I go into large accounts I will work with Intelletrace engineers to help craft a solution for my customers. That's a pretty important partner to have."
- David Little, VP Sales & Co-Founder, Fortis Telecom
"I can always talk to somebody. The people that work at Intelletrace are extremely attentive. They understand my problems and can get answers quickly."
- Mark Freid, IT Administrator, Sysco Labs
"The service is always exceptional."
- Nathan Lighthouse, Senior Voice Engineer, O1 Communications
"I quickly got a good feeling about these guys. They do what they say they're going to do."
- David Little, VP Sales & Co-Founder, Fortis Telecom
"I would definitely recommend Intelletrace to any company that's setting up a new network or has to update their network."
- Mark Freid, IT Administrator, Sysco Labs
"We need a circuit... we contact Intelletrace."
- Nathan Lighthouse, Senior Voice Engineer, O1 Communications
"In a technology space where things can go wrong, they put my mind at ease."
- David Little, VP Sales & Co-Founder, Fortis Telecom
"They're extremely helpful, they're extremely knowledgeable... they've been a life-saver for our company."
- Mark Freid, IT Administrator, Sysco Labs
"It's nice to be able to call Intelletrace, open a ticket, then they take control and work with the carrier. We can focus on the issue at hand."