SD-WAN has been front and center in making the digital transformation a reality. To support digital innovation initiatives, businesses across industries are looking at SD‑WAN to keep up with cloud enablement, real-time apps for their customers, Point‑of‑Sale (POS) transactions, site operations and management, and employee communications and training. Gartner predicts that by 2023, 93% of organizations will be using some form of SD-WAN for their WAN edge to save money, increase application performance, and simplify their network deployment and management. While SD-WAN can provide benefits to an enterprise, many of the available solutions lack smart and responsive managed security.
The SD-WAN security offerings from various vendors can be grouped into three general categories:
- Cloud-based. With a cloud-based offering, the SD-WAN device is not doing any local inspection and offloads all packets to a cloud service.
- Third-party integration. This comes in the form of service chaining, in which multiple virtual services are working together within the physical box.
- Built-in security. As the name suggests, the security inspection happens within the physical box itself. These appliances are traditional security devices, such as next generation firewalls (NGFW), that have SD-WAN as a feature.
A fully integrated and centralized secure SD-WAN is the answer for businesses with several branches.Security is central to any successful SD-WAN deployment, and maintaining a secure network has never been more complex or more important. In a distributed enterprise, a branch or site can be far less secure due to the lack of security built into the SD-WAN solution. Locations that are directly connected to the Internet with security tools—such as firewalls, URL filtering, or even antivirus applications—become vulnerable to cyber-attacks.
What is secure SD-WAN?
According to Network World, “Secure SD-WAN is what combines both network and security into one integrated platform.” The secure SD-WAN solution can be placed on premises or can be edge-based at the branch location, in the cloud, or in between.
With several secure SD-WAN options available, it is important that you find a service or solution that provides the right level of security without compromising your application and operations productivity. It is a best practice to bring your network, operations, and security teams into the overall enterprise SD-WAN strategy. This group should collectively determine whether you have the time and expertise to implement and manage a secure SD-WAN solution. They should then consider network, operations, applications, cloud ramp, and security needs. Some applications require PCI certifications and compliance, while others require advanced threat management, intrusion prevention, advanced malware protection, and URL filtering at the edge or in the cloud.
One of the most crucial early decisions to make as you assess your current and future networking needs is whether to pursue a Managed Service Provider (MSP) or Do‑It‑Yourself (DIY) approach. Such a decision requires a clear understanding of your resources, budget, applications, security, and other network needs now and in the future. Large organizations may have sufficient IT resources and network architects available to design and deploy a secure SD-WAN in house. However, the maintenance, support, and management can be a headache due to ever-changing complexities on an existing network.
Branches may have different network infrastructure, transport, or operations requirements. The tools and processes built for on-premises and cloud networks are not the same. While changing your network to SD-WAN is a step in the right direction, it is wise to partner with an experienced managed SD-WAN provider who can evaluate and tailor a circuit design that can adapt to your current and future business requirements. An MSP can also take over the complexities of your installation, maintenance, service, and support.
First, work with an experienced MSP who can give you a wide range of SD-WAN solutions to find the right solution for your specific needs at the branch level. The MSP should have nationwide access to installers and a centralized Network Operations Center (NOC) and Security Operations Center (SOC) to provide 24/7 service and support for your distributed branches. For a secure SD-WAN, the SOC needs to have visibility into each branch to monitor threat levels, manage the network gateways, and manage systems that are found to be vulnerable or infected by any malware or security attacks.
An SD-WAN MSP supplies the hardware, software, and networking and transport services required to deliver the appropriate application or service at each branch. Based on your service-level agreement, monitoring, uptime performance, and support can be determined at the branch level.
The right secure SD-WAN service partner can provide access to a wide variety of service options to best fit your business needs, from fully managed to DIY to a hybrid model.
Ultimately, it's all about measurements.