In our last post, we discussed the benefits of software-defined wide-area networks (SD-WANs) in reducing the cost and complexity of the WANs linking multiple sites in the corporate environment. Traditionally, organizations have relied upon multiprotocol label switching (MPLS) links for WAN connectivity, backhauling branch Internet access over the WAN to the corporate data center. This model has become less feasible as organizations adopt more cloud-based applications and services.
SD-WAN makes it possible to combine MPLS, broadband, 4G/LTE wireless, satellite and other transport mechanisms in a hybrid WAN, and route traffic based upon application requirements and business needs. The software-centric architecture of SD-WAN provides the visibility and intelligence to make these decisions automatically. As a result, SD-WAN enables organizations to utilize broadband links for branch WAN traffic, cutting MPLS costs.
While SD-WAN does have the ability to create a more cost-efficient WAN infrastructure, it also addresses many of the security concerns associated with WAN access today. That’s because SD-WAN uses software-defined networking concepts to enable centralized policy management for end-to-end security.
Although MPLS is expensive, many organizations continue to rely on it because it’s secure. If properly configured, an MPLS connections creates a “virtual circuit” that’s isolated from the Internet and third-party connections. In addition, service providers use a variety of techniques to harden their routers and the customer’s premises equipment. Organizations can also use virtual private networks (VPNs) to create encrypted “tunnels” that further secure site-to-site connections.
Broadband Internet connections are not secure. When using broadband, organizations have to set up VPNs to protect sensitive data traveling between sites — a complex undertaking requiring networking expertise and painstaking configuration of the VPN tunnels.
SD-WAN simplifies the implementation of multipoint VPNs, replacing complex configurations with templated “profiles” that can easily be replicated across multiple sites. By enabling robust encryption, SD-WAN makes it possible to send traffic over any connection without security concerns. SD-WAN VPNs also provide enterprise-class performance and availability, overcoming two key limitations of traditional VPNs.
In addition, SD-WAN makes it possible to segment the WAN in order to control access to certain systems and isolate sensitive data. As the name implies, network segmentation divides the network into subnetworks to prevent an attacker from moving freely across the environment. If a security breach occurs, the potential damage is contained to the smallest possible area. WAN segmentation thus supports regulatory compliance requirements and reduces the threats associated with insecure connections and Internet of Things (IoT) devices.
Finally, SD-WAN helps IT teams find and mitigate threats more quickly by providing greater visibility into network traffic, including encrypted traffic. Some SD-WAN solutions also include advanced threat detection and prevention features, and can feed events and alerts into a security incident and event manager (SIEM) for correlation and analysis.
There’s no question that organizations are interested in the reduced costs and complexity delivered by SD-WAN. However, a recent IDC survey found that enhanced security is the No. 1 driver of SD-WAN adoption. Let us show you how SD-WAN can protect sensitive data and reduce the threat of attack.