SD-WAN: How to Leverage Next-Gen Networks Without Adding Cyber Risk

Michael Rezek

Digital transformation was helping businesses to streamline processes and create innovative customer experiences long before the pandemic. But over recent months it’s become absolutely critical in helping channel organizations support their clients’ efforts to react with agility to unprecedented conditions.

Cloud-based applications are right at the heart of the value that digital projects can add here. But how do you deliver these bandwidth-hungry apps to employees as cost efficiently as possible, without impacting performance? This is where software-defined wide area networking comes in.

However, as much promise as SD-WAN holds for the IT channel, there’s one important caveat; it also expands the attack surface. Security must therefore be baked into any projects from the start, security by design — and viable enough to run across hundreds or even thousands of remote sites.

Defining SD-WAN

SD-WAN has been picking up momentum for several years now, but we may finally have reached a tipping point. According to one study, adoption jumped from 35% in 2017 to 54% two years later. Gartner’s 2019 Hype Cycle report for enterprise networking claimed that it “continues rapid movement as a mainstream technology.”

It’s not hard to see why. By decoupling the networking hardware from its control layer and virtualizing the WAN, the technology works to simplify configuration and traffic routing. Network operations (NetOps) teams can manage policies and bandwidth centrally rather than being forced to send engineers out to manually configure networks. Traffic from business-critical applications can be prioritized and because it’s all routed over the internet, it offers cost savings over legacy MPLS. IDC also believes the technology can play a key role in supporting remote workers in a post-pandemic world. In this scenario, every home office is effectively a branch office.

False Sense of Security

However, if managed service providers, system integrators and other channel players want to leverage these kinds of benefits, they must pay close attention to the unique security risks SD-WAN also introduces. Although traffic is end-to-end encrypted by default, and security and policy can be integrated directly into connectivity, there are challenges. Whereas traffic used to be sent back via a private MPLS line to a secure site, now internet-connected corporate assets and data are exposed to remote and insider threats.

Further challenges come if providers are managing multiple SD-WAN deployments from different vendors across highly distributed architectures. Without adequate security orchestration and control across the entire environment, dangerous blind spots may appear. Unfortunately, legacy monitoring tools weren’t designed with SD-WAN in mind.

NetOps managers in channel organizations should also be aware that firewalls only go so far in mitigating cyber risk. Don’t be lulled into a false sense of security: perimeter security is only one layer of the defenses you need in place and will do little to stop attackers that have been able to breach the perimeter by using …