Digital Security

Security-Focused Shift to SD-WAN Threatens DC Supremacy

Enterprise adoption of the Software-Defined Wide Area Network (SD-WAN) architecture opens up significant improvements from an operations, cost, and flexibility perspective. But it’s a big forklift infrastructure shift, where company size, and thus network complexity, are crucial factors in any decision to embark on the SD-WAN journey.

What Will Drive SD-WAN Adoption?

Tech SecurityThe work done by the Open Network User Group (ONUG) SD-WAN Working Group in the October 2014 white paper Is heavily skewed towards the needs and experiences of major global or multinational corporations. The upshot is that it will be this class of enterprise that will spearhead the shift to SD-WAN. But the changes will ripple on to a much wider range of enterprise customers once service providers and vendors evolve standardized SD-WAN service packages.

The SD-WAN security concept specifically aims to “improve visibility, prioritization and steering of business critical and real-time applications as per security and corporate governance and compliance policies”.

For large companies that already operate with board-level Governance, Risk, and Compliance (GRC) policies, the SD-WAN can significantly improve monitoring capabilities of branch office communications. This compliance management has become increasingly difficult as more intermediate functions are added at the branch level and the shift to cloud services has reduced the hub function of the central office. Intermediate network functions typically involve WAN optimization, load balancing, traffic analysis, Security Information and Event Management (SIEM), content caching, and Wi-Fi controllers. These can all be handled in SD-WAN software.

SD-WAN Strategy Looks Promising

Pertinent security questions that need to be detailed when considering the shift to SD-WAN include authentication handling, encryption, hacking mitigation and data leakage prevention, real-time traffic monitoring, stateful firewalling and contingency planning, and role-based access in a multi-tenant environment.

Companies that have many mobile employees using IPSec VPN connections to access corporate resources are challenged in the compliance department – especially if they are using symmetric IPSec encryption or shared keys across all corporate entities. SD-WAN empowers enterprise customers to take back control of their network with better cryptography options available for the control and forwarding plane.

So, specifically relating to security and compliance, the SD-WAN strategy looks promising – vendors, service providers and enterprise users are getting together to define the next generation of more tightly integrated, flexible, scalable and secure networks.

What does the SD-WAN Shift Look Like In Practical Terms?

However, shifting from the top-down planners to the engine room implementer perspective, what does the ‘shift-to-SD-WAN-process’ actually entail? Is it really as good for the IT department as the Board? What happens when the data center activities shift from handling hub traffic and hosting business critical applications to monitoring and managing what the remote locations are doing directly on the web and in the cloud? What about the typical barriers to adoption such as cost, change management complexity, the learning new skills & acceptance curve, and then there’s the staff concerns relating to any serious process or automation change. Which jobs will be made redundant due to the skills mismatch, or even just to pay for the new regime?

The SD-WAN is at this stage for the big corporations with the investment strength, the IT expertise, and the far-flung business operations, where significant revenue generating improvements can be achieved if their IT resources could be better managed.

At this stage of development realizing the SD-WAN will require hard work, great insight, and management backing to get these security issues addressed when negotiating with vendors for more automation and the flexibility and scalability that the SD-WAN promises. However, I believe that this cost/complexity “hump” will be short lived, and that a more mainstream SD-WAN capability, driven from the cloud into mid-sized and smaller companies, will quickly occur once the large companies have embraced the SD-WAN.

This post is part of an ongoing series examining the issues facing enterprises seeking to implement a Software-Defined WAN (SD-WAN) solution, as addressed in the Open Networking User Group white paper, “ONUG Software-Defined WAN Use Case”.

About the author
Bernt Ostergaard