image of a padlock connected to network notes

The Shift To An SD-WAN Can Improve Network Security

In the latest ZK Research / Tech Target Network Purchase Intention Study, improving network security came out as the top choice to the question of what the respondents’ networking priorities would be over the next 12 months. This shouldn’t be a big surprise, as it seems like there is a highly-publicized breach in the news almost every month now. Many of the IT professionals I’ve talked to have told me that every time there is media attention on one of these attacks, the business leaders at their organizations get involved and want to be sure the same thing doesn’t happen at their business.

The problem for most security leaders today is that network security is a losing battle. Traditional security devices operate on a signature basis and assume that the number of ingress/egress points are limited to the points in the network where one of these tools is placed. But that’s not the case at all any more. Today, partner connections, consumer devices and direct Internet access from a branch have significantly changed the number of attack points in a network and made it hard to defend.

Solving this problem requires a new approach to security, as IT professionals are working with archaic tools. Think of it this way: if you’re running a business on next-generation IT infrastructure, why are you trying to secure it with security tools built for legacy IT? Not evolving the security strategy doesn’t make sense and puts the business at risk.

Most of the marketing around SD-WANs has been about lowering costs and improving user experience and justifiably so as it does a great job of that. However, there’s a third leg to the SD-WAN value stool, and that’s improved security posture. SD-WANs can improve network security in the following ways:

  • Encrypt WAN traffic. Everyone should assume that there’s no such thing as a perimeter, and treat every connection as an untrusted connection. Encrypting traffic can protect data as it moves from one location to another.
  • Segment the network. One of the fallacies of security that businesses need to give up on is the notion that the WAN can be fully secured. Breaches are going to occur so they key is to keep the blast radius as small as possible. Segmenting the WAN can limit the impact of a breach or an attack to a small, manageable area.
  • Secure the branch of direct Internet access. Split tunnels used to be like Moby Dick. Often talked about but never seen. However, the growth in cloud traffic has made direct Internet access from the branch a reality and an SD-WAN can be used to provide the connectivity but also secure the connection.
  • Find attacks faster. It’s often said that you can’t secure what you can’t see and historically businesses didn’t have much visibility into what traffic is traversing that WAN. This changes with SD-WANs as most of the vendors offer a tremendous amount of visibility into the amount and types of traffic traversing the network. Once a benchmark is set, any kind of anomaly can be an indicator of a security issue. It might not be, but it’s a great place to start looking.

There’s currently a tremendous amount of interest in the topic of SD-WAN and I think we’ll see very strong adoption over the next few years. For those of you reading this that are looking to evolve to one, use security as an additional point of justification.

About the author
Zeus Kerravala
Zeus Kerravala
Zeus Kerravala is the founder and principal analyst with ZK Research. He provides a mix of tactical advice to help his clients in the current business climate and with long term strategic advice. Kerravala provides research and advice to the following constituents: End user IT and network managers, vendors of IT hardware, software and services and the financial community looking to invest in the companies that he covers.