SD-WAN Needs to Integrate Network and Security Functionality
he one common drawback to most SD-WAN solutions is that they address your WAN connectivity needs as if they exist in isolation. This isn't unique. One of the biggest challenges facing organizations undergoing rapid digital transformation is that each new network element tends to be designed and implemented in isolation. While this approach has several significant flaws, none is more serious than the impact it has on security.
One of the most critical functions required by security is expansive visibility across the entire distributed network. Deploying separate security solutions in different parts of the network isolates resources and makes it impossible to see, correlate, and respond to systemic threats.
While traditional hub-and-spoke WAN connection models certainly have their shortcomings, they do enable all traffic to be scanned and secured by the centrally deployed security. Once you replace static MPLS connections with flexible connectivity that leverages a public network and begin to support direct links to the internet and SaaS applications, you shift the burden of security to the SD-WAN device.
The Limits of Traditional SD-WAN Solutions
The problem is, most SD-WAN devices offer little more than extremely basic firewall functionality. Which means that your critical data is no longer being protected by your full stack of security services, such as IPS, web filtering, anti-virus and anti-malware, and sandboxing. If you want those services, you have to add them as an overlay. This can add significant overhead to your IT team due to the heavy lifting of designing and deploying a solution, additional maintenance, and the use of separate management consoles. And if not done properly, it can also isolate your WAN security from the rest of your security architecture, both at your core and out in your multi-cloud presence.
But that’s only part of the challenge.
Security Needs to Consistently Span the Entire Network
Managing an SD-WAN connection over a platform as unreliable as the public internet requires a significant amount of delicate connection management. Redundant systems need to be in place for immediate failover. Links with deteriorating reliability need to be hot-swapped out, even during live connections. And traffic management tools need to be constantly aware of application bandwidth requirements and prioritization of different connections to continually make micro-adjustments to support latency-sensitive applications like unified communications.
SD-WAN connections require end-to-end security that goes beyond simply encrypting data. Communications between a branch office and a cloud-based application require data inspection at both ends of the connection. To avoid gaps in policy implementation and enforcement, security solutions in the cloud need to be fully compatible with those running at the branch. Applications not only need to be identified and managed to optimize their performance, but security also needs to see and understand those applications so appropriate levels of security can be applied. In addition, a cloud-based security broker (CASB) solution should be positioned between the user and the cloud to secure access to cloud applications and resources and provide ubiquitous visibility and control. Finally, cloud security solutions need to also be positioned in the internet itself to provide real-time scalability for applications.
CommentairesAucun commentaire pour le moment
Suivre le flux RSS des commentaires
Ajouter un commentaire