Going deeper on SD-WAN and Security

July 3, 2019

null alt

Article content

The current environment

SD-WAN is growing in popularity due to its ability to reduce business costs, increase business performance and provide agility. It is fundamental to rapid cloud adoption and the nature of development in today's fast paced environment. 

This shift towards embracing SD-WAN is evident by a recent Ovum1 report which found that over the next 24 months the most prevalent network services for MNCs will be secure cloud interconnect VPN access to public cloud services (31%) followed by Hybrid Cloud (25%). 

At the same time, security challenges are becoming increasingly elaborate, making them harder to detect with 66% of Australian businesses surveyed in the Telstra Security Report 2018 estimating that the number of breaches that had gone undetected was up to 5%. 

The increased shift towards an 'SD-WAN' world, whilst bringing a bevy of advantages has also presented a number of challenges, particularly for the business' Network and Security teams.

Why SD-WAN could mean a higher security risk

Unlike traditional WANs, SD-WAN alsoleverages internet and in some cases, cellular networks, which can expose your business to a broader attack surface (the number of locations a potential attacker can attempt to gain entry to your network). 

You should therefore be considering which security appliances and solutions you'll also need when deploying SD-WAN, to reduce the risk of exposure to a security breach. 

The diagram below depicts how networks have been traditionally built and how they are being built now with SDWAN capability.

diagram displaying the difference between traditional networks and SD WAN

The previous model

In the past, networks have been built using private network connections to each of the branches and then centralising security control within the data centre in order to provide easier public/private access management.

This traditional deployment method works well when your employees are accessing data inside your Data Centre, but creates a massive overhead as traffic trombones through your Data Centre to access internet traffic (for example SaaS).

This model, although able to be secured using traditional security models, is now considered to be of lower performance.

The new model means you need to rethink security

In a traditional network design you only have one or potentially two public internet connections touching the network, so your potential attack surface is relatively confined. 

Conversely, with SD-WAN, more and more public connections are being deployed across the network.

These are either a Hybrid WAN configuration or internet only configuration (which enables users to get a better experience when consuming applications and services from Public Cloud, SaaS, IaaS and PasS providers.)

This means a larger potential attack surface and far more exposure to security breaches.

null alt

What is the solution? 

With an increased number of touch points through both your network and intranet, and the dynamic nature of deployments, you need a new approach to securing your network. 

Cloud based Internet protection solutions can secure not only your emails but also your web traffic. Telstra's Internet Protection utilises intelligent proxy, DNS defence and mail protection to combine advanced malware protection, application visibility and control, acceptable use controls and secure mobility; thus providing you with multilayer security. 

Solutions like this also utilise global infrastructure to prevent users from accessing malicious or inappropriate web sites or content across all your locations. 

Cloud based Internet Protection vs Physical Gateways 

Cloud based Internet Protection gateways such as this provide advantages over traditional physical gateways by removing the need for CAPEX investment. 

They also reduce network congestion and bandwidth costs from unwanted traffic, as you don't need to centralise traffic in order to apply security controls. 

SD-WAN - a whole new game 

SD-WAN really changes the game in terms of network efficiency and agility. However, it also means you'll need to up your security game as well. 

Telstra and Cisco can help you maximise your security coverage to coincide with enabling SD-WAN in your business, so please don't hesitate to get in touch with one of our consultants here and to find out more about SD-WAN and speak to them about our 30 day trial of Telstra Internet Protection (Web).

References

  1. 1Ovum 'SD-WAN:AcceleratingAgile Operations in Asia-Pacific', 2018 Report