Security must be natively embedded in the SD-WAN solution itself to reduce the device footprint needed to protect the branch office.
The enterprise branch is undergoing intense digital transformation and we are seeing application consumption models rapidly move to the cloud. As companies move toward direct internet access, the challenges associated with securing the SD-WAN (an acronym for software-defined networking in a wide area network) is underestimated by most security teams. Rajesh Maurya, regional vice-president, India & Saarc, Fortinet, shares his views on SD-WAN and the changing face of branch offices in today’s enterprise networks, in an interview with Sudhir Chowdhary. Excerpts:
How is software defined network changing the face of business and their networks?
Organisations are changing the way their branch offices transact business. Traditionally, the branch office was looked as the red-headed stepchild in the network. Branch offices today have increased transactions, workflows, applications, and data requests that need to be just as fast as those being processed at the network core. Even more challenging, the number and types of end-users and the increasing volume of voice and video traffic and business applications connected to the branch network have multiplied, including cloud-based networks (IaaS) and services (SaaS).
SD-WAN solutions provide branch users with flexible access to resources across the distributed network and
allow end-users to use advanced applications, generate complex workflows, and utilise cloud-based services from a variety of devices, including their BYOD solutions.
Can you highlight the core SD-WAN benefits to a business along with its security implications?
One of the challenges with traditional WAN connections is that routers generally do not provide any visibility into today’s traffic and applications. SD-WAN enables deep application visibility and first packet classification so that the network can better support business-critical applications. Because poor application performance can seriously impact the business, SD-WAN automatically identifies traffic by type, user, source, and destination to steer critical applications down pathways with adequate bandwidth and minimal latency.
Combined with simplified connection failover, branch users experience better visibility, higher performance, and greater availability for business applications.
Are security teams underestimating the challenges in securing SD-WAN deployments?
Companies are experiencing a global shortage of trained and experienced cybersecurity professionals. The last thing that they need is to build, deploy, manage, and monitor yet another suite of security tools designed to protect their branch offices. Of the over 60 SD-WAN vendors in the market today, only a handful provide anything beyond the most basic security. Instead, they rely on companies to figure out how to leverage their existing security solutions into their SD-WAN tools.
Unfortunately, the majority of security devices and solutions deployed on the main campus of an organisation were never designed to support the unique and highly dynamic requirements of today’s branch offices. They can’t see far enough, can’t track data that moves between network domains, and can’t share and correlate threat intelligence to identify and stop today’s advanced attacks.
What solutions must a CIO include in his security architecture while securing his SD-WAN?
SD-WAN needs to have a sophisticated suite of security tools embedded directly into the solution, including NGFW, IPS, web filtering, antivirus/antimalware, encryption, sandbox, and high-speed inspection of encrypted data. Those security tools need to seamlessly integrate with the security tools deployed elsewhere in the distributed network, whether on the main campus, or remote and mobile devices, and across each of the different cloud solutions that have been adopted.
Security must be natively embedded in the SD-WAN solution itself to reduce the device footprint needed to protect the branch office. Finally, those security solutions deployed as part of the SD-WAN solution must seamlessly integrate with other security solutions deployed elsewhere.
In today’s threat landscape, how can SD-WAN support digital transformation without compromising on security?
Business-critical applications are the lifeblood of today’s digital enterprise. As a result, ensuring the consistent availability and performance of those applications – especially over traditionally unreliable public networks – is essential for ensuring the productivity and integrity of today’s branch offices. SD-WAN also supports centralised control, policy-based management, hybrid gateways that use a variety of connections and transport services, and things like service chaining that allow different network services to work together.