Securing SD-WAN in a cloud-first world

In an increasingly connected world, the network is the foundation. Everything depends on the quality of the network. As businesses become more geographically diverse, the challenge of ensuring robust network connectivity and accessibility increase exponentially. To address network related challenges and improve the quality of services, many enterprises are adopting SD-WANs at a quick pace. More than 58% of respondents to NTT’s ‘2020 Global Managed Services Report’ indicated that they were either considering or undergoing SD-WAN transformation, an increase of 84.7% on a year-on-year basis.

From ensuring optimum usage of bandwidth to allowing enterprises to choose any type of connectivity medium, SD-WANs help enterprises ensure service and quality assurance. However, with the rapid emergence of edge based locations and more corporate applications being accessed from remote locations, there is a need for enhancing the security of SD-WANs. This is primarily because SD-WANs have never been built keeping security in mind. The primary focus of SD-WANs has always been to connect branch offices to a central network using a virtualized network architecture. However, as the network traffic is routed directly through an SD-WAN fabric, it does not include any security or access controls that are required today in a cloud environment. To address this issue, companies often use multiple security products. As these products come with their own management protocols and software, it can not only lead to huge administrative issues, but also increase security risks. It can also lead to cost escalations as each product must be configured and managed by a skilled professional.

Fortunately, today, enterprises have a solution in SASE (Secure Access Service Edge), a term coined by Gartner. SASE combines the abilities of a WAN and complements it with security functions such as CASB (Cloud Access Security Broker), Secure Web Gateway (SWG), Zero Trust Network (ZTNA) and FWaaS (Firewall as a Service). Not surprisingly, Gartner expects that by the year 2024, 40% of enterprises will have explicit strategies to adopt SASE.

The advantages of SASE

Companies often turn to multiple point products to secure web gateways, support application firewalls, secure virtual private network remote access, and more. Since these products all come with their own policy management protocols, interfaces and sets of logs, this can create unwieldy administrative issues, increase costs and complexity, and lead to gaps in a company’s security posture.

Comparatively, a SASE solution helps in presenting a centralized solution for enterprises that are used to siloed point tools. As this is a single cloud-based service, SASE reduces complexity in a big way. The cloud-native architecture of SASE allows it to service any edge endpoint, including mobile workforces. From a management point of view, this leads to easier management as SASE does away with the need for monitoring multiple devices and their interfaces. SASE also allows enterprises to tap into the collective power of the cloud, which is necessary today for ensuring proactive security.

Other key benefits include:

• Enterprises can centrally set policies using cloud-based platforms, and the policies can be enforced at the respective edge locations or points of presence closer to the user’s location
• Reduced costs due to lower management costs
• Enhanced security due to support for Zero-trust networking
• Easier rollout and enforcement of security policies which ensures that policies are enforced irrespective of the location of the user
• As SASE leverages the Internet, it provides a secure and scalable way for enterprises to provide access to remote users
• Centralized management and use of cloud helps enterprises deploy SASE quickly on a global scale
• With SASE, malicious traffic can be detected quickly and acted upon, before it can propagate in the enterprise

SASE represents the future of networking, as it effectively combines the best features of SD-WAN with advanced security functions.

By Narendra K Data, Network Service Specialist, NTT Ltd. in India