Can SD WAN Improve Company IT Security?
(Photo : pixabay)

It's virtually impossible to go for more than 24 hours without reading a story about another major company having an IT security issue. In theory, new networking technologies should be created with security at the forefront of their design - but is this always the case?

Here, we'll take a look at SD WAN; what it is, how it works, and whether or not it's a company network addition that's going to help or hinder your company's digital security efforts.

What is SD WAN?

A Software-defined Wide Area Network (SD WAN) is a type of virtual WAN architecture that lets businesses control their network devices in a way that allows for data transmission across a range of connections.

Those connection typically include MPLS systems, cellular connections, and broadband internet circuits. SD WAN securely connections users to the applications they're trying to access.

The real magic of SD WAN occurs centrally though. In effect, SD WAN is a network overlay that allows centralized control of all network devices. With this in mind, there's huge scope for freeing up IT team resources - especially if it means your engineers don't have to hit the road every time there's a device issue.

What are the security implications of SD WAN?

While there are obviously some benefits attached to the flexibility that would come from routing your data through a variety of connections as opposed to a structured, MPLS VPN, it's questionable whether the performance improvements would warrant any security headaches.

The truth is, security is only likely to be a risk if an SD WAN system is deployed ineffectively. There are no industry standards for a software-defined wide area network - so there's no standardized best practice that you would expect to deliver a flawless security solution.

The early-adopters of SD WAN were primarily concerned with transportation methods and speed. In fact, the real desire was initially to move away from MPLS and lean towards a combination of MPLS and broadband for greater flexibility. Now SD WAN has moved into the mainstream, there's a greater focus on security - especially with businesses who operate branches of their business serviced by cloud-based applications.

Perhaps one of the major concerns for SD WAN systems is that the security systems that have previously been absolutely adequate for WANs are no longer suitable to keep an SD WAN safe. This is especially the case for security solutions that don't look beyond the first connection.

Market analysis shows that of the providers who are offer SD WAN solutions, less than 10% are offering an integrated security strategy. With this in mind, it's almost certainly going to be prudent to opt for using a managed provider with a detailed knowledge of SD WAN design and security.

Working with a trustworthy network service provider

Assuming you decide to use an experienced managed service provider to design and implement your SD WAN, security is almost certainly going to boil down to the quality of their service and their expertise.

With this in mind, it's useful to make sure you're working with the right provider.

"Who have you worked with to roll out SD WAN previously?"

Perhaps the most pertinent question you should be asking relates to SD WANs that the company have designed and created before working with you. Sure, the technology is going to be similar regardless of industry type and company size - but the size of your business is likely to mean you're using your network slightly differently to say a multi-national corporation.

It's worth talking to your provider about case studies and previous customer's requirements. If they're somewhat aligned with your own, then there's a good chance that the provider's going to be on the right page for you. Then again, if they're a million miles away, then you might want to keeping looking until you've found a security-centric service provider who is a better fit with your company.

"Do you provide an integrated security solution?"

It's important to do your research before talking to a company about the kind of security they will provide when they create your SD WAN. Quite simply, basic VPN connections and the type of WAN security you would normally expect to utilize won't address the inherent security issues that comes with SD WAN and most small businesses are being exposed to daily.

Instead, they tend to rely on other providers - for example, firewalls, web filtering, intrusion prevention, and sandboxing products.

This approach is far from ideal. Ultimately, deploying the right kind of security between your central IT resources and your branch offices could be the difference between life and death for your company. As such, it's not a subject that should be taken lightly.

A managed provider who can provide a light, simple, single platform SD WAN with a built-in security solution should go to the top of your list of preferred suppliers.

"Can you grow with us?"

It might not seem like a security focused question - but many businesses have been caught out by managed service providers who support with an networking solution, only to then fail to grow at a pace that allows them to keep up with the business.

When security needs to be at the heart of your SD WAN, this could leave you exposed - effectively growing to a point where your managed service provider cannot provide the resources you need to stay safe.

It's worth being careful in this regard. Talk to your service provider about where you see your business going and ask them if they're going to be able to keep up. It might sound bold if you're a smaller business at the moment, but every billion dollar company starts somewhere - and there's no reason to believe the performance benefits that come with SD WAN couldn't be the springboard that's going to take you towards that goal.

Ultimately, SD WAN can provide a secure, performance orientated approach to networking - but you have to be absolutely certain that your installation has been approached with a 'security first' attitude.

ⓒ 2021 All rights reserved. Do not reproduce without permission.