Unless you’ve been living under a rock for the past few years, chances are that if you work in IT, you’ve heard of software-defined wide-area network technology, or SD-WAN.
SD-WAN is the next generation in connectivity architecture. It’s designed to handle exponentially growing data volumes, at higher speeds and with better performance than traditional enterprise WAN like MPLS (which was great two decades ago, but now struggles to keep pace with modern business demands).
When implemented correctly, switching to SD-WAN brings powerful benefits including:
- Significantly faster speeds
- Reduced network costs of up to 60 percent
- Improved network flexibility
- Stronger data security
But did you know that getting the best results from SD-WAN may also mean rethinking your organisation’s security model? In this blog post, we’ll provide a brief overview of SD-WAN technology, and explain how it may impact your current security posture.
What is SD-WAN?
Here’s a quick primer for those readers who may be unfamiliar with SD-WAN. SD-WAN is a (relatively) new, secure and inexpensive way to design and implement enterprise WAN. It supports many paths and allows connectivity decisions to be made independent of carriers.
According to Gartner, every SD-WAN solution has four characteristics:
- It supports multiple connection types such as MPLS, broadband, DSL and LTE.
- It allows dynamic path selection for load sharing across connections.
- It supports zero-touch provisioning at any branch.
- It supports VPNs and third-party services, including firewalls and web gateways.
With this functionality, it’s no surprise that organisations have been quick to adopt the technology. IDC, for example, predicts the SD-WAN market to experience a 40.4 percent compound annual growth rate from 2017 to 2022.
Don’t ‘double trunk’ your traffic
The data shows that organisations are jumping at the opportunity to improve network performance with SD-WAN. The problem is that many have not taken the necessary steps to update their security architecture – and they’re missing out on the benefits of SD-WAN as a result.
So, why is security architecture so important?
This is where ‘double trunking’ comes in. Too many SD-WAN users have configured their branch traffic to ‘double trunk.’ That is, data comes to a data centre, goes out to the internet and returns to the data centre for a second time to centralise before going back to the branch.
There’s generally a good intention behind this. Organisations want their firewalls to inspect traffic before heading back out to the branch. Unfortunately, this configuration also prevents users from realising the benefits of SD-WAN (namely faster connectivity and higher performance) because traffic is making an unnecessary second trip.
How do you solve it?
Since one of the advantages of SD-WAN over other enterprise WAN technologies is speed, ‘double trunking’ is an issue well worth correcting. The good news? You don’t have to compromise security to fix it.
Resolving ‘double trunking’ problems requires a simple rethink of security architecture. To utilise SD-WAN technology correctly, users need to restructure their security to have either:
- An SD-WAN solution in a single secure device, or
- A firewall at the branch to do Internet breakouts, or
- A Web Security Service: utilising a cloud security service from the branch.
Either way, these approaches maximise both security and performance. The important thing is that your SD-WAN has in-built firewall technology, or otherwise uses a cloud security service from the branch within the SD-WAN solution.
For help configuring your SD-WAN so that your organisation can harness the benefits of this powerful technology, contact ICT Networks today. Our highly experienced consultants deliver cutting edge network solutions, management and support services that help businesses slash connectivity costs – without affecting performance.