So you want to modernize your organization to capitalize on all the leading-edge advantages of the digital era, big data, cloud efficiencies, AI, leading business apps, and partner and customer relationship opportunities? Achieving this business IT transformation requires a strong dose of change management including a willingness to transition on-premises servers to the cloud and switching from Web browser-only services to mobile-friendly apps and sites that facilitate new and more distributed connections. However, these promising modern system architectures won’t pay off without high-performance, highly scalable yet affordable networks to support them. Hence, a move to modernize networks and utilize the cloud is under way.
Why is the cloud so important in network modernization and wide area network (WAN) optimization? The biggest advantage is it enables organizations to leverage what’s already out there (namely, flexible networks, high-value application infrastructures, multitenant shared services, and outsourcing opportunities) so you don’t have to build or invest in the WAN infrastructure yourself.
But the underlying technologies in today’s network infrastructure consist of a hodgepodge of components such as traditional IP routers, multiprotocol label switching (MPLS), and software-defined networking, all of which offer differing ways of transporting data, creating a massive amount of complexity for organizations and managed service providers alike.
MPLS is a network technique that directs data from one node to the next based on the quickest path instead of relying on referencing IP routing tables. But when it comes to security and traffic orchestration in the cloud, MPLS is not fast, flexible or straightforward, requiring branch office-to-Internet service requests to pass through a core network before being delivered. This creates additional traffic over expensive MPLS lines, a utilization that doesn’t take advantage of the whole agile and ubiquitous nature of today’s cloud-centric business model.
A different networking approach drawing attention is software defined wide-area network (SD-WAN). SD-WAN is a transport-agnostic overlay that can route any type of traffic (LTE, 3G and broadband, as well as traffic over private MPLS circuits). The SD-WAN approach provides a network management and control layer to orchestrate ‘backhaul offload’ and WAN optimization. It should figure in enterprise considerations when trying to achieve faster deployment timetables for branch enablement and realizing cloud benefits such as availability and cost. But, as SD-WAN starts to complement today’s private MPLS networks and traditional IP routing, organizations should also consider a number of security questions.
Don’t Forget to Modernize Security as You Modernize Your Network Strategy
Just as there are compelling reasons to modernize your system architecture, business computing methods and networks, there are also compelling reasons for modernizing network security.
As you shift from backhauling all or most of your traffic through the core network in favor of more direct branch to cloud pathways, you are potentially losing some elements of centralized network and security policy.
SD-WAN – as a central enterprise WAN-traffic controller from which to easily apply policies across all devices – is not a security technology, per se. It allows you to avoid the cost of backhauling traffic through the core network, but with that comes the challenge of implementing enterprise-grade security policy across a distributed network.
So what do you do? Do you trade off some security at the branches by plugging in an SD-WAN device that offers only basic protection? Or do you pay for truck rolls (i.e., technicians to install and configure edge devices at every office) and then bear with lengthy deployment cycles? Do you team up with a managed security provider?
This is where the notion of security as a service (SECaaS) and network service insertion from the cloud can come in handy. With a single network and security cloud, you or your managed service provider can simply throw the switch to deploy smart centralized network policy and security at the branch level, extended VPNs, and mobile outliers. This cloud-based security approach, while reducing vulnerabilities at the branches and among mobile/remote users, can also reduce deployment times by up to 91 percent.
Five Key Security Considerations for SD-WAN and Hybrid Cloud Networks
A new white paper from OPAQ discusses five security imperatives companies should keep in mind as they modernize their network infrastructure. A few of these important considerations are to:
- Modernize security as you modernize your network. SD-WAN is a modern transport system, but isn’t necessarily an advanced security system. Protect your digital assets and your information with security solutions such as next-generation firewalls and leading-edge endpoint protection.
- Secure your branches as you enable them. As you fortify distributed users with direct access to Internet information and apps, the implementation of advanced security doesn’t have to create long delays and siphon from productivity.
- Ensure that backhaul offload doesn’t open Pandora’s Box. Mitigate the risks of infection, costly viral lateralization attacks, and the compromising of sensitive data by passing any direct branch office-to-cloud traffic through an agile and virtual firewall and fully encrypted network. Easily segment your network to limit the spread of a cyberattack.
As you modernize your networks, make sure you protect your data, users and business reputation with a fully integrated solution that incorporates an encrypted software-defined network, next-generation firewall and endpoint protection capabilities that can be applied in a matter of minutes, long before that next truck roll.