Story image

The security challenges of SD-WAN - and how to defend against them

19 Apr 2018

The primary job of the WAN is connecting distributed users to the applications they need to their jobs.

However, applications have changed significantly over the past handful of years and this is why Silver Peak says in its recent report that software-defined wide area networks (SD-WAN) are a much better fit than traditional router-centric WANs - particularly for businesses pursuing a cloud-first strategy for application delivery.

An example of this is the fact that the majority of applications are no longer hosted in a regional/centralised corporate data centre, with the percentage dwindling as modern organisations continue to embrace the cloud in general and SaaS applications in particular.

Higher quality demands from modern applications, the Internet of Things (IoT) and big data apps which are stretching the boundaries in terms of the growing volume of data today’s WAN must be able to handle.

Silver Peak says the impact of these changes to the application landscape is that the enterprise WAN needs to change too. For example, traditional, private line connectivity options (such as multi-protocol label switching, or MPLS) and routing practices – backhauling, in particular – are clearly a poor match for cloud-apps, burgeoning amounts of internet traffic, and peer-to-peer interactions.

Some of the key shortcomings include the high cost of such network services and architectures, the negative impact they have on performance as well as the fact they are too rigid.

SD-WAN in comparison enables enterprises to leverage multiple types of network connectivity - including broadband internet services - when connecting users to applications. However, this brings in another problem and that is the number of security challenges and issues that are introduced by or associated with SD-WAN.

The use of broadband internet as a low-cost connectivity options is core to the SD-WAN value proposition, however, Silver Peak says the fact that broadband is ‘public’ and not ‘private’ means there is a need to ensure the confidentiality and integrity of application traversing such connections.

And of course, inline deployment of SD-WAN devices places them ‘in the line of fire’ so to speak – at least compared to the scenario where a traditional WAN optimiser is implemented in an out-of-path configuration.

Silver Peak uses the example of internet breakout, essential for enhancing performance and reducing the bandwidth (i.e. dollars) needed for backhauling - but also able to expose branch users and their local networks directly to the internet and its myriad threats.

This brings about the need to limit outbound destinations, block unwanted/unsolicited inbound traffic and filter allowed/expected traffic for threats. However, not all web applications are created equal, and some web traffic can expose the enterprise to viruses, trojans, DDoS attacks and other vulnerabilities.

“To implement such a policy, web traffic must be steered granularly to its correct destination. This requires identifying the application on the first packet because once an application session has been established, it cannot be redirected to an alternate destination without breaking the flow resulting in application disruption,” Silver Peak states.

“And because IP address ranges utilised by SaaS applications change almost continuously, address table updates must be automated and implemented on a daily basis.”

There are a number of other areas areas where security is applicable to the success of an SD-WAN implementation including:

  • Enabling applications with different security requirements to share the same physical connectivity
  • Enabling faster deployment and more efficient management – for example, with secure, automated provisioning of SD-WAN devices, automated security policy enforcement, and a secure management plane
  • Enabling consistent enforcement of an application’s specific security policies regardless of where that application is located, or accessed from

So how can a business benefit from implementing SD-WAN without exposing themselves to the risks? Silver Peak EdgeConnect is the answer.

The industry’s most complete SD-WAN solution, EdgeConnect provides enterprises with the flexibility to use any combination of transport technologies to connect users to applications – including public broadband services – without compromising application performance or security.

Click here to read the full report on the benefits of SD-WAN, potential security challenges and how to fortify against them with EdgeConnect.

Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
Opinion: Meeting the edge computing challenge
Scale Computing's Alan Conboy discusses the importance of edge computing and the imminent challenges that lie ahead.
Alibaba Cloud discusses past and unveils ‘strategic upgrade’
Alibaba Group's Jeff Zhang spoke about the company’s aim to develop into a more technologically inclusive platform.
Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
AMD delivers data center grunt for Google's new game streaming platform
'By combining our gaming DNA and data center technology leadership with a long-standing commitment to open platforms, AMD provides unique technologies and expertise to enable world-class cloud gaming experiences."
Inspur announces AI edge computing server with NVIDIA GPUs
“The dynamic nature and rapid expansion of AI workloads require an adaptive and optimised set of hardware, software and services for developers to utilise as they build their own solutions."