This article was originally published on ONUG.net on April 17, 2019.
SD-WAN opens up many security options to explore.
For virtualized security, as more companies adopt SD-WAN technology to enhance the agility of their networking architecture, they must give strong consideration to how and where to apply security across the network. For example, retailers with a lot of store locations can benefit from virtualized SD-WAN and security. Companies that fit this model typically have key applications that run at a centralized data center. They use internet VPNs at the branches to connect back to the mothership to access these applications. In addition, they need local access to the public internet in order to offer services such as guest access to the internet.
As for built-in security options with SD-WAN offerings, there are about 50 or so SD-WAN vendors today, and pretty much all of them include at least some level of built-in security capabilities. A subset of these vendors offer a much more extensive set of security features. Every company that is considering deployment of an SD-WAN overlay network must consider how and where it will deploy security using this new technology. Thus, understanding built-in security options before selecting a vendor is an important step.
Virtualization increases agility
Virtualizing security makes it possible to move from a configuration-based security model to a templatized security model. The organization can build a template with all its ACLs and security policies and then push it to the entire network environment. Every time there is an update, it can be done on the central platform and simply be pushed out to the branches. This eliminates the mismatch between locations’ security policies as well as the complicated nature of physically logging into firewalls at every location to make changes.
When the SD-WAN and security are both software-defined, the underlying hardware can be an x86 white box. At that point, the hardware is an investment that can be reused to run anything. This provides the flexibility for the organization to change its SD-WAN, or its security, without having to pay for new hardware. Of course, in the scheme of things, the software licenses tend to be the more expensive part of the equation; not the hardware. Nevertheless, there’s a bit of a cost benefit from commoditizing the underlying hardware.
Virtualization increases agility for companies that need to turn up or turn down sites often. For example, think about engineering or construction companies that need to support an office or showroom at a project site. The office might only be needed for six months to a year. It must be connected to the WAN for that short time period, then disconnected when the project is done. The company can have a runbook where temporary locations get a plain server and the virtualized SD-WAN and security licenses are migrated onto that server for the short time needed. The site can be turned up quickly without having to pack and ship a physical firewall, which would have to be packed up and shipped out once again at the end of the project.
Virtualization provides significant benefits to companies that host a large percentage of their applications across different regions in the cloud.
SD-WAN built-in security
Then there are SD-WAN platforms that have more extensive security built into them, others that offer SD-WAN-as-a-Service by hosting the entire networking environment with fully integrated security in the cloud and providers that offer their own proprietary security solutions as part of the networking service (including includes firewall, next-gen firewall, secure web gateway, and even advanced threat hunting).
In summary, companies with a lot of branches can benefit from virtualizing their SD-WAN and security in one device and using templates to push security to each location. This model reduces hardware costs, simplifies security management, and increases flexibility for the entire organization. As security is a critical aspect of any SD-WAN implementation, features and capabilities are advancing, but a company looking to deploy SD-WAN must fully understand what is built-in to their chosen product and what is considered an add-on. Overall whether you want to virtualize or utilize built in security, there are options that can meet your needs today and tomorrow.
