Companies whose sites are located across the country or around the world often associate them with MPLS lines for years, if not decades. But especially due to the increasing use of cloud technologies, this architecture is now obsolete.
Users, data and applications are scattered today, employees work from anywhere and use a variety of devices. Prior to this development, the implementation of security controls was relatively straightforward. There was a defined perimeter around all the assets of a company to be protected. This allowed IT teams to centrally deploy a variety of security technologies. Remote sites were included in this security area by routing all traffic through MPLS to a large centralized firewall that was used to regulate traffic and enforce security policies.
Widely distributed infrastructures create a series of challenges
The edge of the network dissolves as applications and users go beyond it. This makes the implementation of security controls with existing tools more complex. In addition, applications that were previously hosted in the datacenter are somehow migrated to the cloud (either through SaaS or public cloud). These applications may lose performance when running on remote sites, mainly due to the latency caused by all of the MPLS circuits that drive traffic back to the main site.
Take, for example, Office 365, which used to be an Exchange server in the data center. Often, businesses experience a poor user experience or slow performance because they get traffic to the corporate headquarters via MPLS and then send it to the Internet. To solve this problem, remote sites need direct connection to the cloud storage. That’s exactly what SD-WAN offers. However, it is important to introduce new security controls for all remote sites as well. Such solutions are typically cost-effective to implement and easily scalable, and as applications move to the cloud, the security solution should also regulate traffic to and from the cloud applications.
Five core requirements for secure SD-WAN deployment:
1. Zero Touch Provisioning:
If a business has 50, 100, 1000 or more remote sites, it’s unrealistic to want to visit each of these sites individually for SD-WAN architecture deployment. With Zero-Touch provisioning and centralized management, it takes one on-site employee to get the solution up and running with the press of a button.
Compression and Deduplication are two ways to optimize traffic or improve bandwidth. Data packets can be identified by hash values. So already transferred content can be cached or compressed on the appliance, so that only the much smaller hash value has to be transmitted. Deduplication reduces the repetitive or parallel transmission of the same data across the WAN. Frequently requested information is cached locally or identical content is merged. Ultimately, the solution used determines which methods are used for WAN optimization.
3. Advanced Firewalling:
To be as secure at remote sites as it is at the main site, it requires a firewall that is designed for distributed environments and uses centralized policies and administration on a large scale. These include application and user controls, IDS / IPS, web filtering, and routing capabilities.
4. Enhanced threat protection:
Ensure that users, applications, and data are protected from all the threats the Internet has to offer. Many companies have implemented this with a centralized sandbox, but for a distributed architecture that minimizes backhauling, cloud-based advanced threat protection is the ideal solution.
5. Cloud Integration:
As one of the drivers for SD-WAN, migrating workloads to the cloud is about ensuring both high application performance and secure access to workloads. A VPN can do the job, but once it’s in the cloud, it creates new challenges: not just workload requirements, but internet security requirements, delivery methods, and smooth licensing. Important for this is a firewall / SD-WAN device, which is not only tightly integrated with cloud platforms, but also fulfills the use cases in the cloud.
While companies are exploring their SD-WAN rollout, there is a great deal to consider, but a well thought out approach can provide the right level of security for their distributed network and provide a solid migration path to the cloud. Integrating the above capabilities into the SD-WAN deployment can greatly simplify network architecture, increase security, optimize uptime, and reduce costs.