SD-WAN security: The 2 biggest mistakes you might be making
More and more organizations are turning to software-defined wide area networks (SD-WANs). There’s good reason for that.
Unlike traditional WAN technologies, SD-WAN allows you to mix and match broadband, direct internet access, and private (MPLS) circuits, and prioritize bandwidth and traffic, making it easier to determine how traffic flows over the WAN. SD-WAN can cut costs by removing unnecessary, and expensive, routing hardware and leveraging the cloud for connectivity, provisioning, and management services. These features provide more network flexibility and increased visibility into WAN performance.
In short, SD-WAN is good for business. But there’s a common misconception about SD-WAN that could come back to haunt you if you’re not careful: SD-WAN does not imply security.
Whether you’ve already adopted SD-WAN or you’re now considering it, be sure to take a close look at security.
The biggest mistake organizations make with SD-WAN security
When it comes it comes to SD-WAN, you must know your solution well. In particular, you should know which security features are inherent and which are missing.
After evaluating multiple options before purchasing, it’s easy to see why organizations might confuse the various features and think the solution they chose has a feature that was actually part of another offering.
Oftentimes, organizations wind up in one of two camps:
- Assuming complete security: These organizations incorrectly think that SD-WAN solutions are completely secure. Switching to SD-WAN solves all their branch security problems.
- Assuming SD-WAN isn’t secure at all: Others believe the exact opposite: SD-WAN doesn’t provide any security. They worry about using the open internet as a transport and about the metadata and statistical data stored in an SD-WAN solution’s cloud management platform.
This is arguably the biggest mistake most organizations make in SD-WAN security – failing to fully grasp what they have and what they don’t have and how to reconcile the two.
For example, many companies go from centralized internet egress in their primary data center, where their unified threat management (UTM) appliances reside, to a distributed internet egress model after adopting an SD-WAN solution.
Most SD-WAN solutions only offer a simple, stateful firewall, which does not offer the same protection as the next-gen UTM that controlled access in their centralized model. This then puts their users at those remote locations — and their network as a whole — at risk. One unsecure entry point is all a cyber-criminal needs for a breach.
The second biggest mistake: A ‘set it and forget it’ mentality
After SD-WAN deployment, WAN issues usually decrease and user experience tends to be up. But be careful not to get complacent.
New SD-WAN security features are released fairly rapidly, and you should evaluate the new tools you’re being given access to. That’s not to say that you should just turn them on the moment they’re released– like with any other security product or feature, you need to properly vet it to see if it can benefit your business.
Improving SD-WAN security
If you don’t fully understand a solution, you’re likely to cause more issues than you solve. It’s easy to put your organization at risk if you don’t have a firm grasp of which security features are part of a solution.
The best thing you can do is stay educated. Make sure you know what your SD-WAN is capable of and what it’s not. Keep up with feature releases and patches.
While there are many benefits to SD-WAN, it does not make security any easier. Security policies still need to be defined and enforced. User and application network traffic still needs to be understood.
In the end, the design and planning of an SD-WAN project are critical to its success.