The Number One Concern for Enterprises Adopting SD-WAN
Article originally by ATI partner Ken Presti, Research VP, AVANT Research & Analytics
Like everything in this world of technology, effective security needs to be baked in to virtually every value proposition put on the table. This is important to today’s enterprise technology buyers who evaluate different offerings and build the internal consensus to either accept or decline and offered solution.
According to AVANT’s State of Disruption Report, 74 percent of surveyed technology decision makers fear that a successful cyberattack could cost them their jobs. Fewer than half believed that their companies were well prepared to handle an attack and mitigate the results.
SD-WAN solutions typically include their own security protections, such as stateful firewall capabilities, site-to-site encryption, application policy control, segmentation for VLANs and split tunneling, and authentication between edge devices and the controller. How SD-WAN companies deliver security solutions varies widely, with some becoming security technology providers with their own technology and development as a core part of their SD-WAN value proposition, while others are partnering with market leaders to embed security solutions within their product. Most will interoperate effectively with third-party security tools and services, although some may interoperate better than others. Therefore, your current set up of firewalls and other security gear may not need to be displaced with the advent of SD-WAN, but it does make sense to review the technical notes of the specific SD-WAN company for their preferred recommendations.
The addition of new technologies and infrastructure almost always expands the attack surface. Thus, technology buyers as well as technology sellers need to be keenly aware of their level of exposure. This is especially true of companies leveraging local Internet breakout, rather than backhauling through a data center. As the data travels across the Internet, protections for layer 4 through layer 7 of the OSI stack will likely be necessary. Security technologies of particular focus should include next-generation firewall with intrusion prevention, web filtering, and DNS security. These, however, can become quite costly when being applied to a large number of remote facilities. Looking at the other side of the coin, it’s also true that a successful breach at a remote office can often be used as an effective bridgehead to gain access to central corporate resources.
“Security continues to be the number one concern that IT decision makers have when considering migration to SD-WAN,” said Ray Watson, Vice President of Innovation at Masergy. “This ultimately favors solutions which tightly integrate and support unified threat management as well as managed detection and response.”
According to AVANT’s Assessment Data, 54 percent of customers entering the SD-WAN decision discussion are uncertain of how to approach security, while 22 percent are planning to install a next-generation firewall at each site. Another 14 percent are planning to use a cloud-based firewall service. Those who are uncertain would be well advised to work closely with her Trusted Advisor to ascertain the best solution for their needs.
It’s also a good idea to more fully assess what types of data your company needs to store, and the duration of that storage. While some people believe that virtually all data is worth keeping, it’s also true that limiting stored data can vastly reduce your attack surface and, ultimately reduce security costs while increasing peace of mind. So many companies are taking a fresh look at what data deserves to be kept and what data should be discarded.
For more information on SD-WAN, download AVANT’s free 6-12 Report at https://goavant.net/sdwan-report.