05 August 2020

By Patrick Hubbard, head geek, SolarWinds

Organisations are continuously exploring new technologies capable of transforming traditional, legacy IT environments. Now they’re experiencing operational benefits of extending software actuation beyond virtualisation. And automation, security, and agility can all be improved with a software-defined wide area network (SD-WAN).

SD-WAN is a subset of the software-defined approach applied to a traditional WAN. Where WAN connections are manually configured and reconfigured between many WAN links, SD-WAN’s aim is to simplify provisioning and extend operations over the public internet. Branch office access and cloud express routes are moving to SD-WAN management. It isn’t a new technology, it’s well-defined with more standards and deployments than other SDN technologies.

SD-WAN has exploded recently. Gartner forecast over 40% of enterprises would adopt SD-WAN by the end of 2019, and IDC predicted the market will reach $4.5 billion this coming year. That’s a huge win for admins and SDx technology in general. This uptake has been driven by the promise of benefits: tighter security, centralised management and control, and substantial cost savings compared to legacy WAN networks like Multiprotocol Label Switching (MPLS) networks. Though some were sceptical of the boldest SD-WAN claims, there’s growing acknowledgement of its value as it unlocks a new era of flexibility.

Security as a first-class citizen

Enterprises have been attracted “plug-and-play” solutions, seamlessly implemented to run over existing infrastructure. But one of its greatest benefits is to identify holes. This area must remain a priority. Though some SD-WAN offerings include security services, they can vary. This has left some IT pros uncertain of how to best use them in changing IT environments, which are regularly targeted with new threats. So, what do IT pros need to know?

1) Understand the built-in security and the needs of your organisation

SD-WAN solutions aren’t one-size-fits-all. When optimising network and application security, it’s vital it’s personalised to meet the needs of an organisation’s risk profile. Understanding what is and isn’t included is paramount to reaching the organisation’s goal. If IT pros don’t have a clear understanding of the security components composing a newly implemented SD-WAN, they put themselves and their organisations at risk. Almost all SD-WAN solutions include a simple stateful firewall, but limitations vary by vendor. Advanced solutions can assess the legitimacy of network packets from different types of connections, while others are focused on change management and integration. Many large enterprises find it less risky to implement a next-generation firewall for deep packet inspection, intrusion prevention, web filtering, and malware protection.

Because SD-WAN enables a greater level of connectivity between branch offices, it gives admins more time to manage the ever-growing quantity of data being transmitted away from the corporate firewall. Of course, more data from more WAN interfaces also increases attack area and the risk of data interception. SD-WAN’s automated nature and its rethought management tools may increase security by reducing human error and ensuring the uniform application of policy. It also creates an opportunity for upskilling.

2) Pros need to consider a cultural security shift and a technical one

To tighten security, a trusted solution is a good place to start. Nevertheless, organisations must adopt a security posture to align with the entire business. A zero-trust approach is typical because it does what it says on the tin. This process encourages organisations to verify and assess access attempts for a given network. Understanding the context of users, locations, and applications is critical. Culturally, organisations should remember SD-WAN doesn’t remove the need for WAN security and resilience. Because the rollout of SD-WAN doesn’t eliminate the need for MPLS networks—in fact, MPLS is expected to be used for years. Organisations must maintain the privacy of their network infrastructures.

3) A complete stack visibility is needed to manage performance

The ability to monitor and manage performance across the stack is crucial. Performance and event monitoring of SD-WAN-managed networks can identify unusual behaviours, reveal compromised accounts, and identify threats. The aim of monitoring is to keep traffic flowing and deliver Quality of Service (QoS). With SD-WAN’s enhanced availability for application-specific network configurations, the Quality of Experience (QoE) has increased. However, this requires IT pros to gain new skill sets to maintain a rounded view of the expanded network stack. Rapid alerting of potential security threats positions administrators to provide greater performance capable of assuring SD-WAN rollout is successful.

Knowing your business

SD-WAN seems to be winning over network administrators. Previously sceptical teams find it keeps transformation promises better than other hyped technologies. But while automation is a big selling point, automation won’t solve every issue. When rolling out technologies like SD-WAN, it’s vital for IT pros to have a clear view of the organisation’s objectives and how this helps accomplish them. Coupling a new technology with cultural change is crucial. Thankfully, SD-WAN’s narrower SDN scope is a foray into the software’s promise of building better security into routine network tasks. Off-loading toil has always been the goal of automation but improving WAN security might be its biggest benefit.

By Patrick Hubbard, head geek, SolarWinds