42
SD-WAN
access network. With firewalls built-in at the edge of the
network at each site, there’s not necessarily a need to
proliferate hardware, which provides operational efficiency.
It’s important to note that depending on how a business
is structured and where the users are located, there may be
further security protocols within an SD-WAN infrastructure
that need to be considered, beyond the base level security.
There are several ways to enhance SD-WAN security further,
but vendors must educate customers to the options that
are relevant to their business set-up to ensure a considered
approach to security.
Advancements are already becoming a reality
with security mechanisms such as advanced
cryptographic cyphers. With this technology, in
order to hack into each SD-WAN appliance, the
hacker would need to get past a node key that
applies only to that site
Local breakout
One example of how additional security layers can be
applied to improve the security of SD-WAN is local breakout.
If an organisation has a head office in the UK and another
in France, SD-WAN can be used to establish the connection
between sites to connect privately and exchange internal
corporate traffic. Should the French office want to connect
to localised sites, such as search engines etc. there could
be a delay, considering the traffic has to be routed back
through the UK. Therefore, the SD-WAN must be augmented
to incorporate local breakout and firewall technology; either
within the SD-WAN appliance, or an extra layer of security
must be added.
Depending on how the network is designed, it’s essential
to implement strong security at the Edge. Furthermore, with
an increasingly mobile workforce, the software must be able
to scale not just to local sites, but also mobile assets, devices
and people. The SD-WAN setup can affect how you apply
security to users and the sites, which is something that must
be factored into the initial design.
SD-WAN technology is second to none when it comes
to replacing legacy models such as MPLS in terms of
operational efficiencies and being cost-effective. But there
is an additional responsibility to ensure the security is
pervasive, particularly when it comes to mobile users or local
breakout. The standard SD-WAN security is a strong base
level but depending on the organisational setup – such as if
there is a need for local breakout – further security protocols
may be required.
www.networkseuropemagazine.com