Networks Europe Jul-Aug 2019 - Page 42

42 SD-WAN access network. With firewalls built-in at the edge of the network at each site, there’s not necessarily a need to proliferate hardware, which provides operational efficiency. It’s important to note that depending on how a business is structured and where the users are located, there may be further security protocols within an SD-WAN infrastructure that need to be considered, beyond the base level security. There are several ways to enhance SD-WAN security further, but vendors must educate customers to the options that are relevant to their business set-up to ensure a considered approach to security. Advancements are already becoming a reality with security mechanisms such as advanced cryptographic cyphers. With this technology, in order to hack into each SD-WAN appliance, the hacker would need to get past a node key that applies only to that site Local breakout One example of how additional security layers can be applied to improve the security of SD-WAN is local breakout. If an organisation has a head office in the UK and another in France, SD-WAN can be used to establish the connection between sites to connect privately and exchange internal corporate traffic. Should the French office want to connect to localised sites, such as search engines etc. there could be a delay, considering the traffic has to be routed back through the UK. Therefore, the SD-WAN must be augmented to incorporate local breakout and firewall technology; either within the SD-WAN appliance, or an extra layer of security must be added. Depending on how the network is designed, it’s essential to implement strong security at the Edge. Furthermore, with an increasingly mobile workforce, the software must be able to scale not just to local sites, but also mobile assets, devices and people. The SD-WAN setup can affect how you apply security to users and the sites, which is something that must be factored into the initial design. SD-WAN technology is second to none when it comes to replacing legacy models such as MPLS in terms of operational efficiencies and being cost-effective. But there is an additional responsibility to ensure the security is pervasive, particularly when it comes to mobile users or local breakout. The standard SD-WAN security is a strong base level but depending on the organisational setup – such as if there is a need for local breakout – further security protocols may be required. www.networkseuropemagazine.com