santiago silver - Fotolia
Software-defined WAN is one of those technologies that, despite it being relatively complicated, is more secure...
when compared with legacy MPLS or site-to-site VPN tunnels. Because of SD-WAN's end-to-end visibility, centralized configuration and encryption requirements, vendors tout security as one of its primary benefits.
That said, it's important to consider a couple of SD-WAN security concerns when evaluating your options.
- Decide whether you want to use an SD-WAN service provider. The first SD-WAN security concern to address is whether you want to design, deploy and manage the SD-WAN yourself or let one of the many SD-WAN service providers do it for you. If you opt to go with a managed service provider, you place the responsibility for your WAN infrastructure in the hands of a third party. On the other hand, if you don't have the right in-house SD-WAN expertise, you may introduce holes in your WAN that can be exploited.
- Integrating security tools at the WAN edge. To address some customer SD-WAN security concerns, different SD-WAN technology vendors offer varying degrees of added security beyond simple encryption. This includes Layer 7 firewalls, intrusion prevention and unified threat management. Integrating these security tools at the WAN edge ensures data flowing between the corporate network and branch locations isn't compromised.
- Evaluate the need for added SD-WAN security features. Keep in mind that most enterprise LANs already have these standard security tools in place. It's up to the SD-WAN architect to determine if add-on SD-WAN security features offered by some platforms are worth the extra investment to license, configure and support.
Dig Deeper on Software-defined WAN (SD-WAN)
Related Q&A from Andrew Froehlich
An IAM system introduces risks to the enterprise, but the consensus is the benefits of IAM outweigh the drawbacks. What are some of the issues that ... Continue Reading
The network edge is where an enterprise network connects to third-party network services. Edge computing is a distributed architecture that processes... Continue Reading
PAP uses a two-way handshake to authenticate client sessions, while CHAP uses a three-way handshake. Both authentication processes are common, but ... Continue Reading