Remember this scene\u00a0from the movie Shrek? The big ogre was explaining to Donkey that ogres are very complicated, and like onions, they have layers. Donkey, of course, didn\u2019t like the analogy because not everyone likes onions and would have preferred cake as everyone likes cake, but he did seem to understand that ogres did indeed have layers after it was explained to him.\u00a0\nOrges and onions have layers, but what else does? Or at least should?\u00a0\nSecurity for SD-WANs \u2014 but that may not seem obvious to everyone.\n\nThis week SD-WAN provider, Aryaka, which is now neck and neck with VeloCloud\/VMware in market share, according to IHS Markit, announced Passport, a multi-layered security platform and ecosystem that provides best-of-breed security at every level of a software-defined WAN (SD-WAN).\nMost SD-WAN vendors encrypt the traffic between two points, and that is certainly important, but data in flight isn\u2019t the only way an SD-WAN can be breached, and Aryaka\u2019s Passport offers end-to-end protection using a number of best-of-breed security partners.\nEncryption is table stakes\nLike most of the SD-WAN solutions, Aryaka does IPsec encrypt its network. However, it operates a private, layer 2 network where each customer\u2019s traffic is kept isolated from others, which is markedly more secure than using the Internet as transport. Also, it applies Radware\u2019s Hybrid Cloud Attack Mitigation for in-network DDoS protection. The combination of private networks, encryption, and DDoS protection is like having two belts and suspenders on for maximum protection.\nAryaka's Passport secures at multiple layers\nPassport also offers edge-device protection with next-generation firewalls and intrusion prevention from Palo Alto Networks. (Note: Palo Alto Networks is a client of ZK Research.) Palo Alto also brings virtual firewalls to Aryaka that are hosted in popular cloud services such as Microsoft Azure and Amazon Web Services.\nWhile Aryaka has a huge global private network, not all customer traffic can be kept on their backbone, meaning some will have to hit the Internet. To secure these connections for internet-bound traffic, Aryaka is leveraging a partnership with Zscaler and Palo Alto\u2019s Global Protect Cloud Service. Think of the encryption and DDoS protecting \u201con net\u201d traffic, and Zscaler and Palo Alto securing \u201coff net\u201d traffic. Given the rise of SaaS applications, this service will get increasingly more important. Aryaka also offers the equivalent of direct connectivity to all cloud and SaaS applications.\u00a0\nAryaka\u2019s Passport provides its customers with up to six layers of security, so if a breach happens, only that layer is compromised and the rest of the network is secure.\u00a0 This multi-layered approach may be overkill to smaller businesses, but it is critically important in the large enterprise, which is Aryaka\u2019s primary customer base.\nThe cloud has been a huge game changer for businesses and has caused them to look at different network architectures to optimize user experience and control costs. The evolution of the network must be accompanied by a shift in security strategy. Long gone are the days when one could deploy a massive firewall and expect that to be the extent of the security. Now, security needs to be everywhere \u2014 in the network, the cloud, internet, and the network edge. Aryaka\u2019s Passport is unique in the SD-WAN market, as it operates at every critical layer.