• United States

Security serves as an essential component to growing an enterprise with SD-WAN

Aug 20, 20184 mins
Network SecurityNetworkingSD-WAN

Adopting productivity-enhancing applications across the network creates a need for dynamic data protection. What decision makers should understand about the intersection of security and SD-WAN and keeping data not only accessible, but safe.

network security locks and cables
Credit: Thinkstock

As enterprises endeavor to expand domestic and global footprints, agile network infrastructure connectivity across geographies continues to prove an ongoing challenge. In particular, ensuring that data shared over these networks is protected from unauthorized access is a primary directive in today’s evolving cyber threat landscape. These often-contradictory demands call for IT decision makers to invest in innovation that will facilitate network flexibility and agility without compromising security, productivity or performance.

This challenge begs a simple question. How can a WAN deliver the flexibility and agility necessary to help an organization grow without increasing exposure to data breaches and other security problems? After all, if the cost of convenience is increased network vulnerabilities, can it be considered a sound approach?

Many IT leaders today are grappling with that question. From a real-world perspective, according IDG’s 2017 “State of the Network Survey,” technologies such as SD-WAN rank high on the list for future plans of enterprise organizations. From a security perspective, another survey from IDG found that the top priority CEOs currently have for CIOs is “to upgrade IT and data security to avoid cyber attacks.” In turn, 54 percent of CIOs said that “security strategy is an integral part of overall IT strategy and roadmaps.”

Survey respondents are looking to SD-WAN to deal with these issues. Forty-five percent report that increased security is one of the most important potential business benefits to come from transforming their networks with SD-WAN deployments. Among the various reasons that IT leaders see value here is that SD-WAN facilitates the normally difficult task of WAN segmentation, helping businesses deal with issues such as security threats from within, as Network World explains.

Zero-trust and beyond

Segmentation is key due to the dramatic uptick of threats from within a network. A recent Ponemon Institute study highlighted that the average cost of a security compromise attributable to insiders averaged $8.7 million over the course of a year. What’s more, the maximum cost exceeded $26 million! These incidents ranged from shear negligence by employees (64 percent) to criminal action (23 percent). Plus, theft of legitimate credentials accounted for another 13 percent of insider compromises.

These findings validate the need of a zero-trust approach to security which prioritizes protection of the network internally just as much as external safeguards. This is especially true for organizations with 1000 to 5000 employees, as there is more exposure and surface area to protect. SD-WAN makes segmentation and implementing zero-trust processes far easier. 

Beyond zero-trust network models, first-line-of-defense capabilities have also emerged. This includes integrated online application and website whitelists in SD-WAN solutions for branch offices that may not have local firewalls.  But this approach is just the beginning, ideally an SD-WAN will have an integrated firewall that makes the security process as seamless as possible.

Internet equation

It’s critical for security to be at the top of SD-WAN priorities, given that the technology paves the way for enterprises and their branch, retail or other remote locations to leverage the internet more than ever before for critical business applications and processes. Bundling security services or integrating with security vendors’ solutions isn’t just an option—it’s a requirement.

Your business must be prepared to defend against the increased vulnerabilities that come with more direct internet access, including leveraging:

  • A single on-premise or virtual client device that can handily and cost-effectively serve multiple security functions, including embedded firewalls for secure internet offloads and automatic encrypted tunneling to secure data across the internet.
  • The ability to centrally drive policies and configurations to reduce complexity and ease management of all the business’ critical security requirements. Centralized orchestration is a path to chaining WAN security services like firewalls and routers across locations around the globe, for example.

IT decision makers put the most importance on centralized policy and configuration management when researching SD-WAN solutions, presumably to address concerns regarding network security as well as complexity and manageability.

Continuous monitoring

Another aspect that impacts security is the combination of resiliency and redundancy, which is why many businesses are turning to fully managed services to mitigate the risks of deploying and operating new SD-WAN technology, with continuous monitoring and maintenance as part of the solution.

As enterprises seek to adopt new and productivity-enhancing applications across the network, data protection remains a top concern. Combining dynamic security capabilities with the flexibility and visibility afforded from a managed SD-WAN solution provides the capabilities emerging companies need to differentiate.

This approach will allow for an organization to expand far more efficiently from both a resource and budgetary standpoint. It will also free up IT teams to focus on improving business operations and customer experience rather than being consumed with complex security challenges.


Paul Ruelas is director of product management at Masergy, which owns and operates the largest independent software-defined platform in the world, delivering hybrid networking, managed security and cloud communication solutions to global enterprises.

Paul brings over 26 years of expertise in global networking, IP networks, complex solution design and product development. Paul has developed many Ethernet and optical products that enabled numerous global enterprises to transform their data communication infrastructures to improve business outcomes.

Paul is an industry thought leader in communication transformation, speaking and writing on topics such as hybrid networking, SD-WAN, NFV and cloud connectivity.

Prior to joining Masergy, Paul worked at Verizon and Frontier Communications.

The opinions expressed in this blog are those of Paul Ruelas and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author