4 essential SD-WAN security defenses

October 16, 2018 Trent Pham

SD-WAN’s growing popularity stems from the advantages it offers by moving key business functions to the cloud: simplified management, increased efficiency and resiliency, improved scalability, and significantly lower costs. It’s little wonder that SD‑WAN growth is accelerating, and rapidly.

Yet because SD-WAN uses the internet as transport, concerns persist among potential adopters regarding its security. The essential question: Can any WAN solution operating over the public internet protect enterprise information as thoroughly as a purely private WAN can?

SD-WAN security

The answer is yes and by considering these four areas, the data transmitted over a public network can be as safe as a private network.

  • Firewall – Because it distributes enterprise assets across on-premises, cloud and hybrid environments, SD-WAN opens up new points of vulnerability. SD-WAN solutions must address this with a Zero Trust security model and firewalling based on application flow. Whether you’re considering cloud-based or on-premises firewalls, look for an SD-WAN solution that delivers application control, intrusion prevention, and content filtering.
  • Encryption – Data in transit is especially vulnerable to attack; any SD-WAN solution must offer strong end-to-end encryption across all transports. This is especially critical with all traffic crossing the internet to reach branch offices and other remote user locations.
  • Security class differentiation – SD-WAN should support the prioritization of security resources, with distinct segmentation and security policies. For example, enterprises that handle payment card information will want to place the highest priority on personally identifiable information to avoid PCI DSS compliance issues. Two-factor authentication and in-depth log monitoring will provide additional assistance through reliable audit trails.
  • Virtual network function (VNF) software – VNF in SD-WAN enables common network functions, such as firewall to run as virtual instances on the same CPE as the SD-WAN itself. This supports more highly integrated security, with hardware capacity used efficiently across locations and users. VNFs also can be centrally managed, which supports faster provisioning and greater flexibility in policy management.

While there are always tradeoffs involved in moving from legacy to newer solutions, the gains made by adopting SD-WAN are extremely compelling – as long as security is strengthened in the move rather than compromised. With the right security technology incorporated in SD-WAN and proper preparation, adopting enterprises can move forward with the knowledge that their assets are thoroughly secure – including all interfaces with the public internet, and all enterprise traffic that crosses it.

The post 4 Essential SD-WAN Security Defenses appeared first on Windstream Enterprise.


About the Author

Trent Pham

Trent Pham is Head of Security Products for Windstream and is responsible for the organization's enterprise security service strategy, development, and life cycle management. He joined Windstream in 2016 and has 20 years of security product management experience with communication service providers, security service provider, and startups. Trent also taught information technology at the University of Denver's Information and Communications Technology Graduate Program. Trent received an MBA from the University of Denver's Daniels College of Business, a BS in Mechanical Engineering from the University of Colorado in Boulder, and holds a CISSP certification.

Follow on Linkedin More Content by Trent Pham
Previous Article
How healthcare organizations can securely transition to the cloud
How healthcare organizations can securely transition to the cloud

How can healthcare orgs ensure they’re not risking network security when they make the transition to UC? By...

Next Article
Hybrid Networking: The Advantages of Blending Best‑in‑Breed Networking Options
Hybrid Networking: The Advantages of Blending Best‑in‑Breed Networking Options

There are many hybrid networking options for aligning infrastructure with business strategy. Learn which op...


Have questions? Chat with a Windstream network expert

First Name
Last Name
Phone Number
Thank you!
Error - something went wrong!