Johna Till Johnson
June 25, 2018
Both wide-area networking and cybersecurity are undergoing major paradigm shifts. In the wide area, companies are increasingly deploying Software-Defined WAN (SD-WAN) technology in conjunction with or even in place of traditional WAN technology like MPLS.
SD-WAN technology makes it possible to dramatically reduce circuit costs, capital costs, and labor costs; as importantly, it increases agility, and—somewhat surprisingly—security. That’s because one of the core principles of SD-WAN is holistic management: all the endpoints, physical or virtual, are managed, configured, and updated via centralized, policy-based, automation. Building centralized, automated management in from the ground up, SD-WAN obviates the need to manage unique configurations at each site via a layered-on management tool or in-house developed, complex (and often erroneous) scripts. Truly automated configuration and management cuts down on vulnerabilities that hackers can exploit. After all, most software pushes for traditional routers succeed less than 99% of the time; home-grown scripted pushes even less often. If you have 5,000 sites, that means 50 or more not automatically updated, requiring manual attention; at additional risk of compromise in the interim and at additional risk of misconfiguration in the course of manual updating.
Another aspect of SD-WAN that increases security is the virtualization of the WAN. By overlaying multiple logical WANs on top of the physical network links, SD-WAN allows an organization to partition their WAN into security-defined segments.
Meanwhile, cybersecurity professionals are moving towards a zero-trust security model, in which all devices, resources, systems, data, users, and applications are treated as “untrusted.” Zero trust security has profound implications for security architectures and operations, and shares a core tenet with SD-WAN: that automation will implement centralized policy consistently.
It’s not too surprising, then, that the blueprint for the next-generation networking includes zero-trust security, automation, and policy-based management. Putting all the pieces together delivers a more secure, resilient network.
Table of Contents
- Executive Summary
- Next-Generation Networking: Virtualized and Software-Defined
- Trend: The Move to SD-WAN
- SD-WAN: What It Is
- SD-WAN: Key Drivers and Benefits
- SD-WAN Technology and Vendors
- Trend: The Zero Trust Security Model
- Network Implications of Zero Trust Security
- Other Technology Implications of Zero Trust Security
- Advanced Endpoint Security (AES)
- Behavioral Threat Analytics (BTA)
- Cloud Access Security Brokers (CASB)
- Network Access Control (NAC)
- Automation and Everything as Code
- Conclusion: SD-WAN, Zero Trust, and the New Secure Virtualized Network