Why Security Is the Killer SD-WAN App

Citynet5

By: R. Scott Raynovich

You've probably heard that software-defined wide-area networking (SD-WAN) is all the rage in enterprise networking these days. But why is that? One of the key reasons is that SD-WAN provides the capability to deliver a wide variety of security services and applications from the cloud, obviating the need for specialized network hardware.

This is a long-term shift that will take decades to play out. For many years (decades even), enterprises built their security strategy around discrete applications and devices -- often firewalls -- that were deployed as enterprise networks were built out to support software and applications. This has grown complicated to manage. At the same time, the advent of the cloud, along with hybrid cloud, means that the traditional network perimeter has become difficult to define, posing a challenge for network managers.  The "cloud" has no perimeter, therefore it is hard to defend.

It makes sense for enterprises to look at implementing their cloud networking and security with managed, cloud-based services. Delivering security from the cloud provides more scale and agility in responding to threats. Security managers don't have to manage or update their own security hardware and software -- rather, their networks are protected by a cloud service running 24/7.

Users Find VPNs Difficult to Manage

Research shows that security is a common challenge in IT environments. Here's an example: Futuriom recently surveyed 200 IT managers in application development, networking, security and DevOps about common security challenges and how they  might be solved. In this survey, traditional virtual private networks (VPNs) were not seen as effective ways to defend the modern, cloud-based network. Users are concerned about the performance drawbacks of VPNs for use in networking cloud applications, with 63.5% of users survey citing issues with VPN performance and 47.5% citing issues with security.

In addition, users cited challenges in security of VPNs (47.5%), as well as the management and configuration (34% and 36%, respectively). This may be because VPNs are often managed on hardware devices or software endpoints that need to be constantly updated.

SD-WAN and additional cloud-based solutions such as managed security services and Application Specific Networks (ASNs) have the potential to alleviate many of these issues. As SD-WAN devices are plugged in, they have the potential to replace specialized network devices such as routers, firewalls, and application acceleration devices, and instead replace those with an industry-standard device and software-managed services model.

This is why many providers of SD-WAN technology are focusing on security. For example, Cato Networks is operating its own security-as-a-service model and its own SD-WAN network with the Cato Cloud. Versa Networks has integrated security applications directly into its SD-WAN platform. Other SD-WAN vendors, such as Aryaka Networks and Silver Peak, are taking the approach of using their platforms to service-chain security applications from partners. And Cisco recently moved to integrate many of its security services into its SD-WAN offerings. 

Security Benefits from SD-WAN

Security will benefit from this shift to SD-WAN, which provides standardized hardware and  software delivered and managed from the cloud. The reason is the economies of scale. It's much easier for a specialized cloud security service to focus on protecting a network than it is for individual companies to constantly maintain and update their networking and security infrastructure.

Futuriom expects this shift to boost the market for SD-WAN security services. Just as edge routing benefited from the uptake of the Internet and the use of corporate networks to access client/service applications, SD-WAN is growing because of the demand to connect networks using cloud-based model.

As our research indicates, end users just don't want to manage complicated networks and configurations, including security patches. Think of SD-WAN to the enterprise network as the iPhone was to the consumer phone market. Just as the iPhone combined photography, music and communications, the SD-WAN market can deliver a wide portfolio of enterprise network applications with a simplified hardware model.

Here's an example of how an enterprise might move to SD-WAN based security. Paysafe is a leading global provider of end-to-end payment solutions with more than 2,600 employees in 21 locations around the world. End users at the company found the use of a legacy VPN implementation difficult to manage and confusing, according to Stuart Gall, Infrastructure Architect in Paysafe’s Network and Systems group, as published in a case study by Cato Networks.  

Furthermore, Paysafe’s Gall said the VPN issue was a barrier to building a fully meshed IP network because it would have required creating more than 200 separate tunnels to support the VPN. This also meant updates from services such as Active Directory were slow to propagate in the network. Paysafe opted to move to an SD-WAN network built by Cato Networks, which provides a private network in the cloud. The move improved visibility into network activity and security as well as decreasing latency.

This example is just one of many cases in which enterprise managers are looking for cloud-based security solutions based on an SD-WAN model. Security is cited by many enterprise end users as a key differentiator for SD-WAN implementations. The reason is that IT and network managers want security built into the network, rather than requiring complicated overlays that they have to manage day-to-day.

This Tech Primer was sponsored by Cato Networks.