Why SD-WAN? Why Now?
The rise of Software-as-a-Service (SaaS) and cloud services is resulting in decentralized data traffic flows, in turn rendering the traditionally expensive Multiprotocol Label Switching (MPLS) inefficient for wide area network (WAN) transport. This has prompted a change in networking architecture and the means of controlling network access.
The emergence of software-defined WAN (SD-WAN) in response to rising cloud adoption is significant because it promises to deliver reduced cost and enhanced performance and availability.
This is a trend that is unlikely to go away. In fact, it’s set to intensify. According to Gartner. SaaS and Infrastructure-as-a-Service (IaaS) will grow at 17% and 27%, respectively, through 2022. Both are key drivers of SD-WAN adoption in that time.
The Impact of SD-WAN on Networking & Network Security
Today, organizations can leverage SD-WAN technology to implement software-defined branch (SD-branch) as a way of extending IT environments to any of its branches outside of its headquarters that require high-quality network connectivity.
For retailers, hospitality groups (hotels, restaurants, etc.), commercial banks and other large, distributed organizations, SD-branch is particularly useful as it utilizes SD-WAN technology to simplify a branch’s IT architecture – reducing the resources and budget needed to maintain operations.
Branches are typically more at risk of network threats than organizational headquarters since they’re inherently understaffed or underserved from an IT standpoint.
To combat this, the SD-branch approach is to have security functions present in the IT devices at the branch so that data transmitted from the branch to another node in the WAN is as secure as other parts of the network from square one, instead of waiting until the data reaches security tools outside the branch. It’s like locking a house’s front door instead of just the bedroom doors.
Controlling Network Access in a SD-WAN World
The rise of BYOD, mobile workforces and IoT has driven an exponential increase in the number and types of devices that can connect to today’s corporate networks. Securing and protecting these devices – particularly agentless IoT devices – is a core principle and best practice in cybersecurity.
Today, device segmentation (especially for IoT) has evolved to become the only effective option for network defense, as it enables organizations to protect themselves against lateral movements and to detect network breaches faster. Executing this requires a network access control solution be deployed – one that can not only control the port security, but also segment the network by the type of device or its user.
Traditionally, network access control has necessitated a connection to the organizational headquarters, with an appliance deployed at each branch. This has historically limited the use of SD-WAN / SD-branch technologies.
Side-stepping these limitations has required innovation in network access control. The logical next step in the evolution of network security is for organizations to be able to leverage a NAC solution that’s delivered as a cloud service. This eliminates the need for cost on-site appliances and on-going maintenance. Now, all that’s needed to control network access at branches and the headquarters alike, is an internet connection.
Here’s how it works…
