The SD-WAN security guide How a flexible, software-defined WAN can help protect your network, people and data
SD-WAN security: Separating fact from fiction For many companies, the benefits of SD-WAN are clear: greater network visibility, smart traffic routing, simple scalability and a WAN environment that s built to support the diverse traffic types and application demands that today s businesses need to handle. The thing is, a handful of misconceptions around the security implications of moving to SD-WAN have caused some businesses to delay their migration. Because SD-WAN requires internet access to function, it s sometimes viewed as best-effort from a security standpoint, putting many businesses off exploring the concept further and discovering what it can really do for them. Best effort, your days are numbered The term best effort has been used for years to describe network services that don t guarantee or verify data delivery or service levels. In the past that s obviously been a major issue. But today, various new capabilities and measures are helping to shrink the problem. For cloud-based services that depend on the internet, contractual SLAs help guarantee a specific level of reliability. And with SD-WAN, network traffic is a lot more visible, so if data doesn t reach its destination, it s easier to tell. Describing internet connectivity as best effort isn t suddenly going to become incorrect. But what network teams are being forced to ask themselves now is whether being best effort is really that much of a problem at all. 2
SD-WAN security: Separating fact from fiction In practice, SD-WAN can actually be a major boon to network security, and it can even integrate fully with your existing security solutions and infrastructure. From a security standpoint, SD-WAN is an evolution, not a revolution. It s not going to force you to rip and replace the security footprint you ve already established, it s just going to make it stronger. By improving control over network traffic, enabling the development and enforcement of clearly-defined network policies, and granting you deep visibility of all network activity, SD-WAN plays a vital role in protecting your network, people and data today. In this guide, we ll explore those capabilities in greater detail, and reveal three key ways that SD-WAN can help improve the overall security of your network. 1 It helps you take control of diverse traffic 2 It makes policy creation and management simpler 3 And it makes end-to-end network segmentation easy enough to implement Let s dive in and take a closer look at each one. 3
Taking control of diverse traffic 01 You ve got a wide variety of apps deployed on your network, and a growing number of traffic types to support. So you need to be able to make sure that as traffic spikes, application and network security doesn t suffer. For many businesses, the missing piece of the puzzle is visibility. They know what traffic they need to support, and they might even know when it s likely to spike, but without real-time visibility, application performance and network security can be at risk. SD-WAN supports security by giving you deeper control over network traffic and routing. It gives you the ability to define what traffic goes where and when, and deflect breach attempts when they happen. By defining where traffic can go and how it gets there, it s much easier to monitor and control it and identify when there is malicious intent. Crucially, you can also use it to make sure all traffic routes through corporate firewalls, so no person or traffic type can get around your existing security infrastructure as they access your data and services. Finally, SD-WAN also makes it much easier to use innovative network security solutions. Cloud-based web protection services, for example, can be easily integrated and enable you to filter traffic and clean it before it enters the network. Without the kind of visibility you get with SD-WAN these tools can be hard to use. With it, you get all the insight and granular control you need to make the most of them. Conducting traffic Your network is like a busy intersection at rush hour. There s so much traffic going in so many directions that when one car breaks the rules, it s hard to see where it is, let alone stop it. SD-WAN doesn t just let you become a skilled traffic conductor, it enables you to set hard and fast rules that traffic must follow. So, instead of standing in the intersection directing things manually, you can sit in your cruiser, ready to spot and apprehend any traffic that doesn t abide by your rules. Which brings us to the next big impact SD-WAN has on your security policy management. 4
Enabling simple policy creation and management 02 Network security management can easily consume hundreds of man-hours. Hours that most network teams would prefer spending on more strategic initiatives. That s frustrating when you re putting the same fires out over and over again. And it s especially frustrating when you have to implement policies, one network device at a time. SD-WAN makes it meaningfully easier to both create and enforce policies. For starters, you can see and manage your entire network from one centralized console. So you have an easy-to-use software interface through which you can set up and manage all your policies. From identifying where they re needed, to defining where exceptions should be considered, visibility makes the entire policy management lifecycle easier for everyone involved. For example, with SD-WAN you can roll policies out for all your locations at once, instead of having to go location to location. At the same time, if you do need to get more granular and make branch-specific adjustments, you can still drill deeper. The result is that you get massive efficiencies from deploying policies at scale, across the network. But you still maintain the flexibility needed to give every branch precisely what it needs to succeed. 5
Enabling simple policy creation and management Define your normal That visibility also helps you identify what your version of safe network activity looks like. Then, by creating policies for traffic, routing and transfers, you can automatically ensure all traffic complies with your definition of stable and secure network activity. For example, with so many different applications to manage, your business will likely need different policies to ensure certain apps never touch the internet. SD-WAN makes that easy, because you can set rules for what can go where, and when. Three quick tips for creating great network policies with SD-WAN 1 Use your newfound visibility to find your own definition of what normal network activity looks like, instead of relying on someone else s, and build your rules around that. 2 Focus on enabling end-users instead of restricting them. If there are things your people want to do that are potential security risks, explore ways of using policies to better secure those activities, instead of limiting or outright preventing them. 3 Build flexibility into your policies so that rules can shift alongside traffic spikes, protecting you proactively in the event of something like a DDoS attack. 6
Enabling network segmentation 03 To secure your sensitive data, you need the ability to do end-to-end segmentation and ensure malicious activity is quickly isolated. That way, you can make sure things like breaches of business partner portals don t affect the rest of your network. SD-WAN gives you the ability to segment information and then communicate it to all the relevant points in your network without complicating your network design. You can create the end-to-end segmentation you need, over your entire network, without modifying any devices in the path. You can do location-based segmentation to protect your remote sites. And you can enforce policies based on your segments, so things like BYOD devices get treated differently than regular mobile devices. Network segmentation is a huge boon to network security. With SD-WAN, it becomes a lot easier to implement it. 7
Why managed SD-WAN is a great way to get security right From protecting your people to freeing up network management resources, adopting SD-WAN can be a huge boon to any network security strategy. But when it comes to choosing the right SD-WAN solution, you need to look closely at their security capabilities. To effectively improve network security, any SD-WAN offering you choose will need to integrate with all of the other security solutions you already have in place. With a managed SD-WAN solution, you not only get help with that integration, you also get access to experts with deep experience setting up secure SD-WAN implementations. Those experts can help you spot implementation issues and opportunities that you likely wouldn t have thought about alone. Take a multi-function app like Skype for example. An implementation pro knows that each service (instant messaging, telephony, video and so on) is handled by a different port. Without this knowledge, you could end up disabling all of Skype without realizing you could get more granular about ports and IP addresses with SD-WAN. On the other hand, if you have a secure voice communication tool that you want your employees to use instead of Skype but you also don t want to limit their ability to use Skype for IM and file sharing you can make that adjustment. These are the kinds of details that add up to a more secure and convenient implementation in the long run. 8
SD-WAN takes the drama out of network security The devices and tools used by modern employees have given them great technological freedom. But that freedom has come at a cost. The edges of modern networks are more dynamic, the sheer volume of applications and devices used have sky-rocketed and the sensitivity of network traffic has never been greater. The only way to secure today s networks is by making a fundamental shift in the way they re managed. Far from being a threat to network security, SD-WAN actually empowers teams like yours to more realistically protect the network with three key capabilities: policy control, network visibility and network segmentation. The result is that you have a better view of the reality of your network, you have an easy way to implement the right policies and you become far more agile in the way you detect and react to issues. Of course, SD-WAN in and of itself is no panacea. But any security strategy that s based solely on firewalls and encryption won t be able to tackle the dynamism of the modern threat landscape. SD-WAN is a necessary and invaluable addition that ll make better use of your time and resources, and make you move fast enough for today s security needs. 9
Let s talk If security concerns have been holding you back from exploring the full potential of SD-WAN, our advice is simple don t let them. From greater traffic control to network-wide visibility, the secure network of tomorrow starts with SD-WAN and your network s transformation starts with you. Find out what SD-WAN can do for you. Contact your local Sprint representative today to learn more. Call 1-866-653-1056 or see more details on sprint.com/sd-wan