Oct 13 2021

Software-Defined Safety: How to Secure SD-WAN Deployments

SD-WAN offers improved performance and ease of network management. But how do organizations ensure the security of their software-defined deployments?

Software-defined wide-area networks (SD-WANs) offer an alternative to traditional network architecture that provides increased flexibility and functionality without increasing complexity. It’s no surprise that SD-WAN adoption is on the rise: In 2018, just 18 percent of organizations surveyed reported that they had installed SD-WAN; by 2020, that number had more than doubled, to 43 percent.

The true value of SD-WAN stems from its composability: Networks are no longer tied to proprietary pieces of hardware, but can instead be designed and deployed to suit specific business needs. The caveat? With increasing abstraction comes evolving security risk. Here’s how businesses can boost the safety of SD-WAN solutions at scale.

Why Businesses Are Shifting to SD-WAN

SD-WAN abstracts critical network operations from hardware and layers them into software, making it possible for businesses to create flexible and functional networks that are both more agile and less complex.

According to Glen Freudenthal, sales engineer at Fortinet, “SD-WAN was built to avoid the obstacles and roadblocks of older, traditional networks. Customers are now seeing the benefits from the flexibility of SD-WAN: Having additional carriers and transport options allows them to cut cost and ensure they have a solid business continuity solution for their mission-critical applications.”

DISCOVER: Explore what Fortinet can do for your SD-WAN.

Freudenthal points to five key benefits that are driving the shift to SD-WAN:

  • Application resilience: Software-defined networks provide a high level of application availability and performance.
  • Scalable performance: As Freudenthal notes, Fortinet’s SD-WAN application-specific integrated circuit (ASIC) makes it possible to scale SD-WAN across organizations without negatively impacting operational performance.
  • Multicloud on-ramping: SD-WAN’s distributed nature lays the groundwork for streamlined multicloud adoption.
  • Centralized orchestration: Centralized management of SD-WAN solutions makes it possible to manage configurations, deployment and operations with complete visibility, analytics and reporting.
  • Integrated advanced security: Integrated solutions such as next-generation firewalls offer advanced routing and traffic examination to deliver consistent and scalable security.

Making the Move to SD-WAN

Compared with traditional network architecture, SD-WAN is designed to streamline the network provisioning and management process.

“We don’t typically see any caveats with introducing SD-WAN to any organization,” says Freudenthal. “The only possible issue that a customer may face is how to initially introduce an SD-WAN solution into their existing environment: How will it connect? Are there any potential issues with integrating this solution?”

In practice, security is often the biggest challenge to effective SD-WAN integration. Here’s why: As network services shift to become part of operations at scale, rather than tied to available devices, attack surface increases, creating a need for built-in SD-WAN security capable of delivering on-demand network protection.

How to Improve SD-WAN Security

Most SD-WAN vendors have some security features built into their solutions, Freudenthal says. These many be simple application sensors or basic anti-virus and anti-malware tools. While this is a solid starting point, he recommends asking vendors which security capabilities are currently available with SD-WAN deployments and how these capabilities can grow with an organization.

Freudenthal recommends asking vendors these specific questions: “Has the solution been validated by a reputable third-party security analysis firm? Does the solution have the proper certifications for the company’s needs? Can the solution grow with my organization’s needs, or is a separate, additive solution necessary that may introduce additional administrative concerns or complexity?”

Three characteristics are critical for secure SD-WAN deployments, he says:

  • Next-generation firewalls: Encrypted traffic inspection and application-level protection are the key components of NGFWs and are essential to protect distributed SD-WAN networks. “At Fortinet, SD-WAN is a core component of our FortiGate firewalls, ensuring completely secure workflows,” Freudenthal says.
  • Security-first focus: By making security part of the initial SD-WAN discussion, rather than a post-deployment “wrapper,” companies can avoid the problem of potential misconfigurations, according to Freudenthal. “We realized early on when we were building SD-WAN that we would need to ensure any transmissions from an organization’s network would be secured, so we’ve adopted a security-first mentality to all our deployments,” he says
  • Simplified security policies: “Some providers may offer firewalls as bolt-on solutions that add complexity and additional administrative overheard,” Freudenthal says. By ensuring initial security integration, businesses can simplify security policies and reduce the risk of defensive gaps caused by mismatched solution coverage.

When it comes to securing SD-WAN, Freudenthal puts it simply: “Organizations should have security as a central focus in any deployment — and this includes SD-WAN.”

Brought to you by:

KanawatTH/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.