Two Roads Diverged in a Wood and I… Chose Secure SD-WAN

Yup, I’ve taken creative license with Robert Frost’s revered poem, “The road not taken”. While I have taken liberties with the protagonist’s motivations, the theme resonates when I consider the many decisions enterprises and managed service providers (MSPs) face today with their technology choices. Which ‘road’ to take, choice to make? A wrong decision can change the course for any business.

Sometimes choices are made for them, based on limited options. But when it comes to operational and business challenges, nobody should have to choose between cloud-based and on-premises networking and security technologies.

SD-WAN is a proven enabler for digital business transformation. Yet, not all SD-WAN solutions are cloud-native, with integrated, full-featured networking and security within a single platform. While this comprehensive platform may be a less traveled route at the moment, it indeed makes all the difference, and will become an enterprise standard. Enterprise infrastructure is undertaking significant changes. These changes have been brought on by the need to support diverse branches, corporate headquarters, multi-clouds/SaaS, IoT and mobile users. Whether SD-WAN is managed or DIY, we must consider IT infrastructure with a mind toward ubiquity, if we are to variously connect and secure distributed users and devices to critical business systems.

The proliferation of SaaS alone, such as G Suite, Office 365, Dropbox, Box, Salesforce, Slack and countless others, has created unprecedented enterprise risk with loosely secured networks. IT can’t afford to deploy critical technology platforms that don’t provide end-to-end visibility through a single-pane-of-glass interface. And one that provides multiple tiered and layered network and security functions within a single construct, that can manage and control policies with context, down to location, user, device and application levels.

Slice and dice with software virtualization

A key challenge to more efficient multi-cloud and branch network operations is provisioning, managing and operating a complex array of disparate single-function devices, like Wi-Fi controllers, routers, firewalls, LTEs, VPNs, secure web gateways and WAN optimizers. However, a fully automated software service platform that unifies multi-layered security and network functions, can eliminate complex WAN and branch architectures.

SD-WAN with a foundation built upon a pervasive operating system and a single platform that combines full-featured network and security functions, is what will enable the Software-Defined Enterprise. This requires an integrated architectural approach and a complete WAN edge solution that extends end-to-end, across branches, data centers, clouds, campuses, 5G, IoT, edge compute, mobile, wired, wireless and beyond.

The operating system must be fully integrated with security capabilities, and it must be an integral part of the network. Not just a service chained VNF, router module or separate appliance. With this Secure SD-WAN platform, the network and security capabilities are built into a single architecture, allowing enterprise IT teams and MSPs to improve and deploy new apps and services on-prem. This kind of platform can provide many benefits and advantages for designing, building and operating enterprise virtual edge WANs and managed services.

As we move away from single-function devices, we can fully see that individually, they provide one layer of connectivity or protection. Whereas, an integrated, virtualized, multi-layered approach that combines complex networking and security functions, provides a more effective architecture that can scale, while simplifying deployment, operations and management.

Protecting the distributed security perimeter

SD-WAN solutions rely upon some type of mechanism for building an overlay of secure tunnels between sites. But as these solutions are deployed, little to no consideration is typically given to secure key exchange, and where the keys are stored. SD-WAN solutions, where all branches connect through an underlay of diverse transports to a central manager and database that includes “keys to the kingdom” is very risky, and is counter to best practices. Sensitive information like this should never be directly exposed to the Internet, encrypted or not.

Supporting enterprise specific Certificate Authorities (CAs) and multiple CA’s, helps achieve the agility needed to quickly adapt to business and technology changes. Additionally, supporting vulnerability assessment and penetration testing, helps ensure all platform components run efficiently and effectively.

You needn’t choose between two divergent paths for networking and security. A cloud-native SD-WAN with integrated networking and security functions eliminates having to make this choice. Enterprises and MSPs can leverage multi-transport virtualization, programmability and agile provisioning. They can create a secure, unified and system-level software approach for deploying next generation WANs and managed services.

When it comes to secure SD-WAN, the road less traveled is becoming the road traveled by all.

Join this upcoming webinar with Kelly Ahuja, CEO of Versa Networks, and Michael Wynston, Director Network Architecture and Engineering of Fiserv Technology Services, as they discuss Accelerating Digital Transformation with Secure SD-WAN.

Author's Bio

Michael  Wood

Michael Wood

CMO, Versa Networks