When we talk with customers about transitioning to a software-defined network, they are frequently surprised by the recommendation to re-examine their network security architecture. For many years, Nitel and other WAN providers have been designing networks that take advantage of centralized entry and exit points to the Internet. Branch office traffic, whether internal or web-destined, is carried to a central point, or hub (frequently a company’s data center or headquarters). A firewall at that hub is used to protect the WAN traffic to and from the public Internet.
This design provides many advantages. With a centralized firewall, managing policy changes, VPNs and troubleshooting are pretty straightforward. Next-generation firewalls with unified threat management (UTM) provide a high level of protection and good visibility into security events and reporting. However, what happens when businesses rely on SaaS for their day-to-day operations?
SaaS adoption changing workplace productivity
Businesses are increasingly adopting SaaS for their workloads. In fact, a recent survey from Techaisle found that 94% of US small businesses were using one or more SaaS products by the end of 2017, including:
- Customer relationship management
- Enterprise resource planning
- Supply chain management
- Inventory management
- Marketing automation
- Customer service and vertical applications
This trend is not stopping any time soon. The survey also forecasts a 140% increase in small business SaaS use, with mid-market firms expected to increase usage by 80%. Consequently, workers at these businesses are relying on Internet connections to do their jobs. Internet availability, performance and reliability matter more than ever before. Workers hate watching the spinning hour glass, not to mention slow Internet is bad for productivity, customer service and morale.
Redefining network security architecture
Many IT leaders have learned about the benefits of SD-WAN. As you may already know, SD-WAN allows IT leaders to shape application traffic across multiple connections, improving application performance while reducing complexity and cost; particularly if one or all of the access links are broadband or dedicated Internet connections. This means IT leaders can route Internet-destined traffic, like SaaS applications, directly to the Internet without bogging down the centralized hub.
But if Internet traffic isn’t going through the centralized firewall, how is it secured? This is the “ah-ha” moment for a lot of IT leaders and demands a new way of thinking about network security architecture.
Enter, SD-WAN and SD-Security
A well-architected SD-WAN solution takes advantage of separating the data plane from the management and control plane. Therefore, monitoring and control may be managed from a centralized console, while routing and security policies are executed at the branches. Rules can be implemented and changed universally or across portions of the network without requiring direct command line interface interactions with devices at each of the branches.
As a result, IT and security leaders can leverage software-defined networking to manage security requirements, reduce risk and meet compliance requirements. They are also able to route Internet-destined and SaaS traffic to the best available path without back-hauling to a centralized hub.
Built-in Security for your Software-Defined Network
SD-WAN solutions vary in how they address security in this distributed architecture. Some SD-WAN solutions offer security that is tacked on, or require additional appliances and complex configurations. These solutions present challenges with troubleshooting when network address translation issues arise or traffic is getting blocked.
With a well-designed solution like Nitel’s, software-defined security is built-in allowing IT security leaders to enjoy:
- An integrated view into network and application performance
- Advanced analytics and reporting on security-related events
- Simplified management with a centralized platform, regardless of the number of branch offices
Financial Organization Segments Network for Optimal Performance
Nitel built a security solution for a financial services customer that segments the network into the three following sub-nets at the branch site:
- Financial applications like ATM and teller transactions
- Office Applications like e-mail and voice over IP
- Public Wi-Fi
Each sub-net has its own unique security policies configured in the software-defined next-generation firewall and full UTM. This solution enables features like granular URL filtering, geo-location blocking and even full IDS/IPS. Again, the IT or security lead can control and monitor the traffic form a central location and execute at each branch bank appropriately.
The right SD-WAN and SD-Security solution gives business the security assurance and business needs while enabling workers to effectively access the applications and information they need to successfully do their jobs.
Check out the rest of the Guys in Orange videos to learn to learn more on the latest trends.