HOW SD-WAN CAN HELP ENHANCE CYBERSECURITY

Traditional security architectures focused primarily on protecting the network perimeter. Firewalls and other devices were used to create a defensive barrier between an organization’s secure internal network and the open Internet. While perimeter security is still critical it no longer provides adequate protection. The cloud, mobile and an increasingly distributed IT environment have created a “perimeter” that is porous and ill-defined.

Security risks have also increased due to shifts in wide-area network (WAN) connectivity. In the past, organizations would connect branch offices to headquarters using dedicated private lines or multiprotocol label switching (MPLS) services. Branch locations typically did not connect directly to the Internet. Instead, Internet traffic was backhauled over the WAN through headquarters, which had more robust defenses.

MPLS is reliable and secure but also extremely expensive. In addition, it’s not well-suited to today’s network traffic patterns, which emphasize Internet services, cloud-based applications and communication tools such as voice over IP (VoIP) and video conferencing. Backhauling Internet traffic creates latency that impacts the user experience. Direct local access to the Internet provides a better user experience at a much lower cost. However, the Internet is not reliable or secure.

The need to connect branch locations directly to the Internet is one of many factors driving the adoption of software-defined WAN (SD-WAN). SD-WAN makes it possible to mix multiple data transport services, including broadband Internet, to create a hybrid WAN. The “software-defined” component is a communications overlay and policy-based automation that selects the best path for WAN traffic based upon network conditions and application requirements. This helps to overcome the inherent unreliability of the Internet, enabling organizations to reduce WAN expenses significantly by taking advantage of more cost-efficient bandwidth.

But what about security? Doesn’t a direct Internet connection amplify security risks? Yes, but the right SD-WAN can help to enhance security across the distributed IT environment. Best-in-class SD-WAN solutions use standards-based authentication and encryption to protect data traveling over the Internet.

Security is a core component of InSpeed’s SD-WAN solution. InSpeed Quality Service (IQS) is a cloud-based controller that prioritizes network traffic, manages bandwidth and ensures that business policies are enforced over any connection. The InSpeed cloud instance is located in a hardened data center with the highest levels of security.

A small on-premises network appliance is installed in-line with a site’s WAN connections, sending all traffic over a secure VPN tunnel to the InSpeed cloud. Robust, end-to-end encryption gives added security to enterprise WAN traffic.

IQS makes it easy to set up a secure, private, site-to-site network mesh using broadband Internet connections. It provides the same level of security and reliability as a carrier circuit along with the Quality of Service (QoS) features that InSpeed is known for, as well as the critical components of a firewall that protect against external attacks—all included in our standard product. In addition, InSpeed minimizes the security risks associated with remote workers connecting to the corporate network. By integrating the remote user into the corporate WAN mesh, InSpeed secures the connection from a small office/home office to headquarters without the need for complex firewall configuration and management.

Firewalls and other perimeter defenses are still key elements of a layered security approach. However, cloud connectivity and the distributed nature of today’s IT environment means that data is traversing the Internet as well as private networks. IQS helps to protect that data while ensuring a high-quality user experience.

SD-WAN Is Supposed to Relieve Complexity. Why Does It Have to Be So Hard?

sys admin frustrated by network complexit
sys admin frustrated by network complexit
Don’t let network complexity get you down

Reducing network complexity is one of the primary reasons why organizations implement software-defined WAN (SD-WAN) solutions. In a recent IDC study, rapid deployment, operational efficiency and reduced complexity scored high as motivational factors for organizations considering SD-WAN deployments. The ability to simplify WAN infrastructure was a top SD-WAN use case.

In theory, SD-WAN delivers on this promise. SD-WAN sits on top of multiple WAN links, using software-driven policies to automatically select the best data transport mechanism for each application. As such, SD-WAN masks the complexity of implementing and managing an aggregate WAN and frees IT from the virtually impossible task of implementing those policies manually.

But that’s only one aspect of WAN management. Most organizations are struggling with a complex array of WAN equipment, including routers, load balancers and other gear along with firewalls and other security appliances. SD-WAN becomes yet another box IT has to deal with.

Furthermore, the cost-saving benefits of SD-WAN only manifest themselves when you connect branch locations directly to the Internet as opposed to backhauling Internet traffic to headquarters via a private circuit. With direct Internet access, security becomes an even greater concern, so additional security solutions are typically needed. The branch WAN stack grows larger, and maintaining user accounts takes more time.

And when broadband Internet links enter into the mix, IT has to worry about application performance—particularly for latency-sensitive applications such as voice and video conferencing. However, troubleshooting performance problems becomes more difficult given the fragmented nature of the WAN.

Doesn’t sound so simple, does it? Plus, you’re adding a new technology (SD-WAN) that the IT team isn’t familiar with, and changing WAN management processes.

Some organizations try to sidestep these issues by going with a managed SD-WAN solution through their telecom carrier. However, this approach increases costs and makes it harder for organizations to respond to changing business and IT requirements.

With InSpeed Quality Service (IQS), you get all of the benefits of a managed service in a carrier-independent model. Designed for rapid deployment and ease of use, IQS consists of a small onsite appliance that routes WAN traffic through a secure VPN tunnel to the InSpeed cloud. The cloud service automatically shapes the traffic entering and leaving the site, giving priority to interactive traffic such as voice and video conferencing. It also manages bandwidth utilization from end to end, ensuring optimum performance for all applications.

IQS enables secure site-to-site connectivity without the need for private circuits or complicated firewalls. It also supports multiple WAN connections for business continuity, automatically switching to a backup link while maintaining Quality of Service.

Installation of the IQS appliance is plug-and-play simple, and the cloud service does all the heavy lifting without the need for complex configuration or policy management. It’s so easy you can use it in all of your sites, including the home offices of your remote workers.

SD-WAN is supposed to relieve complexity, so many organizations are wondering why it has to be so hard. It doesn’t. IQS delivers all the benefits of SD-WAN without any management headaches.

How SD-WAN Can Enhance Cybersecurity

cybersecurity and SD-WAN

cybersecurity and SD-WANMost organizations implement an SD-WAN solutiondowload a printable PDF of this article on how SD-WAN improves your cybersecurity to obtain cost-efficient and reliable WAN connectivity over commodity Internet links. However, SD-WAN by its nature can also enhance cybersecurity.

SD-WAN creates an encrypted “tunnel,” or virtual private network (VPN), to protect data as it’s transmitted across the public Internet. It does this seamlessly, without the performance and availability limitations of traditional VPNs. SD-WAN also makes it easy to set up site-to-site VPNs in a mesh topology.

All of this is managed by a centralized controller that makes policy-based routing decisions in real time. This makes it possible to segment the WAN from end to end—an enormously complex proposition with legacy WAN architectures—and enforce security policies based on the nature of the traffic.

InSpeed’s SD-WAN solution delivers state-of-the-art security across all of your WAN connections, and is even simple enough for your employees who work from home. And because InSpeed was designed for voice, video conferencing and other interactive applications, you’re assured of high-quality, secure business communications over any connection, every time. No complex configurations, policy definitions or management headaches.

But don’t take our word for it, give InSpeed a call or an email to set up a free trial.