WHY SD-WAN REQUIRES STRONG, INTEGRATED SECURITY

When software-defined WAN (SD-WAN) technology first entered the market, it was primarily touted as means of reducing data transport costs, facilitating branch office connectivity and centralizing WAN management.

But it’s virtually impossible to separate network functionality from security. The WAN needs strong protection against Internet-borne threats, particularly when branch locations have direct Internet connectivity.

That’s why it’s critical to integrate strong security into the SD-WAN. In particular, the SD-WAN needs firewall functionality in order to inspect packets traveling across the network and either block or allow them based upon ports, protocols, IP addresses and other rules. This helps ensure that the traffic coming into the network is an appropriate response to an outbound request.

However, most SD-WAN products were not designed with security in mind. That means organizations must implement a third-party firewall or secure web gateway to protect the WAN. Problem is, you have to purchase, administer and support an additional appliance at each branch location. This increases cost, complexity and IT operational headaches.

With InSpeed’s SD-WAN solution, the local Internet connection is protected from external attack with firewall mechanisms based upon security best practices. Stateful packet filtering is performed both at the WAN interface on the InSpeed onsite appliance and in the InSpeed Quality Service (IQS) cloud instance. InSpeed also performs network address translation (NAT) at the IQS cloud instance, and provides local port forwarding with NAT.

In addition to prioritizing Interactive application traffic, IQS ensures that enterprise security policies are enforced over every WAN connection. InSpeed also provides DNS management, DHCP server and relay functionality, and load balancing and failover across multiple WAN links. InSpeed also helps ensure strong authentication and authorization for access to IQS configurations. Operational access to production infrastructure uses public key cryptography. Complex passwords are required for InSpeed portal accounts. and multifactor authentication can be used for privileged access.

IQS protects sensitive data through end-to-end encryption of all WAN traffic. It automatically establishes a secure VPN tunnel between the onsite appliance and the IQS cloud instance, creating a private network mesh connecting all locations.

The IQS cloud instance is located in a hardened data center with the highest levels of security. The IQS platform and third-party software components are continuously monitored for vulnerabilities and updated aggressively based upon risk.

In a recent research note, Gartner recommend that organizations use cloud-based Security-as-a-Service solutions to relieve some of the complexities and management headaches associated with securing direct Internet connections in remote locations. Because InSpeed is so simple to use and cost-efficient, it can be implemented in small offices and home offices. All sites can be managed from one centralized portal.

While SD-WAN facilitates the use of lower-cost connectivity, it also exposes remote offices and workers to Internet-borne threats. Because it’s difficult to manage multiple security appliances across branch locations, SD-WAN solutions should incorporate strong security. InSpeed Quality Service provides firewall functionality, strong authentication, encryption and other security features to reduce risk without operational complexity.

SD-WAN Is Supposed to Relieve Complexity. Why Does It Have to Be So Hard?

sys admin frustrated by network complexit
sys admin frustrated by network complexit
Don’t let network complexity get you down

Reducing network complexity is one of the primary reasons why organizations implement software-defined WAN (SD-WAN) solutions. In a recent IDC study, rapid deployment, operational efficiency and reduced complexity scored high as motivational factors for organizations considering SD-WAN deployments. The ability to simplify WAN infrastructure was a top SD-WAN use case.

In theory, SD-WAN delivers on this promise. SD-WAN sits on top of multiple WAN links, using software-driven policies to automatically select the best data transport mechanism for each application. As such, SD-WAN masks the complexity of implementing and managing an aggregate WAN and frees IT from the virtually impossible task of implementing those policies manually.

But that’s only one aspect of WAN management. Most organizations are struggling with a complex array of WAN equipment, including routers, load balancers and other gear along with firewalls and other security appliances. SD-WAN becomes yet another box IT has to deal with.

Furthermore, the cost-saving benefits of SD-WAN only manifest themselves when you connect branch locations directly to the Internet as opposed to backhauling Internet traffic to headquarters via a private circuit. With direct Internet access, security becomes an even greater concern, so additional security solutions are typically needed. The branch WAN stack grows larger, and maintaining user accounts takes more time.

And when broadband Internet links enter into the mix, IT has to worry about application performance—particularly for latency-sensitive applications such as voice and video conferencing. However, troubleshooting performance problems becomes more difficult given the fragmented nature of the WAN.

Doesn’t sound so simple, does it? Plus, you’re adding a new technology (SD-WAN) that the IT team isn’t familiar with, and changing WAN management processes.

Some organizations try to sidestep these issues by going with a managed SD-WAN solution through their telecom carrier. However, this approach increases costs and makes it harder for organizations to respond to changing business and IT requirements.

With InSpeed Quality Service (IQS), you get all of the benefits of a managed service in a carrier-independent model. Designed for rapid deployment and ease of use, IQS consists of a small onsite appliance that routes WAN traffic through a secure VPN tunnel to the InSpeed cloud. The cloud service automatically shapes the traffic entering and leaving the site, giving priority to interactive traffic such as voice and video conferencing. It also manages bandwidth utilization from end to end, ensuring optimum performance for all applications.

IQS enables secure site-to-site connectivity without the need for private circuits or complicated firewalls. It also supports multiple WAN connections for business continuity, automatically switching to a backup link while maintaining Quality of Service.

Installation of the IQS appliance is plug-and-play simple, and the cloud service does all the heavy lifting without the need for complex configuration or policy management. It’s so easy you can use it in all of your sites, including the home offices of your remote workers.

SD-WAN is supposed to relieve complexity, so many organizations are wondering why it has to be so hard. It doesn’t. IQS delivers all the benefits of SD-WAN without any management headaches.