Traditional security architectures focused primarily on protecting the network perimeter. Firewalls and other devices were used to create a defensive barrier between an organization’s secure internal network and the open Internet. While perimeter security is still critical it no longer provides adequate protection. The cloud, mobile and an increasingly distributed IT environment have created a “perimeter” that is porous and ill-defined.
Security risks have also increased due to shifts in wide-area network (WAN) connectivity. In the past, organizations would connect branch offices to headquarters using dedicated private lines or multiprotocol label switching (MPLS) services. Branch locations typically did not connect directly to the Internet. Instead, Internet traffic was backhauled over the WAN through headquarters, which had more robust defenses.
MPLS is reliable and secure but also extremely expensive. In addition, it’s not well-suited to today’s network traffic patterns, which emphasize Internet services, cloud-based applications and communication tools such as voice over IP (VoIP) and video conferencing. Backhauling Internet traffic creates latency that impacts the user experience. Direct local access to the Internet provides a better user experience at a much lower cost. However, the Internet is not reliable or secure.
The need to connect branch locations directly to the Internet is one of many factors driving the adoption of software-defined WAN (SD-WAN). SD-WAN makes it possible to mix multiple data transport services, including broadband Internet, to create a hybrid WAN. The “software-defined” component is a communications overlay and policy-based automation that selects the best path for WAN traffic based upon network conditions and application requirements. This helps to overcome the inherent unreliability of the Internet, enabling organizations to reduce WAN expenses significantly by taking advantage of more cost-efficient bandwidth.
But what about security? Doesn’t a direct Internet connection amplify security risks? Yes, but the right SD-WAN can help to enhance security across the distributed IT environment. Best-in-class SD-WAN solutions use standards-based authentication and encryption to protect data traveling over the Internet.
Security is a core component of InSpeed’s SD-WAN solution. InSpeed Quality Service (IQS) is a cloud-based controller that prioritizes network traffic, manages bandwidth and ensures that business policies are enforced over any connection. The InSpeed cloud instance is located in a hardened data center with the highest levels of security.
A small on-premises network appliance is installed in-line with a site’s WAN connections, sending all traffic over a secure VPN tunnel to the InSpeed cloud. Robust, end-to-end encryption gives added security to enterprise WAN traffic.
IQS makes it easy to set up a secure, private, site-to-site network mesh using broadband Internet connections. It provides the same level of security and reliability as a carrier circuit along with the Quality of Service (QoS) features that InSpeed is known for, as well as the critical components of a firewall that protect against external attacks—all included in our standard product. In addition, InSpeed minimizes the security risks associated with remote workers connecting to the corporate network. By integrating the remote user into the corporate WAN mesh, InSpeed secures the connection from a small office/home office to headquarters without the need for complex firewall configuration and management.
Firewalls and other perimeter defenses are still key elements of a layered security approach. However, cloud connectivity and the distributed nature of today’s IT environment means that data is traversing the Internet as well as private networks. IQS helps to protect that data while ensuring a high-quality user experience.