SD-WAN addresses flexibility with transport independence, enabling connections over direct internet broadband, MPLS circuits, and LTE/5G. Multiple path types can carry traffic simultaneously so that the best path is automatically selected for optimal application experience. SD-WAN with multi-cloud connectivity has allowed the enterprises to seamlessly move data and workloads from data center to branch to the public cloud. Thus, the reach of the network is from an enterprise datacenter to large number of branches and to the public clouds.
This flexibility and scalability come at a price – how to secure your data integrity across this end-to-end network? Security needs to be embedded in SD-WAN fabric along with analytics to measure and maintain application QoE. Security has become an important design and selection criterion for SD-WAN vendors and users alike as the branch (where SD-WAN plays an important role) has become a point of concern that can potentially open an entire enterprise to the security threats from outside. In a Gartner survey (Reference: Gartner November 2018) for WAN requirements, security was the biggest WAN concern with 72% respondents placing it their topmost concern.
With the network spanning from the branch to the datacenter to the cloud, enterprises must have a single governance model that spans the entire network that provides application visibility and control. With this governance model all the security policies can be programmed in advance. Having a network that is segmented in pieces across different orchestration systems will just not be enough.
As a starting point, microsegmentation techniques can be used to protect the network resources from malicious application by creating private security zones within the network. While microsegmentation provides significant benefits in terms of reducing the attack surface by limiting lateral movement of malware inside datacenter and cloud, organizations need a comprehensive security model that is enterprise-wide: across hybrid cloud, datacenter and branch network.