Interestingly, an extensive worldwide SD-WAN survey by IDC found that “consistent security” is the top motivator identified by organizations considering SD-WAN adoption. “Price” and “reduced complexity” came in second and third, respectively. While SD-WAN is touted for its ability to create a more cost-efficient WAN infrastructure, the technology also enables organizations to evolve their security strategy to address the realities of WAN access today.
MPLS is expensive, but organizations have stuck with it, in part, because it’s secure. A properly configured MPLS connection creates a “virtual circuit” that’s not visible to third parties or the Internet. Virtual private networks (VPNs) can also be used to further secure site-to-site connections. In addition, service providers employ a variety of techniques to harden their routers and the customer’s premises equipment.
Greater Organizational Risks on the Open Internet
The Internet, by contrast, is the Wild West. Organizations that use broadband Internet links to connect branch locations run a far greater risk of a security breach.
That is, unless you encrypt the connection. SD-WAN makes it easier to set up a dynamic multipoint VPN using IP-Security (IP-Sec), creating an end-to-end encrypted tunnel over broadband between branch locations and headquarters. Once traffic is encrypted the underlying transport mechanism becomes less relevant. In fact, given that the network perimeter has become porous, every connection should be treated as untrusted and all traffic encrypted to protect sensitive data. SD-WAN facilitates that.