Benefits of cloud-based SD-WAN for enterprise security


Software-defined wide area networking (SD-WAN) is the most flexible solution for those organizations that are looking for a way to decrease the strain on their wide area network (WAN) architecture and, according to the latest post by Velocloud’s Steve Woo, there are five ways that cloud-delivered SD-WAN can improve enterprise security.

According to a blog post over at site, written by Steve Woo, Co-Founder and Sr. Director of Products at VeloCloud (now part of VMware), there are five key security features of cloud-delivered SD-WAN, which include secure connectivity, traffic segmentation, security service insertion and chaining, secure deployment, and visibility and compliance.

What makes the SD-WAN special is the fact that it is a logical overlay network which runs on top of an existing infrastructure and can use any form of transport, including MPLS, broadband, and LTE as well as multiple carriers or service providers. The overlay is set between any two SD-WAN nodes, called edges, deployed at branches and enterprise data centers, while the cloud-delivered version extends that same overlay to any cloud Point-of-Presence (PoP) or cloud data center.

According to IDC’s Worldwide SD-WAN Forecast, 2017–2021, SD-WAN sales should grove with a 69 percent annual growth rate, hitting US $8.05 billion in 2021.

More importantly, Chief Information Security Officers (CISOs) are quite fond of advanced forms of SD-WAN, like the cloud-delivered SD-WAN, which can support a wide range of security capabilities, as well as unifies secure connectivity over all form of transport.

As noted, Woo lists a total of five key security features of cloud-delivered SD-WAN starting with secure connectivity, which includes end-to-end encryption across any network type, including the Internet, allowing administrators to set a secure communication between branches and data centers and communication direct to the cloud via gateways. It is also worth to note that any component of the system is also completely and securely authenticated.

The second feature is the segmentation, which is usually a key part of any security strategy by implementing segmentation of applications, user groups, and lines of business. It is possible to set simple definition of segments across all enterprise locations or advanced segmentation with different topologies, which is still more simple than a device-by-device configuration by using virtual LANs and allocated subnets with firewall rules.

The secure service insertion points to the easy support of the insertion of security distributed throughout the network, allowing administrators to implement set or upgrade security without the need to redirect traffic and with cloud-based web security, it can be applied directly to the cloud destinations via cloud gateways.

The fourth security feature is the secure deployment, which is much simpler than a traditional WAN deployment which usually required an IT visit to the branch. This means that administrators can send a non-configured edge device to a branch and sent to the device with authentication of a unique activation key, both raising the security and the cost is significantly lowered.

The final feature is the visibility and compliance, giving IT security administrators an insight into detailed look by combining application recognition with analytics, monitoring, and metrics that an orchestrator and controller can collect from each of the edge and gateway devices.

Security has always been a priority of any network, especially enterprise networking, and with the move to the cloud, there has been a significant question of a security of such network. With a flexible cloud-delivered SD-WAN solution, it is possible to provide a more secure architecture compared even to a traditional WAN.


Previous articleFortinet integrates BGP Flowspec into FortiDDoS
Next articleWhitepaper: If you think compliance is expensive, try violations
Slobodan Simic is foremost an IT enthusiast who discovered his knack for writing, which lead to becoming both an IT journalist and later an Editor for a number of publications. He has been covering anything from the consumer- and professional-oriented hardware to software markets and networks. With a focus on chasing down leads, making sure that fresh content is ready for publishing, as well as keeping up with the evergrowing and evolving IT world, writing has become more of his passion rather than just a job.