Network engineer S. Smith radically redesigned his company’s outdated branch architecture. His financial company’s 3,000 branches were routing their wide area network (WAN) traffic over multi protocol label switching (MPLS). If its link went down, it used Internet connection as an emergency backup. This WAN security system was costly and ineffective.
Smith’s staff wanted to increase WAN efficiency and decrease MPLS dependence. As they explored various solutions, they decided on software-defined WAN (SD-WAN).
This new secure WAN technology lets enterprises build networks that use multiple access technologies, such as commercial Internet services. It also dynamically routes traffic across the best available access technology, depending on real-time availability, performance, and customized policies.
Smith’s company has deployed this secure WAN to all 3,000 of its branches, including a blend of MPLS, broadband, and wireless Long-Term Evolution (LTE) connectivity at each location.
How Safe Are Secure Wide Area Networks?
Some network engineers question the security of hybrid WAN architectures, which run on MPLS and process sensitive data; however, new SD-WAN platforms include security features that keep hybrid networks secure enough for widespread use. For example, Smith’s WAN traffic first goes through end-to-end encrypted tunnels and then a third party validates the platform’s security during a penetration test.
MPLS was always deemed safer, Smith notes. Companies didn’t initially use encryption over MPLS, and eventually that practice changed. The financial industry, like so many others, used end-to-end encryption. Smith points out that this protocol shift opened up doors for new transport mediums. Enter SD WAN security.
SD-WAN improves WAN performance and saves companies money because it streamlines how they deploy and manage hybrid networks. Before these platforms hit the market, a custom hybrid WAN represented a large lift for most companies, says Gartner Research Director Andrew Lerner.
Once SD-WAN made hybrid WANs more easily achievable, it effectively raised the issue of how companies should best address security across their networks. SD-WAN vendors answered, developing security features via on-site appliances or cloud-based security. They also outsourced many cloud-based security operations to third-party vendors like Websense and Zscaler. Lerner says, unless you’re transmitting top-secret documents or huge amounts of money, this approach should keep your data secure.