Segmentation has been one of the most widely used features of SD-WAN deployment. There are several reasons for this, with security being at the top. Ever since the infamous security breach at Target, IT teams have frantically rushed to isolate and protect sections of their enterprise infrastructure, especially those touching business partners. It is accepted that breaches can happen despite the best mitigation strategies, but it is more deterministic to contain a breach within a portion of the infrastructure by utilizing network segmentation. For example, a vulnerable guest mobile device might infect the guest wireless network, but this can be reliably isolated from the PoS systems (retail) or EMR/EHR systems (healthcare).
Still, segmentation is not a new concept. In fact, it has been much talked about and popular across all sections of enterprise infrastructure. Branch offices have typically utilized VLANs. However, the problem has always been that segmentation existed at end-points of the network, and the isolation capabilities are lost in the WAN. Segmentation in the WAN has been far too difficult to achieve because of complexity in networking technology. It is no surprise that many experts estimate that no more than a handful of global enterprises have achieved it today (but they warn it is not for the faint-hearted).
SD-WAN, however, has changed this dynamic. The overlay architecture combined with simplified configuration and management enables enterprises to easily enable multiple segments across the WAN. Plus, the single overlay ensures that any segmentation is pervasive across all kinds of underlay links.
In addition to security for guest wireless, one important use-case for segmentation is to build virtual boundaries across different business units or business partners. Banking and manufacturing companies are leading examples here. SD-WAN deployments at banks have ensured that there is a separation among retail banking, mortgage banking, ATM machines, wealth management and external partners. Similarly, manufacturing companies need to isolate their IoT sensors and also provide IT access to customers that need to track progress of their outsourced manufacturing. In each case, protecting sensitive data.
Holding companies that want to centralize IT teams utilize segmentation to provide separate WAN connectivity to the subsidiary companies. This not only saves on multiple private circuits that were in use, but also provides a central point of manageability as well as visibility into resource utilization and application performance across all holding companies.
One added benefit is that SDWAN segments are automatically honored on public cloud infrastructure. The SDWAN overlay fabric extends to Amazon or AWS and maps to the segmentation scheme on the respective hybrid clouds (VPC or VNet).
This week’s webinar will cover real SDWAN deployments across multiple industries, in which I will explain the major business problems addressed by the technology. Segmentation will be a major theme, but there will be a lot more.