Is your company one of the thousands considering SD-WAN as part of its digital transformation?
As companies across every industry move more of their vital infrastructure to the cloud, they recognize the need to restructure their wide-area networks to optimize their cloud capabilities. As a result, many companies are now using software-defined wide-area networks (SD-WANs). But to be as effective as possible, SD-WAN requires a new security architecture.
That’s because SD-WAN operates differently than legacy architectures, which have largely relied on MPLS connections. During the past few decades, companies used a hub-and-spoke architecture to connect their applications internally. All traffic was routed to these centralized data centers and applications, then secured before egressing to the internet. This approach worked when bandwidth requirements were low and links were relatively few, but it doesn’t work in today’s cloud-based environment.
Changes to an MPLS network can take months instead of minutes, and the complexity of managing devices in the data center and at remote sites can be overwhelming. Additionally, using MPLS in a cloud environment is extremely costly, as everything has to be rerouted back to a central location for security purposes. This also leads to latency, which frustrates users. Backhauling connections in this way results in massive performance problems.
The traditional “castle-and-moat” security approach of legacy infrastructures simply doesn’t work for the cloud. While it made sense to centralize data centers and then protect your critical apps, the inflexibility of that type of security approach is anachronistic and ineffective for the cloud. It was based upon the premise that all applications reside in the data center, and increasingly, this is no longer the case.
More importantly, the castle-and-moat approach to security leaves companies vulnerable. For example, if a hacker or other nefarious actors access the data center through, let’s say, a spear-phishing attack, they now have access to all of your apps and data that reside there.
SD-WAN offers a better alternative in terms of performance and cost. SD-WAN is designed for a cloud-based world, which is vital to maintain flexibility and agility in today’s business environment. The 2019 Technology Spending Report Survey conducted by ESG found that 76 percent of companies are using a cloud infrastructure or a platform as a service, as well as using a multicloud environment. As more companies recognize the need to engage in digital transformation to remain competitive, using only traditional, legacy infrastructure, security, and MPLS connections will hamper their ability to truly evolve.
According to the survey, only 39 percent of all respondents are adopting a cloud-first strategy. However, companies with mature digital transformation initiatives are adopting these strategies at a much higher rate (64 percent). Companies with more mature initiatives recognize the need to invest in cloud services to enable transformation and deliver better digital experiences to their organizations.
Using only MPLS for these architectures won’t allow companies to keep up. Customers and employees can’t be limited by the performance issues inherent in using MPLS in a cloud-based world.
With SD-WAN, companies can leverage less costly, more easily accessible broadband connections for SaaS and internet-bound traffic, or use a combination of MPLS and broadband connections to manage and route traffic over their networks. This offers a great deal of flexibility. Companies can connect more directly to the cloud while achieving better performance. Additionally, prioritized apps can be routed to the connections that are offering peak bandwidth and performance at any given moment, offering a highly responsive customer experience.
However, SD-WAN alone does not provide enterprise-grade security.
To fully harness the power of SD-WAN, companies need a security infrastructure that provides the same sort of flexibility as SD-WAN itself without compromising on security requirements. Just installing a firewall or virtualizing a firewall in the cloud is essentially copying legacy security into this new environment, which won’t offer companies the protection they need. That’s why companies must adopt cloud security architectures.
By adopting cloud security, companies can dramatically simplify their costs and reduce security complexity. Cloud security eliminates the need for physical appliances and their vulnerabilities, which include exposure if patches are not kept up to date.
Zscaler offers cloud-based security that protects companies from threats and enables them to enjoy the full benefits of their SD-WAN deployment, which includes increased business agility, reduced costs, and a fast user experience. With Zscaler, enterprises achieve all of this with the confidence that their traffic is secure, receiving all the capabilities of the traditional data center security stack and more via a cloud-based service designed for today’s computing landscape.
With Zscaler, configuration can be done centrally and instantly deployed to all locations. Zscaler also inspects encrypted traffic at scale, which is vital in today’s environment. And because Zscaler is deployed via the cloud, updates are constant and ongoing, on a minute-to-minute basis, which ensures optimal security and reduces risks from delays in updating on-premises or virtualized appliances.
Adopting SD-WAN in tandem with a cloud security solution, such as that offered by Zscaler, allows companies to achieve better security and performance at a far lower price than using MPLS and backhauling through data centers.
SD-WAN is an important paradigm shift, and it requires a modern approach to security. To learn more, watch our webinar, “SD-WAN: Why Traditional Security Doesn't Cut It.”
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jen Toscano is a Sr. Product Marketing Manager at Zscaler