As organisations move workloads, infrastructure, data, and applications to the cloud, they gain flexibility and agility—particularly as employees have access to applications from anywhere. While organisations benefit from this flexibility, they must examine their approaches network architecture and IT security. The software-defined wide area network (SD-WAN) may offer the best way to accelerate cloud adoption by enabling local internet breakouts; however, it also requires companies to rethink their security strategy.
Backhauling traffic is no longer a good strategy
In the past, the full chain of communication took place within the company network. Data was stored in a central location on a few servers; placing security appliances on the perimeter was deemed sufficient. Today, the picture has completely changed. In an IT world shaped by the cloud and mobile workers, the internet has become the network where business takes place. Office 365 is driving the growth of internet-bound traffic; the flood of data from users through the security infrastructure and out to the internet—then back to the user—drives traffic volume through the roof.
Decentralised architectures, with mobile employees and cloud-based applications, can present real headaches for IT departments. Traditional backhauling of traffic is expensive and results in poor user experience. But the alternative solution—placing security hardware in each local branch—would send costs spiraling out of control.
Ideally, a modern infrastructure should address these challenges:
SD-WAN offers less administration, faster access
One solution for the challenges above is the SD-WAN, which simplifies the way traffic is routed in branches and makes it easy to establish local internet breakouts. That means a quick rollout and less administrative time and effort. An SD-WAN can determine the destination of data traffic and how it’s prioritised. A variety of providers, such as Silver Peak, VeloCloud, and CloudGenix offer SD-WAN solutions.
The implementation of local internet breakouts is at the heart of SD-WAN. One benefit is rapid access to cloud data from every location; another is containing costs for MPLS traffic. However, there’s one aspect of local breakouts that SD-WAN doesn’t account for: the security of data flow toward the internet. Local internet breakouts must be accompanied by security for each location.
SD-WAN enables organisations to reduce MPLS costs and shrink their branch hardware footprint—so they don’t want to incur new hardware and administrative overhead at each location to deploy and manage security appliances. A new approach to securing local branches is needed.
Security for local internet breakouts
A solution to the security dilemma: a cloud-based firewall approach that makes proxy functionality and the entire security stack, including sandboxing, IPS, and DLP, available at every location. This ensures the security of local Internet breakouts without adding to admin workload. Cloud-delivered internet security and access controls—security as a service—replace security hardware, so organisations no longer need to buy, maintain, and upgrade appliances. Subsidiaries and branches can be secured simply by routing traffic through the cloud security platform. Updates take place in the cloud; security infrastructure is perpetually up to date in all locations.
A combined solution that delivers secure SD-WAN will quickly pay dividends through dramatically reduced MPLS costs and for the flexibility such a solution brings to IT and for users. Employees quickly access the applications they need, and costs remain manageable. It’s a big step toward making digital transformation a reality—offering fast access without compromising security.
Learn more about Zscaler for SD-WAN.
- - - - - - - - - - - - - - - - - - - - - - -
Mathias Wilder is Regional Vice President and General Manager, Zscaler Central EMEA