Concerned about VPN vulnerabilities? Learn how you can benefit from our VPN migration offer including 60 days free service.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Products & Solutions

Make your SD-WAN deployment a secure SD-WIN!


Are you considering an SD-WAN deployment in your organization?

You are far from alone. According to research from IDG Connect and Silver Peak, 92% percent of enterprises surveyed have either deployed SD-WAN or are considering SD-WAN deployments in the next year.1 And Gartner forecasts that “By year-end 2023, more than 90% of WAN edge infrastructure refresh initiatives will be based on virtualized customer premises equipment (vCPE) platforms or software-defined WAN (SD-WAN) software/appliances versus traditional routers."2

These projections reveal that SD-WAN has proven its value and companies are eager to benefit from it. SD-WAN provides centralized, cloud-based control that enables organizations to intelligently route traffic using multiple connection types, including MPLS, 4G/LTE, and broadband. In addition, SD-WAN improves efficiency by simplifying IT operations, configurations, and management of the network, and that saves money. It improves the user experience, as well, especially for cloud applications, and that works in everyone’s favor.

You may have launched a full-court press, moving quickly ahead with your SD-WAN deployment. But if you haven’t yet factored in how your security architecture needs to change to support SD-WAN and ensure its security, you may need to call a timeout.

It is time to bench that aging infrastructure

SD-WAN offers some great benefits for organizations. But, your security architecture may be working against you. If you’re backhauling all your traffic from branch offices to centralized or regional gateways for security, you are essentially penalizing your own team, preventing them from achieving the benefits promised by SD-WAN.

As applications migrate to the cloud, the best way to connect to those apps is direct-to-cloud. Unfortunately, traditional security architectures force you to backhaul branch traffic to centralized egress points to perform security inspection before traffic goes out to the cloud and internet, then back again (a path often called hair-pinning). Backhauling introduces latency, which wrecks the user experience, not to mention the fact that you are effectively paying twice to route traffic over paths that are unnecessary. As you deploy SD-WAN for its cost benefits and great user experience, backhauling cloud-bound traffic is a losing proposition.

One of the greatest advantages of SD-WAN is its ability to reduce complexity at the branch. But, once again, security is a factor as you send traffic direct-to-cloud. Since we’ve already established that backhauling is a lose-lose, you’re now faced with a choice: the impractical deployment of a gateway security stack at every branch or a risky compromise that relies solely on a stateful firewall or UTM device in branches. Neither approach is a winner.

How can you secure SD-WAN without breaking a sweat?

As you rely on the cloud for making SD-WAN possible, doesn’t it make sense to move your security to the cloud, too? Using a cloud-based security service will enable you to globally secure every branch and deliver identical protection for all users at all locations—because it’s delivered as a service, you can put the entire security stack in every branch for every user: proxy, firewall, advanced threat protection, data loss prevention, IPS, and more.

Moving security to the cloud means that SD-WAN can deliver on its promise:

  • Faster user experience (from direct-to-cloud architecture)
  • Reduced cost and complexity (by optimizing backhaul costs and eliminating the need to buy and maintain security appliances)
  • Simplified branch IT operations (with no virtual machines or security hardware to deploy and manage)

Plus, you get:

  • Better security (via the entire security stack delivered as a cloud service; no compromises)

When making your move to the cloud, be aware that cloud security solutions are not created equal. You can’t simply take legacy appliances and repurpose them for the cloud—such an approach cannot scale. True cloud security requires a fundamentally new approach, designed and built specifically for the cloud.

Integration plays a key role as well. Your cloud security solution should seamlessly integrate with your SD-WAN partner, ideally providing one-click provisioning capabilities to enable you to secure new locations almost instantly.

As you migrate to cloud applications to realize their benefits in productivity, usability, and scalability, don’t fall back on old security game plans designed for a different era. To get the full value of cloud apps, you need local internet breakouts and secure, direct-to-internet connections, something that can be delivered by a truly secure SD-WAN solution.

Want to learn how to secure local breakouts without breaking a sweat? Download this eBook to see how to deliver SD-WAN security that keeps your users productive while providing identical protection for all users at all locations. Now that’s an SD-WIN!

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 

Jen Toscano is a senior product marketing manager at Zscaler

IDG Connect for Silver Peak, "The Shift to SD-WAN” (
Joe Skorupa, Andrew Lerner, Christian Canales, Mike Toussaint. Gartner, Magic Quadrant for WAN Edge Infrastructure, October 18, 2018.
form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.