Software Defined Networking (SDN) is increasingly dominating communications strategies as companies embrace the functionality and cost saving benefits offered by the blended or disaggregated network. But, there is growing awareness of security flaws within SD-WAN service models that threaten to compromise essential adoption.

Dependency on security as an add-on is the biggest vulnerability and in the new world of connectivity, organizations need to protect data regardless of status location network. Consistency of approach covering service provision and security / protection of data in transit as data traverses the networks needs to be considered at the forefront of network design.

Agility versus security

The battle between achieving business agility and ensuring data in transit security has never been more challenging. Operationally driven moves away from MPLS networking technology towards SDN, most notably for Wide Area Networks (WAN), could be creating security risks, or restrictions on the technology that can be deployed.

Today, SD-WANs are offering an alternative to legacy WANs, offering agility, simplicity and the potential to lower costs. The model not only opens up the opportunity to embrace blended communications infrastructures in order to deliver the most efficient and low-cost solution for the distributed business, but the central management model transforms the excessive management overhead associated with complex legacy WAN infrastructure. The result of using an SD-WAN is reduced network costs of 30% to 50%, but only if it’s the same vendor end to end solution.

Securing new connections

The question is, given that one of the most compelling reasons for embracing SD-WANs is the flexibility with which new infrastructure can be connected to support business change, how can an organization ensure each new connection is also secure?

With organizations increasingly deploying application level encryption, there are also questions regarding performance and throughput. Encryption on encryption is a huge issue affecting both legacy and SD-WANs – with many SD-WAN deployments constrained not by the network bandwidth but the encryption overhead.

Even more concerning is the fact that should an IT team wish to investigate an application or data source, these encryption solutions typically need to be turned off – leaving the organization wide open to attack from waiting hackers.

Network disaggregation

The only way to maximize the commercial benefits of SD-WANs and achieve essential security that reflects the emerging threat vectors is to embrace a security overlay model.

In addition to meeting the network disaggregation goals of many organizations, a network agnostic encryption solution can also reinforce the centralized management benefits of SD-WANs by providing centralized orchestration. This not only demonstrates how the network is being secured but also provides that essential insight into network activity and its security performance. And, should an application need to be investigated, there is no need to switch off all security protocols – ensuring the company is safeguarded at all times.

By extending trust across the WAN and putting the CISO back in control of the organization’s security, our Layer 4 stealth encryption facilitates business agility in today’s digital world, whilst enabling and maintaining regulatory compliance.