Hughes

SD-WAN Security: Three Factors You Must Consider

Thumbnail

When a functional capability can make or break a brand’s reputation, it must not be treated as an afterthought needed only for the sake of compliance – not just as a checkbox to mark –but rather as a strategic decision optimized for competitive differentiation. 

However, with regards to network security and SD-WAN security, many brands are simply looking at checking off PCI compliance as a means to satisfy all of their security needs.

Hughes Digital Signage SolutionsWANsform Your Enterprise
Before you can transform customer experience, you must WANsform your enterprise. Learn more about how Hughes Managed SD-WAN is enabling digital transformation and achieving real results for distributed organizations.

With SD-WAN, organizations have an opportunity to tie security together across the enterprise, applying policies across LANs, cloud, data centers and other end points. In addition to centralized management of all security policies and uniform security policy application, SD-WAN delivers greater visibility across the enterprise, automation of security tasks and faster update times  for critical security deployments compared to the patchwork of network types most organizations currently have.

SD-WAN security can be handled in house, but with the variety of skills required and constant expansion of the threat landscape, many companies are choosing Managed SD-WAN providers. Managed SD-WAN providers like HughesON can provide security across the enterprise both on-prem at branches with the Secure SD-WAN gateway and centrally managed through our NOC. As the Fortinet 2018 Partner of the Year, security comes first in all our SD-WAN solutions.

But whether your business opts to manage with your in-house team or select a managed services provider, carefully consider these three critical considerations:

1. Reasonable security

2. Performance and cost optimization

3. Future roadmap

Reasonable Security: Have you made an adequate effort to protect yourself and your customers?

In the event of a breach, investigators will immediately swarm into your company to review all aspects of your network security solution.  While the technology behind the network security may be a starting point, operational process, including employee training, will also be considered. The purpose of this intense, invasive effort will determine if your brand meets the definition of “reasonable security.”  If investigators conclude that reasonable efforts have not been taken, the brand will be held responsible for the breach.  A helpful starting point for determining if your brand meets this criteria is the Center for Internet Security’s Critical Security Controls.  For reference, the state of California has legally defined “reasonable security” as meeting a minimum meeting these 20 criteria. Network security is no longer enough. Businesses need to consider the full spectrum of network management.

Performance and Cost Optimization

All security solutions are not created equal.

As you consider the many different approaches as well as technologies involved in network security, it is important to understand the tradeoffs. For example, while low-cost approaches (e.g. white list/black list policies) may not require licensing costs, they may also create operational headaches.  Also, simple security solutions may not adequately address the dynamic complexities of cloud applications. While cloud-based security solutions may simplify the remote architecture, they may also incur usage-based fees and slow application performance. Conversely, integrated on-premises security solutions may incur site-licensing fees, but they support direct access to the Internet without the usage-based fees. 

Consider the total cost of ownership of your network security strategy.  Make sure to fully account for the operational impact on your internal resources and then compare this approach against a managed services provider. In many cases, there is not only an opportunity to reduce cost but also expand the scope of protection, while increasing SLAs.

Future Roadmap: What about tomorrow?

It is not enough to implement security solutions to address today’s problems.  The network security threats to business continue to evolve.  The questions is, are you properly prepare to defend against today’s threats, andare your policies and security tools designed to adapt and protect against an ever changing and ever expanding threat environment as time goes on? 

Ensure that adequate resources have been employed to focus on dealing with future threats before they attack.  Network security is primarily a proactive undertaking. 

Summary

Network security is not a checkbox. It is an opportunity to create a competitive advantage by driving down operational cost, improving application performance, and effectively protect the business against tangible threats.  Businesses need to ensure that their network security strategy provides a reasonable amount of security, optimizes performance and cost, and is prepared for future threats.

About the Author

 
Tim Tang

Tim Tang helps distributed organizations achieve the promise of digital transformation by sharing ideas across industries and helping customers stay ahead of the ever-increasing pace of change.