The acronym SD-WAN (Software-Defined Wide Area Network), first introduced in 2014, refers to a technology that enables companies to improve the quality of their infrastructure speeds. But this technology has also – and more importantly – gained traction by adding complementary services, such as cybersecurity, or monitoring for such infrastructure. We review the emergence of Trusted SD-WAN.
What’s the genesis of the term “SD-WAN”? And what is a trusted SD-WAN? This article offers a short history of SD-WAN and network management.
Origins of SD-WAN
Let’s start with a short history of SD-WAN and its evolution. In the very early 2000s, Internet access needs basically boiled down to the web and email services. The largest companies hosted their mail servers within their own infrastructure, while the smaller companies relied on dedicated services. At that time, intersite links such as Wide Area Networks ( WANs) relied on MPLS (Multi-Protocol Label Switching) connections. Although this protocol offered good quality of service, configuring and deploying MPLS links remained a tedious process. The other disadvantage was of a contractual nature. Because of its network core topology, the client company remained entirely dependent on its carrier, whose services could become very expensive. Widespread internet access for businesses would prove to be a game-changer. Such faster, higher-quality and (most importantly) cheaper internet access were to become the standard in corporate life.
But this type of internet access created new requirements, such as VPNs for confidential data exchange, link sharing for continuity of service and increased throughput, and QoS to prioritise the most important data flows. “It was software features such as these, making it possible to create WAN networks “on top of” the Internet, that led to the definition of SD-WAN: and thus the Software-Defined Wide Area Network was born,” says Julien Paffumi, Portfolio Product Manager at Stormshield.
Companies then stepped up the pace and began to rely on the Internet for their activities and businesses, through the use of videoconferencing services or even the first cases of “Software-as-a-Service”, thus making quality of Internet access service a central issue. As a result, SD-WAN technology emerged as a flexible alternative that could satisfy changing corporate connectivity requirements. But it was not until 2014 that SD-WAN officially earned its place as a new category of WAN technology. “In addition to WAN link management, SD-WAN technology is expected to ensure good quality of service,” Paffumi says. SD-WAN is flexible to implement because it is agnostic in terms of internet service providers. Above all, it is able to prioritise outgoing data flows to the Internet.
Quality and availability are two SD-WAN promises, but what about data security? The year 2016 saw cybersecurity publishers throwing their hats into the ring with a simple promise: access to both network security and SD-WAN functions.
SD-WAN basic principles
The features it offers deliver many business benefits. Firstly, through the use of intelligent routers employing standard internet connections (ADSL, broadband Internet, 5G), traffic management algorithms offer improved quality of service (QoS). Next, using load balancing or application recognition, SD-WAN technology improves overall network performance. At the same time, SD-WAN facilitates network monitoring and control. Finally, through the adoption of cheaper Internet connections and a multi-operator approach, companies are making themselves more resilient. This list is non-exhaustive.
The marketplace is broadly divided into two types of SD-WAN offerings. The most widespread is an SD-WAN offering in the form of a box that can be easily installed at any Internet connection endpoint. A second offering, defined as “SD-WAN-as-a-Service”, takes the form of a virtualised SD-WAN hosted in the cloud. This approach enables the creation of a virtual private network that is accessible from anywhere in the world, on which it is possible to find all the SaaS applications critical for the company’s business (CRM, accounting, collaborative environment, etc.).
But such connectivity to third-party applications raises the question of the attack surface and security of the overall infrastructure. This is because these new web / SaaS practices lead to an increase in risks (intrusions and sensitive communications monitoring) and the need to implement additional security layers within the SD-WAN architecture.
SD-WAN security challenges
According to Gartner, 80% of SD-WAN deployments will take account of security service requirements in coming years. After all, the critical nature of WAN communications that are central to all exchanges within an organisation requires a layer of security and trust to ensure data confidentiality. For the network and intersite exchanges, as well as employees’ computers and their direct access to the Internet, the consolidation of SD-WAN and cybersecurity features in a single box provides a guarantee of more efficient protection of your business.
Subscribing to an SD-WAN offering implies that your data is transiting via a third party. This raises the question of the level of trust to be assigned to that third party.
Julien Paffumi, Portfolio Product Manager at Stormshield.
For this reason, the SD-WAN offering needs to deliver robust, end-to-end encryption. “But subscribing to such an SD-WAN offering implies that your data is transiting via a third party,” says Paffumi. This raises the question of the level of trust to be assigned to that third party.” Therefore, a legitimate question arises: Are there SD-WAN architectures that are certified and/or certified by an independent certification body? Unsurprisingly, the answer is “no”: at present, there are no vendor-independent SD-WAN certifications or qualifications that promote this technological approach. Therefore, it is important to have concrete evidence to enable us to objectively judge the chosen SD-WAN solution. When selecting a publisher from among several hardware and software solutions, we must examine factors such as product robustness, and trust in terms of geopolitical and economic issues. The concept of robustness is defined by ANSSI as an assessment of products that “consists of testing their ability to resist computer attacks according to a defined employment context and threat level”. The concept of trust is clearly apparent in the product strategies of the various publishers. Performance, cost, security, trust: the four considerations that should guide your choice for a Trusted SD-WAN offer.
Now integrated with solutions such as the Cloud Access Security Broker (CASB), secure web gateways (SWG) and next-generation firewalls (NGFW), SD-WAN forms the network base of the Secure Access Service Edge (SASE) security infrastructure. SASE securely connects users, systems and endpoints (workstation, telephone) to remote networks and applications, regardless of location. Another security model worth following.
