One of the hottest enterprise networking services is SD-WAN. In its first iteration, it was adopted by many enterprises for branch connectivity, especially where IP-MPLS leased line services were scarce or too expensive. It continued to evolve as enterprises embraced the cloud and SaaS. SD-WAN is increasingly used to connect public and hybrid cloud services to the enterprise network and support multi-edge computing and mobility. A crucial impact of SD-WAN is the changing needs for security in this more distributed, open relationship between the LAN, WAN, and cloud.

 

Traditionally, branch offices connected to the open Internet and public clouds by passing through the enterprise network to one or more centralized, controlled Internet access points. Trying to protect every branch office, each with its own vulnerabilities, consistently, is complicated and expensive. With SD-WAN, public cloud, and SaaS, there’s a growing need for branches to directly "break out” to the Internet to access business applications.

 

As it turns out, distributing the centralized, one-gate, one-drawbridge approach to security is relatively straightforward in an SDN. SD-WAN can distribute central security functions to any endpoint with relative ease using policies. Just as early-day SD-WAN virtualized the branch connection over any kind of transport, the next-generation can use that same platform to implement virtualized network functions (VNFs), such as firewalls and NACs, with greater awareness of local user behavior.

Hide Comments | Add Comment