Security Technology: SD-WAN
Welcome to the last week of Cyber Security Awareness month!
So far, we’ve really focused on being cyber aware in regards to current types of threats (phishing and ransomware for example) and the importance of training staff and being prepared for anything. Being “technology aware” is vitally important for today’s organizations as the threat landscape (and threat surfaces) evolve rapidly. Most organizations recognize a daunting number of best practices and security requirements, but also operate with a limited budget. Facing challenges in finding the right technology for our organization, representing long-term, cost effective solutions, requires continual learning, reviews and evaluations. With that in mind, today we want to put the focus on a security technology with key implications for today’s landscape and a discussion of how you can simplify networking and reduce your costs with SD-WAN.
Within the last couple of years, there has been an increase in requests to move away from dedicated private WAN technologies like MPLS to more flexible technologies such as SD-WAN and those that facilitate Zero-Trust architectures. Security implementation is not exclusively about denying process, blocking activities, and eliminating risk by being in the way. Security should be about empowering the business to operate as smoothly as possible, and empower users to work in the most effective manner possible.
In traditional Private WAN topologies, many remote sites are all interconnected through a Private WAN setup, like a dedicated MPLS provider or even dedicated SD-WAN hardware which is operating like MPLS funnelling all internet bound traffic to the internet through the Private WAN.
Managed Private WAN circuits are very expensive. Providers are accounting for the possibilities of outages and SLA penalties are costed into your monthly fees. You effectively pay extra for the privilege of the service provider having to provide a “rebate” in an SLA non-compliant window. Unmanaged WAN technologies like GPON and DSL have become so much more resilient and stable in the last decade. These networks that are traditionally “less stable” have greatly increased in stability with advances in technologies and the reduction of costs that come along with them. This said, the cost for the services increased. Managed network circuits still have a fantastic uptime and stability, but the delta between managed and unmanaged circuits in actual performance has dropped significantly.
With more services being consumed in a SAAS model, or IAAS model from public clouds, these services are moving even further away from office workers. Applications that were available in the local site, organizational datacenters, or even colocation facilities over private WAN links now have to cross these same boundaries, but then add additional networking distance by crossing internet links to access the required resources.
Bringing internet access closer to the consumer has become a way to reduce spending in private WAN links, simplify routing and networking, and distribute internet access through SD-WAN topologies.
The benefits of SD-WAN over private networking is that the consumer can take advantage of the increased resilience in commodity networks over managed circuits, and using the power of software bond cheaper circuits together to “add” up to the resiliency of more robust networking.
By moving traffic to unmanaged circuits, moving off of dedicated bandwidth links, and taking the power into your own hands, you can absorb the risk of outages and operate at:
- Lower costs: Since you are using unmanaged links with minimal to no SLA penalties, you aren’t paying extra “insurance” for links being down during normal operation. This lets you “self-insure” and gain additional resiliency by using multiple links with different media and ‘last–miles’ to eliminate ‘single points of failure’
- Better Application performance: Since we are now delivering true internet to remote sites, we can leverage WAN security technologies right at the remote site. This means you are not piping all of your remote site traffic through your egress points, and you can decentralize the security processing power, allowing for better performance at reduced costs, to both internally hosted applications and SAAS&IAAS public cloud services
- Better user internet experience: By bringing internet in right at the remote location, instead of through a central network ingress/egress point and connecting over a private WAN link, latency will be reduced and you will have an increase in bandwidth to serve your users
- Potentially shorter recovery periods: In the event you do have an event that affects the hard-wired network connections, you have wireless backups in place to take over during the period of time of failover. As well, you now have multiple different service providers working on getting your wired networking back in place, making it more likely that your reconnections will be quick
Secure Sense SDWAN Managed Service
If you are challenged with having the expertise and resources to run your own SD-WAN deployment, Secure Sense can help. The Secure Sense Managed SD-WAN Service allows organizations to bring their own access, giving the consumer control of what they want to spend on a per-link basis to get the best performance/dollar available. Secure Sense will glue all of the links in each of your organization’s sites together using SD-WAN technologies to effectively provide the best resiliency of all links combined. Alternatively, through our partnership with TELUS, we can bring network connectivity along with the service, still giving you full control over what connectivity and WAN links are used. Our engineering and architecture staff will guide you through what your options are for each of your sites, and you are able to broker connectivity with your ISPs directly or as a bundle with our TELUS partnership, ensuring that you are in control of all your data.
Working with Secure Sense will provide you with:
Improved connectivity and user experience: Our implementation process is designed for rapid roll-out for both cloud (SaaS and IaaS) and on-premise deployments. With a zero-touch approach we reduce the requirements for on-site technicians. Our service provides the ability to direct and prioritize network traffic, reducing latency and providing a better user experience. Organizations are able to maximize flexibility in terms of network carriers across the enterprise and strategically reduce circuit costs. Secure Sense engineers will expertly design and tune your service, maximizing the value of your investment.
Integrated Security Benefits:The Secure SD-WAN service offers comprehensive security controls such as intrusion prevention, web filtering, application control, anti-malware, advanced threat protection and integrated sandboxing. These integrated tools provide the ability to deliver a highly-scalable network and proactive security threat prevention. Our team provides continuous 24×7 monitoring along with recommendations to improve your network and security configurations.
The experience of our team: The Secure Sense Operations and Professional services teams have years of experience in deploying and supporting Fortinet technology; our engineers are certified in Fortinet’s Network Security Expert (NSE) Program. Working with Secure Sense simplifies your operations with our all-inclusive service model, provides maximum visibility to security activities, and ensures a white glove service via our dedicated Customer Success Team.
Interested in learning more about Secure SD-WAN and how it can help your organization? Join Secure Sense and TELUS at SecTor 2021 on November 3-4 at the TELUS virtual booth!
Our team is available to book private meetings or to simply have a quick chat about your security needs. Grab your tickets and we’ll see you there!
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.