Software-Defined Security With SD-WAN

New technologies that leverage social media, analytics, mobility and cloud are changing the way organizations operate, deliver services, and interact with customers and supply chains. At the same time, organizations are becoming more geographically distributed, and branch offices are playing an increasingly important role in providing business value. These changes have overloaded already strained legacy infrastructure, which was never architected for such a dynamic business environment.

It is no wonder that organizations are embracing software-defined wide-area network (SD-WAN), which abstracts the various connectivity options, such as multiprotocol label switching (MPLS), mobile and broadband, to provide a virtualized enterprise WAN. SD-WAN does not suffer from the lack of flexibility, scalability and programmability of traditional WANs. According to IDC, by 2021, the total SD-WAN market will reach $8.05 billion, representing a five-year compound annual growth rate of 69.6 percent.

The Benefits of Moving to SD-WAN

There are numerous benefits of adopting SD-WAN, including but not limited to:

  • Applications and workloads are matched to the best connectivity methods to provide both lower costs and enhanced performance;
  • The ability to scale network bandwidth on demand;
  • An opportunity for microsegmentation of traffic across private and public clouds; and
  • Provision of a centralized control plane to enable visibility and policy management through a single pane of glass.

I have already discussed the fact that “while the shift to SD-WAN makes business sense, organizations want to ensure that such a move will not increase the attack surface of their network or expose it to new vulnerabilities as it connects to cloud providers and uses newer types of endpoints,” in an earlier blog post. This is because cyberthreats are showing no signs of abating. Without appropriate software-defined security, organizations are vulnerable to attacks that can their damage their reputation, adversely affect their relationship with customers and impact revenue streams.

Using the Principle of Least Privilege

Enter the principle of least privilege. IBM believes that organizations should stop trusting applications, users, networking devices or networks by default, and instead implement a regime of continuous verification. In other words, authenticate first and provide network security access second. SD-WAN technologies enable least privilege security by intelligently segmenting, encrypting and directing connections via an edge device with software-defined security modules that sit at the edge of a network.

Secure SD-WAN uses this approach to alleviate security issues. It is designed to work with existing network infrastructure to improve network security, reduce network connectivity costs, optimize network and application performance, and accelerate hybrid cloud adoption. The IBM Security Hub, available through IBM Managed Security Services, helps reduce WAN circuit costs by optimizing the routing of network traffic through SD-WAN.

Learn More

Christina Richmond, program director for IDC’s Security Services, recommended steps for an organization moving through milestones toward seamless SD-WAN implementation and operation in a white paper, “Software-Defined Security with SD-WAN.” Read this white paper, sponsored by IBM, to understand how SD-WAN can help improve overall network security by following an approach based on the principle of least privilege.

Read the paper: Software-Defined Security with SD-WAN

Contributor'photo

Rahul Agarwal

Portfolio Marketing Manager, IBM

Rahul Agarwal is a Portfolio Marketing Manager for Security Services on the IBM Security Marketing team. Rahul has over...