Don’t look into SD-WAN (until you’ve understood three things) Part TwoBy Steve Coakley,
Here’s the second part of my chat with Adrian Comley, general manager for our Dynamic Network Services about the future of corporate networks.
When ‘old dogs’ teach us new tricks
Jogging past an old people’s home I was struck by the sign. Not literally - but by the message that read: ‘The gate may be closed but our door is always open. Please ring the bell.’ It made me think about our approaches to identity and access management related to SDWAN. This simple message describes how we want our future networks to operate. We need users and devices to be identified by our SD-WAN and to be able to rely on identity-based access control.
Back to the interview…
[Steve] Adrian we discussed that networks need to become more resilient and dynamic to support the speed that business is changing. What challenges does that pose for security?
[Adrian] for security this means an entirely new approach to the safeguards and defences is required to guarantee the security of our network infrastructure and the data within it. We need to be aware of any disconnect between an SD-WAN overlay and the network underlay. And it’s here that we find our first security concern. But securing your SD-WAN isn’t just about the network.
Securing your SD-WAN isn’t just about the network
Our colleagues in BT Security recommend that we take these five steps:
1. Secure the network: start from a position of zero-trust of the internet and build from there
2. Secure the data: encrypt data in all formats and authenticate devices, users and apps
3. Secure the identity: you have heard it said that ‘identity is the new perimeter’ – just like the policy of the old people’s home this means verifying the identity of a user and adding context to access requests are vital in today's digital world)
4. Secure the device: we need to understand how a device is built and its context i.e. via corporate Wi-Fi or from a coffee shop
5. Automate and orchestrate: policy-based orchestration allows updates on how the network handles new threats quickly and simply
So, having taken these steps you’ll then want to get specific in relation to your SD-WAN. Cyber criminals thrive on gaps in a system, a poor connection between overlay and underlay can create holes in your defences and make your organisation susceptible to attack. I would advise IT leaders to get security-specific with their SD-WAN.
Minding the gaps
[Steve] So, what are the main issues our readers should focus on when securing an SD-WAN?
[Adrian] The three security issues with SD-WAN are:
1. It forces a rethink on some security controls, and combined with the cloud this means that the old data-centre focused layers are no longer in place.
2. Increases in the potential number of points-of-entry into the network and expands the attack surface.
3. As SD-WAN capability becomes more flexible, security needs to be aligned to that flexibility while understanding the potential attack opportunities when interacting with valid transactions.
Network & Security teams must work together
By adding the extra dimension of a moving SD-WAN environment, your cyber-security analysts are going to be even more challenged to understand the complexity while providing the same assurance to the business. And that scale and depth of analyst and supporting capabilities are key to making sure we close the security gaps in future networks.
As an industry leader in security and global networking we would like to help you. Click here and a specialist will call you back to discuss your business needs.