How to change your network topology without compromising security

By ,

Eighty-five per cent of companies feel they have two years to make significant inroads on their digital transformation

This before suffering financially or falling behind. As organisations pursue the benefits of digital transformation, the pressure is on IT and operations to up their game and deliver. Securing the network is a big part of it, particularly as cloud adoption is driving architecture changes in the enterprise and increasing the attack surface exponentially.
With the convenience of connecting disparate offices and a mobile workforce to hosted services comes the challenge of locking down potential vulnerabilities. Security has to become a shared responsibility between the service provider and the business – and if the cloud service provider can’t do it, then you need to find someone who can.

Security: the number one concern on all CIO surveys

We hear that new technologies are seen to be driving an ever increasing threat landscape. In previous blogs I have talked about SD-WAN as the enabler of change, a conduit for digital transformation. Because it facilitates access to the public internet, however, implementing SD-WAN can be seen as introducing security risk. Like every aspect of this new network topology, weaknesses are not inherent in the technology, but rather a sign of poor deployment.

The business drive to become more agile means doing nothing is not an option. By 2020, IDC estimates that 80 per cent of enterprises will have implemented SD-WAN with secure or virtualised SD-WAN edge architectures.

We take the view that managed Next-Generation Firewalls (NGFW) play an important part in securing the edge. BT partners with a range of leading vendors, with NGFW technology that offers unprecedented visibility, not just by IP address but also by user. They give our customers granular policy control over applications and content while also detecting anomalies. But NGFWs are not the whole fix. 

Automated attacks get more sophisticated

Greater centralised control is also needed to stand over hybrid networks that have blurred traditional perimeters. With this in mind, we are continually developing our Managed DDoS (Distributed Denial of Service) solution. At a time of increasingly automated and sophisticated DDoS attacks, we help protect critical sites with a cloud-based detection and mitigation platform that prevents bad actors from impacting the availability of your network.

Our solutions deliver powerful, yet simple, visibility and traffic intelligence to maximise business uptime.

Partnerships put cyber-security on the right footing

We have also looked to mitigate risks around the use of SaaS (Software-as-a-Service) solutions, now the preferred option for delivering applications to remote offices. Cloud service providers will offer limited protection and can be difficult to secure these services yourself.

As part of our managed cloud security proposition, we offer a combination of end-to-end encryption and access management control. We also provide a 24/7 SIEM (Security Incident and Event Management) service, around-the-clock monitoring with detailed reporting.

Not only does our SIEM help put cyber security on a proactive footing, it gives you a comprehensive sense of your risk profile. SD-WAN plays a part here too, because centralised control policies can be easily pushed out to all devices.

The message is clear. If security has become an obstacle to change, you’re not alone and likelihood is you haven’t found the right partner. Properly implemented, SD-WAN is an enabler for digital transformation. This, in conjunction with a trusted security partnership, gives you all the benefits of agile networking while mitigating risk.

Next steps to a secure future network

Read our CISO and CIO's guide to securing networks, and contact a BT expert to hear how partnering with us can help you secure your future network.


Steve Coakley