Securing a Software Defined Wide Area Network (SD-WAN) requires a team of security and network expertsBy Mike Pannell,
Most of us with a competitive edge can recall a DNF, or ‘did not finish’, and the reasons it happened. I cannot begin to recall all the successful events, but the 2 DNF’s are etched into my mind. As a dedicated fan of mountain marathons which combine fell running with aspects of orienteering, I often think about the reasons why we fail in sport and the similarities to unsuccessful business projects.
In team sport such as racing, failure is broadly grouped under 3 root causes:
- bad luck,
- poor preparation,
- inability to adapt to changing circumstances.
Luck is important in sport just as it is in business, but sufficient planning and skills in your team will help you seize the opportunity and react to events.
In sport, I failed to complete an event because a river crossing was not viable due to flood water. The rain was expected, but we failed to anticipate the rising river levels and I didn’t have a rope or another route choice at that stage. Preparation helps minimise any risk and a team of people with complementary skills and trust in each other will help get across the river.
It’s important to take a while to plan your project. In business, just like in mountain marathons, you won’t necessarily have a complete map of your journey, so you shouldn’t start straight away and must prepare yourself for different scenarios. Conversely avoid over-planning; there will always be situations you cannot predict and you will have to react to changing circumstances.
Business requirements can also change, so if your network design or security solution cannot react then there is a fundamental problem.
A traditional WAN provides connectivity, security and reliability, but often doesn’t react quickly to changing business demands. Adding locations, altering bandwidth or creating another VPN takes a while to complete. These are some of the reasons that could cause you to consider a SD-WAN solution.
Presenting recently on future innovations in software defined networking, I realised there are issues with current adoption models. SD-WAN solutions generally provide agility, clarity of cost and network intelligence to your business. Typically the products include basic security foundations, encryption of traffic across Internet circuits, and integration with content security.
However, SD-WAN security is an area that requires proper preparation. For example, the control and management of encryption keys needs consideration especially around integration with existing systems. Don’t ignore controls on local Internet breakout and how you can deliver a heterogeneous view of the security landscape.
This coupling of security with network function within the SD-WAN product introduces some business challenges. In many organisations, security and network are managed by different teams. The network crew don’t understand security and vice-versa. Furthermore, the security functions provided by your SD-WAN might not be compatible with your other security solutions.
Building a single team of network and security people would seem the logical solution to this problem. A successful team is built from complementary skills and trust has to be at the core. An effective business unit is not fundamentally different from a great sports team.
An SD-WAN supports this agenda, but technology alone cannot fix business processes. A strong team that’s mutually supportive and reactive to change is needed.
If you use a managed network provider to build your SD-WAN, you’ll still gain all the benefits of agility and cost, but many of the potential pitfalls will be taken care of. You would still want your security people to work with the network deployment. Whether you build a great team, or work with an experienced service provider; seamless security always takes planning!
We cover the lack of security control in the cloud, regulatory/compliance issues, and lack of cloud usage visibility in our ‘Dispelling the myth: future networks’ whitepaper.