SD-WAN and Cloud SecurityMay 6, 2018
Cloud computing has been an integral part of the modern enterprise for some time. No longer an emerging technology, cloud computing is now used in everything from applications, storage, and networking. With vendors like Amazon AWS and applications like Office 365, the cloud computing market is projected to reach $411B by 2020. Gartner predicts that by 2021, 28% of all IT spending will be for cloud services.
Companies needing to connect their users to the services in the cloud, who have been using a wide-area network (WAN) with MPLS for security, are seeing the benefits of using a software-defined wide-area network (SD-WAN) for connectivity. SD-WAN is used to connect enterprise networks over large geographic distances more efficiently across any available data transport, such as MPLS, LTE, or broadband. Gartner predicts that by the end of 2019, 30% of enterprises will have deployed SD-WAN in their branch locations.
Cloud Security Issues
Moving to the cloud introduces some complexity and concerns around performance, security management, simplicity, and costs.
Traditionally, enterprises configure their WAN in a classic hub-and-spoke topology, where users in sites access resources in headquarters or a datacenter. Bandwidth-intensive traffic, bound for the Internet and cloud, are backhauled across the MPLS WAN. However, using MPLS bandwidth to backhaul Internet data to a secure location is expensive and affects performance.
Other solutions like building regional hubs are still costly and complex. The concept of a regional hub is that branches are organized into logical regional groups that connect back to a hub located within a reasonable distance that makes sense for that group of locations. Delivering DIA locally will require the deployment of IPS, malware protection, next-generation firewall (NGFW) and other advanced security services at each site or, in the regional hubs, increasing costs and complexity. DIA at multiple remote sites bypasses data center security services, weakening an organization’s information security posture. The lack of SLAs for broadband Internet and limited MPLS capacity results in unpredictable performance slowdowns.
Adding cloud services to an enterprise network introduces new decisions to be made regarding firewalls and other threat management devices. Cloud providers package basic firewall capabilities with their services, but are insufficient for most enterprises and usually aren’t long terms solutions. Oftentimes the firewall solution for the cloud is not the same for the WAN, which means managing various vendors or models with decentralized security policies. Cloud services can be provisioned on-demand, requiring that the enterprise firewalls and Unified Threat Management (UTM) solutions be elastic to meet the needs and resources of the company at any given time.
Cloud Security Solutions
An effective solution to securing cloud services while also improving performance and security across the WAN is a cloud-based SD-WAN solution. A cloud-based SD-WAN offers more than just an SD-WAN by:
- Connecting businesses to a global network, secured by enterprise-grade security services, enforcing a unified policy and managed via a cloud-based management application.
- Eliminating the need to manage multiple different security products and devices by providing a centrally managed security solution that provides visibility across the entire WAN.
Using the cloud-based SD-WAN solution from Cato provides significantly richer security than the basic firewall capabilities cloud providers bundle with their offerings. Features such as NGFW, advanced threat protection with Cato IPS, and network forensics are converged together into a unified security platform for protecting locations connect to the WAN and mobile users, not just the cloud. Performance latency issues caused by backhauling traffic is eliminated with Cato’s SD-WAN as a service. The Cato Cloud connects all resources including data centers, branches, mobile users and cloud infrastructure into a simple, secure, and unified global network. Eliminate costly connectivity services, complex point solution deployments, capacity constraints, maintenance overhead, and limited visibility and control.
Cato has also built a full network security stack directly into its global network. This architecture extends enterprise-grade network security protection for every business user and location without requiring edge security appliances. Inspection and enforcement are applied to both WAN and Internet-bound traffic as well as TLS encrypted traffic.
Cato engineers update the cloud-based software to address emerging threats and scale the cloud infrastructure to support any traffic volume. It also offers the capability to immediately scale bandwidth up or down, ensuring that critical applications receive the bandwidth they need when they need it. Customers no longer need to patch sprawling appliances software or upgrade dated and underpowered hardware. Security policies can be applied to corporate-wide or specific users and locations, securing access to both on-premise applications, cloud data centers, and public cloud applications.
Rohit Mehra, Vice President of Network Infrastructure at IDC, sums it up by saying, “By its very nature, SD-WAN optimizes connectivity and increases network visibility. Its dynamic capabilities allow network managers to respond to threats as they happen more rapidly. And SD-WAN offers micro-segmentation, through which companies can further protect traffic with user-defined policies that dictate how an application is delivered and isolate infected machines if a breach occurs.”