Security Experts:

SD-WAN: Disruptive Technology That Requires Careful Security Consideration

A recent survey has shown that software defined wide area network (SD-WAN) is the most disruptive of the current crop of disruptive technologies. An August 2019 survey found that SD-WAN disruption is affecting companies of all sizes, although at a greater rate among smaller companies with a revenue size of less than $10 million.

The author of that survey, Avant Communications, has now expanded those findings in a deep dive (PDF) into the SD-WAN market and market expectations. It finds that the primary reasons for moving from existing networking to SD-WAN are pure business motivations: auto failure and redundancy (66.8%), simplified management (61.0%), cost savings over MPLS (57.7%), and improved application QOS (47.7%).

The primary driver for the need to change is the increasing need for high speed and reliable communications over distributed infrastructures and cloud services, and the growth of bandwidth-heavy and latency-sensitive applications. SD-WAN can work with multiple existing network technologies, such as broadband, MPLS, Ethernet, 4G/5G wireless, DSL, private fiber networks, and satellite, and it will choose the best route for data in real-time -- often improving network performance and reducing network costs.

"Mid-size and small enterprises are moving quickly to cloud, with large enterprises consideration rates increasing more each day" said Gary Levy, VP Worldwide Alliances and Channels at Oracle Communications. "As mission critical applications are sourced across cloud environments, enterprises are re-thinking how they are leveraging MPLS. We find that enterprises are reducing expensive point to point MPLS circuits, increasing usage of less expensive broadband internet, and rapidly deploying SD-WAN."

But while the business case for SD-WAN is clear (IDC expects the market to expand at a 30.8% compound annual growth rate -- CAGR -- from 2018 to 2023, reaching $5.25 billion; while Frost and Sullivan expects it to reach $4.4 billion by the same time), Avant warns that any new technology or infrastructure will almost always expand the cybersecurity attack surface.

There are two basic categories of SD-WAN vendor: the pure-play vendor that has entered the market directly from start-up, and the existing vendor moving into the technology (typically a networking or security firm). Neither has specific advantages over the other, although one adds security to SD-WAN, while the other adds SD-WAN to -- typically -- cybersecurity.

"As the data travels across the Internet, protections for layer 4 through layer 7 of the OSI stack will likely be necessary," says Avant. It recommends that companies moving to SD-WAN should especially focus on next generation firewalls with intrusion protection, web filtering and DNS security; but notes that this could become costly when applied to a large number of remote facilities.

The effect of this would likely be greater cost for larger firms; or conversely, smaller firms would have either a lower initial cost or faster return on investment. This may in turn explain why the adoption of SD-WAN is currently greater among smaller firms, with larger firms being slower to reduce their use of MPLS.

Some of the security requirement will already be included in the SD-WAN offering, "such as," says Avant, "stateful firewall capabilities, site-to-site encryption, application policy control, segmentation for VLANs and split tunneling, and authentication between edge devices and the controller." However, the exact security element of an SD-WAN offering will differ between vendors, so it is important for a buyer to both understand his own requirements, and understand what is available from the vendor.

"While SD-WAN adoption is booming, selecting the proper solution is a complex task," said Ian Kieninger, CEO and co-founder at AVANT. "Organizations must take the time to evaluate the applications they will need to support, as well as the security and geographic needs that must be met."

Avant Communications is headquartered in Chicago, IL. It was founded in 2009 by Ian Kieninger (CEO), and Drew Lydecker (president).

Related: Security is a Top Concern for SD-WAN. Is Your Solution Ready? 

Related: Overcoming Common SD-WAN Security Mistakes 

Related: Is SD-WAN a Standalone Technology or Part of a Solution? 

Related: Low Budgets, Limited Expertise Plague SMB Cybersecurity

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.