05 March 2024

Jonathan Wright, director of products and operations, GCX

A s digital innovation evolves across all types of industries, the cyber-attack surface has been expanding in tandem. This is an unfortunate, but unavoidable consequence of increased digital transformation. As a result, enterprises have been forced to seek out networking solutions to match the surge in cyber threats and tackle them head-on.

One such networking solution is Software-defined Wide Area Network (SD-WAN) architecture. Originally designed for on-site work, SD-WAN was fit for purpose at the time, but the post-pandemic workplace has since turned this network solution upside down. Now almost four years on, many businesses favour hybrid and remote working models – which appear to be here to stay.

But, what does that mean for SD-WAN? For me, it’s simple. Businesses shouldn’t be relying on something that wasn’t designed for the modern workplace. Not only because they face falling behind if they don’t adapt with the times, but because this technology is now producing a significant risk to network security.

SD-WAN’s limitations

Specifically, organisations now have to think about additional security measures, like securing people and devices to applications not just on-site, but also remotely. The authentication process is one example of where SD-WAN falls short, as once a VPN circuit is authenticated (regardless of who opened it), no further traffic analysis occurs within the circuit. This means that networks relying on SD-WAN will have limited visibility over their network subscribers’ traffic and behaviour after initial authentication, which hampers an organisation’s threat detection capabilities and means that further threat mitigation policies aren’t available.

This is non-negotiable in today’s cyber-threat landscape. More devices being added to the network means more entry points for cyber-criminals to exploit. So, simply put, relying on SD-WAN as your network access in today’s threat landscape just won’t cut it anymore.

Combining SD-WAN with SASE

Of course, many organisations have invested a lot of money in SD-WAN. And, yes, it may have its limitations in the modern workplace, but it shouldn’t be abandoned altogether. One such alternative measure that we’ve seen is implementing cloud-centric security frameworks like Secure Access Service Edge (SASE) over their existing infrastructure.

Where SASE builds on SD-WAN infrastructure is that it provides end-to-end protection, which means it is equally effective at enforcing security on endpoint devices as it is with full offices, which is central to enabling organisations to mitigate their growing attack surface, as the increasing number of endpoints no longer presents the same risk.

Supporting with SASE Zero-Trust architecture

Moreover, bringing these two solutions together under one unified network gives organisations deeper inspection capabilities, as together they can be more easily supported with zero-trust architecture. This would also give organisations the ability to apply security policies at more granular levels.

More specifically, organisations would be able to access important data reflecting user mobility, the health of the device accessing the data, user seniority, and location. Where SD-WAN technology doesn’t analyse the data within the network connection following authentication, zero-trust works at a more granular level so keeps track to ensure that organisations have the best possible visibility.

Zero-trust architecture is a key feature of the SASE framework. It offers greater visibility in the form of real-time data tracking capabilities, creating a platform for protecting data on its journey from the end user’s device to the cloud. Importantly, this enables hybrid and remote working capabilities whilst enhancing security - just what a modern-day business needs.

Relieving the pressure on IT teams

While the security benefits alone should be enough to consider this route, unifying network operations to one platform also reduces the burden on increasingly shorthanded IT teams.

For example, streamlining network management and security significantly simplifies traditionally complex operations, which can help increase efficiency and cost savings as a result. Additionally, unified network management allows for a more consistent application of policies and configurations across the network, whether they be related to security or not.

Moreover, many enterprises span several countries in their operations and are therefore required to meet different compliance standards across the different regions. So unifying network management to a single platform not only bolsters security but also ensures better compliance with regulatory requirements and industry standards, giving peace of mind to teams involved in these processes.

Streamlining modern security operations

In the world of modern business, innovation brings forth countless opportunities but also introduces a whole host of security challenges. To combat these risks, organisations must integrate cloud security infrastructure into their operations. However, a more crucial step lies in consolidating network infrastructure onto a single platform, enabling seamless support for zero-trust architecture. This unified approach I believe not only simplifies IT operations but facilitates a more robust application of security policies, ultimately leading to a more secure and cost-effective infrastructure for businesses across all industries to reap the benefits for years to come.