The Current State of WAN Security

January 08, 2018 Security and Compliance, MOVEit

Increased use of cloud applications and other developments are transforming WAN implementations, improving security in the process.

 

Companies and other organizations have used wide area networks (WANs) to connect geographically distributed locations for years. Increased use of cloud applications and other developments are transforming WAN implementations, improving security in the process.

What are WANs, and why are they used?

A wide area network (WAN) is geographically distributed communications network that links a number of local area networks (LANs). This can span cities, states, or countries.  For an enterprise, a WAN lets users share applications, services, and other resources, eliminating the need for duplicate application servers and firewalls.

WANs can be connected through wired or wireless technologies. Until recently, wired connections were preferred, but 4G LTE wireless WAN connections are becoming more popular. The infrastructure can be privately owned or leased from a third-party service provider. The actual connection can be via a dedicated private connection, or over a shared medium, primarily the internet. Businesses also mix and match these implementations to make hybrid WANs.

The cloud is putting pressure on WANs

Most businesses used to run WAN traffic through a corporate data center, where security policies were applied, and then forwarded it to its final destination via Multiprotocol Label Switching (MPLS). But now they are moving applications from their data centers to the cloud, so a centralized arrangement makes less and less sense.

As a result, MPLS is increasingly getting replaced by, or integrated into, software-defined WANs (SD-WANs). The loss of centralization will actually improve security, while providing greater flexibility.

How WANs are changing as a result

MPLS assures the reliable delivery of packets by labeling each one with its source, application type, and priority. This allows all packets that are for a specific purpose, such as real-time videoconferencing, to be sent via the same low-latency route. MPLS gives the user control over traffic engineering, while imposing a significant cost in bandwidth.

SD-WAN, by contrast, gives up control over transport while making its key decisions at the network edge.  SD-WAN arose to optimize the usage of big cloud-based applications, and has grown to dominate the rest of the market.

SD-WAN can manage a variety of network links by priority or content type. It switches from one link to another based on real-time analysis of link performance. It is transport agnostic. Edge devices at customer sites are managed centrally. There’s no need for different security mechanisms for different transport types.

MPLS will still be used as one of the transport mechanisms in SD-WAN for certain high-priority data, at least for a while. But, its relative advantage, even in those applications, is fading.

Read: Should You Hire A Cloud Storage Security Vendor?

Security issues that should be top of mind

SD-WAN allows for encryption of traffic while taking advantage of cheaper, widely distributed broadband resources. A new network device installed at a remote site can connect to the existing VPN infrastructure, and all other connected devices reconfigured to talk to it.

Connectivity is often managed via virtual private network (VPN—simply a way to create a safe and encrypted connection over a network of lower security). VPNs can come in various flavors, such as IPsec VPN and SSL VPN. 

The increasing number of network breaches only emphasizes the critical need for encryption. A variety of supposedly secure connections have been spoofed and hacked. Service providers are no longer assumed to be able to guaranteed security. Automatic encryption, no matter what the configuration is, is a key contribution to security.

In addition, SD-WAN has scalable key-exchange functionality and software-defined security that ensures that all devices and endpoints are authenticated.

As always, complying with, and demonstrating compliance with, various data security mandates is essential to a business. SD-WAN enables the segmentation of application traffic through separate virtual networks. Whether it’s HIPAA, Sarbanes Oxley, PCI, Basel II, or any of the other applicable regulations, compliance of that data can be focused on and assured, without affecting other data sets.

Network security is increasingly key

SD-WAN can meet both the needs at specific locations and the connection to the cloud, with a flexible range of capabilities for network security. The entire WAN industry is changing as a result.

Alex Jablokow

Alex Jablokow is a freelance writer who specializes in technical and healthcare business. He blogs about the Internet of Things, software, inertial guidance systems, and other topics for business clients. Sturdy Words, his freelance content business, is at www.sturdywords.com.

Read next 3 Ways to Streamline the Compliance Audit Process