Choosing the Right SD-WAN Security Architecture Model for Your Needs

The change in the work environment in today’s uncertain times cannot come at the expense of network security. SD-WAN offers different security models to match your requirements.

Brian Kracik

June 18, 2020

4 Min Read
Choosing the Right SD-WAN Security Architecture Model for Your Needs
(Source: Pixabay)

Cloud services and communications have become critical for companies who must react quickly in these uncertain times. The ability to rapidly scale, maintain productivity, and move at a fast pace is required as employees adjust work locations and do business in new ways. As business moves forward into the ‘new normal,’ there will be smaller office participants, more activity at branch locations, and an increase in ‘work from anywhere’ roles. The new business work paradigm shifts enterprise services and applications from a hub-and-spoke, on-premise centralized data center to hybrid cloud/data center communicating to a highly distributed workforce. Going forward, a highly reliable network is not just necessary for good customer quality, but it becomes imperative for normal day-to-day business operations. The role of a software-defined wide area network (SD-WAN) to maintain and sustain network connectivity is critical to maintain business in both the current uncertain times and into the future ‘new normal.’ 

The change in the work environment in these uncertain times cannot come at the expense of network security. Zoom, which has emerged as the poster child for remote work by providing essential means of communication, hit home on this point, citing security as a key reason for its recent infrastructure shift. One way to mitigate potential worries and optimize a company’s digital efforts is through the use of SD-WAN technologies. Instead of requiring costly rip-and-replace approaches, SD-WAN is integral in providing a multilayered network security model and offers high business value for fault-tolerant networks. Paired with security at the cloud level, SD-WAN ensures the security of data as it moves from applications to users.

An SD-WAN can readily support a preferred network security model or the security infrastructure already in place. There are three distinctly different security architecture models that address these concerns – centralized, distributed, and cloud-based architectures. Each one addresses security concerns and specific benefits. Let’s dive into each of them in order to offer insight on which could be the best approach for your business:

Cloud-based security: If you are looking for reliability and ease-of-access for data and SaaS applications, consider a cloud-based network security model. With this model, security applications live as software in the cloud instead of relying on advanced distributed network security infrastructure, and enterprises benefit from automated monitoring and distribution capabilities.

The cloud-based security market is rapidly growing, having truly taken off in recent years, and is mainly driven by the increased use of mobile devices and applications under the increasingly common bring-your-own-device (BYOD) trend. This model delivers a lower average latency for cloud access and supports real-time threat monitoring. However, for this approach to be effective, enterprises must ensure the reliability and security of their connection to the cloud, embracing network integrations or solutions as needed to streamline SaaS connectivity and delivering reliability and quality of experience (QoE).  

Centralized security: Many larger companies rely on low-bandwidth, expensive MPLS links to backhaul branch traffic to a central data center or headquarters, which serves as the point for centralized network security policy. This centralized network security model brings together complex, expensive network security functionality to a small number of locations, helping enterprises manage security costs—from both a CapEx and OpEx perspective—and more easily manage performance and security concerns. However, there are issues to weigh like the possibility of central servers malfunctioning, higher average latency for cloud and SaaS access, and challenges scaling the WAN for bandwidth-intensive applications.

Distributed security: On the other end of the spectrum, if your company’s priorities are focused on lower average latency, a distributed internet access model may be the route to take. This network security approach is spread over different branch locations. However, that can make network security much more costly to deploy and harder to manage. For instance, installing and maintaining advanced next-generation firewall (NGFW) capabilities at many different locations can quickly add up. Additionally, this distributed model brings its own set of security, QoE, and reliability concerns. A lapse at a single branch can trigger an incident, meaning sufficient threat management capabilities are a must with this approach. For most branch installations, an expensive, sophisticated next-generation firewall is overkill for what is needed. A basic SD-WAN firewall is more than sufficient for most installations.

Final thoughts

Whatever model you choose, SD-WAN will help you amplify and advance your company’s digital performance and abilities, improve network reliability and security – all with the benefit of not needing to do a costly overhaul to your network security architecture.

About the Author(s)

Brian Kracik

Brian Kracik is senior director of product marketing for enterprise communications and cloud services at Oracle.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights