Concerns about SD-WAN security

The rise of SD-WAN is a legitimate option for both growing and established businesses. As service providers, we are dedicated to making sure that our customers get the best. We believe that this technology is exactly what businesses need to bridge the gap between reliable service and cost-effective rates. However, there have been cases where some SD-WAN vendors have been irresponsible with the appliances and devices they have used to implement their services.

Here lies one of the most fundamental concerns about SD-WAN as a network service of choice and convenience. Why? Well as businesses and consumers move their dependence and service procurement towards more internet-driven and/or SD-WAN solutions, they are also simultaneously increasing the level of risk and vulnerability to their networks. However, before going any further we must highlight that this risk can be averted if you work with the right service provider, vendor, and ensure that all necessary security measures have been implemented. Let’s deep-dive into this a little more and figure out where the concerns are and how they can be addressed.

Is SD-WAN increasing your network’s vulnerability in the process?

For starters, we must highlight that the conventional routers and devices that SD-WAN equipment is replacing have had decades of activity and experience in the networking space, as opposed to their relatively new SD-WAN counterparts. This means that these routers and devices have essentially stood the test of time and are, in all meanings of the word, “battle-tested”. Moving onto SD-WAN alternatives means that enterprises have moved away from a single or limited set of centrally managed, secure internet gateways to a sparsely distributed set of internet gateways.

What does this mean? In laymen’s terms, we have now essentially expanded the proverbial network battlefield, leaving network security having to cover a larger unregulated/unprotected area. While in previous instances, the risk of network breaches was limited to someone physically accessing a device, where a potential hacker/attacker would need to find a way to exfiltrate data and information via a closely monitored, centralized firewall. However, with the move to SD-WAN and other internet-dependent technology, the capacity for remote attacks have also increased.

SD-WAN technology and equipment come with the benefit of reliability, affordability, and confidence. However, these positives can be undercut if appropriate security measures are not implemented, given that enterprises/businesses and their branches are connected directly to the internet – leaving them vulnerable to attacks. Additionally, SD-WAN devices are completely interlocked, which could mean that the compromising of one device in a system could give hackers and attackers complete visibility into the data traffic flow throughout the business and its branches.

Given that businesses with SD-WAN implemented would have direct access to the internet, whoever is responsible for infiltrating these networks remotely could do so far more conveniently and with a greater likelihood of going undetected – if the right security measures are not in place.


What’s the solution?

Throughout this blog article, we have repeatedly inferred to the need for the “right” security measures to be implemented by the “right” vendors and suppliers. What does this mean exactly? Let’s look at the key avenues you need to pay attention to when going about implementing SD-WAN within your enterprise.

To begin with, the appliances used in SD-WANs often run on white-box servers, off the shelf hardware, complemented by various microservices supplied by different vendors and providers. The quality of your device, combined with the microservices it utilizes is often a vulnerable point of attack from external threats and breaches. Therefore, we encourage you to work closely with a vendor and supplier who is willing to sit with you and guide you through the selection of each device or appliance. Make sure your supplier does not try to blindly assure you that their products and services are not in need of such scrutiny – remember it’s your business, your network, and your data that will be at risk, so be proactive.

Keep in mind that microservices running on SD-WAN equipment are often sourced from third-parties, however, this is not always a bad thing. There are several well-known SD-WAN vendors like Cisco, VeloCloud, and Riverbed, who are well-tested providers of reliable products and services that can provide you with secure service. However, also keep in mind that there could be many other vendors that code open source components together that do not provide similar security in the process. Therefore, be sure to be wary of this. Always make it a point to do your research on what products and microservices you will be getting so you know you are making the best possible decision for your business. Remember, the more reliable and dependent your provider is, the more likely and regularly your devices will be updated to counteract the latest security threats – updates are incredibly important within any network.

These less reputed alternatives may come at a lower price tag, however, the damage they could do to your business’ network security would be monumental. Our advice – stick to what is established.

Contact us for a no obligation consultation. Contact>