Please submit the following details to download this asset.
Most organizations are in the midst of some form of digital transformation (DX), transforming how they bring products and services to the market—and ultimately deliver value to their customers. But DX initiatives also bring complexity for the network operations team. With business-critical services distributed across multiple clouds, this leads to potential performance issues, especially at branch locations.
Given these realities, it is no wonder that software-defined wide-area network (SD-WAN) technology is rapidly going mainstream. Unfortunately, SD-WAN is an example of the paradox of DX: transformative technology can potentially move the business to the next level, but the expanded attack surface it creates can expose the organization to significant risk. That is why an SD-WAN deployment, like every other DX effort, should be accompanied by a security transformation (SX) that rethinks outdated principles, broadens protection beyond the data center, and integrates the security architecture for centralized visibility and control.
DX sets the Agenda
DX is arguably the most important business trend involving IT in organizations today. It empowers businesses to operate with more agility and scale more quickly—which is absolutely essential in many industries.1 Moving beyond the digital-enabled enterprise, DX creates fully digital enterprises that “are hyper-connected, adaptive, intelligent, and agile with technology highly integrated into new operational processes, policies, and organizations that unlock its transformative capabilities.”2
DX looks a little different at each organization, but it is almost always marked by increasing reliance on hybrid cloud architecture. For the network operations team, this means bringing existing on-premises resources together with multiple external cloud networks and ensuring their availability and performance, no matter where a user is located.
SD-WAN addresses DX Networking needs
As more services move to the cloud, it becomes increasingly clear that “conventional network architectures were not built to handle the workloads of a cloud-first organization.”3 This has resulted in the rapid growth of another key DX technology— SD-WAN.
SD-WAN provides high-performance access to cloud applications for users located away from headquarters, enabling a more agile network and facilitating automation at branch locations to a degree previously not possible. Specific benefits include:
SD-WAN can also Disrupt Network Security
It is hard to argue with the benefits of an SD-WAN network architecture in a world of DX. But SD-WAN also has a glaring disadvantage. Each SD-WAN-enabled site with local Internet access is a further expansion of an organization’s attack surface—and another weak link in the network security chain. This exacerbates an existing problem, since branch locations often have lower levels of security than headquarters even before the introduction of SD-WAN.
Of course, most other DX-inspired technology deployments also expand an organization’s attack surface, and security is often seen as the biggest roadblock to DX initiatives.6 To be successful, every DX initiative — including SD-WAN deployment—must be accompanied by a corresponding SX.
SX can make SD-WAN Secure
SX involves rethinking of long-standing principles of enterprise security—including the perimeter-based model, which declines in effectiveness every time another cloud service is rolled out and is completely unworkable with SD-WAN. SX also requires that security should be an integral part of DX planning, rather than an afterthought. For every DX initiative, planning and deployment teams should follow the principle of security by design, security by default.
When it comes to SD-WAN deployment, the network security and network operations functions should share in the decision-making process for a solution, and a security strategy should be in place when the final selection is made. Traditionally, these teams operate in silos—and sometimes function in mild competition with each other.7 But when these teams work together, they can strategically address the legitimate security concerns surrounding SD-WAN:
Integration is a key to SX
In a recent survey, the typical organization saw 20 cyberattack-related intrusions over a two-year period, with four of those resulting in breaches that caused damage - data loss, downtime, or a compliance event.10 Part of the problem is that it takes more than six months (197 days) to even detect the typical attack, enabling attackers to move laterally within an organization.11 The majority of these are advanced threats, designed to bypass conventional security measures. If not deployed strategically, SD-WAN and other DX initiatives can potentially worsen these threat problems.
As organizations deploy SD-WAN in support of DX, they need to ensure that SX is a part of the equation. With network traffic bypassing the data center, the network security architecture needs to broaden—but not by adding silos to the security architecture. With a truly secure SD-WAN solution, security is integrated with the network and expanded across a multisite, distributed enterprise environment. This enables centralized visibility and control, true automation of security processes, dynamic sharing of threat intelligence, and a more resilient network.
Making SD-WAN successful with SX
SD-WAN offers organizations a great opportunity to deliver tangible value to their branch networks. Some of the things IT and security leaders need to remember include:
While moving to SD-WAN and SASE can deliver digital transformation (DX) and security transformation (SX) for an enterprise, they need to be bolstered with the right Operations Transformation that helps identify the essential interventions that are needed to drive and sustain the change. To reap the benefits of DX and SX, enterprises need to identify and define success factors for their NetOps.
Traditionally, NetOps teams have relied on availability of network devices and process automation. With widespread cloudification and digitization, the focus has shifted to service excellence and UX. Enterprises can use AIOps to understand the service context, detect issues faster, and provide automated resolution. AIOps helps identify unknown or undefined issues that are beyond the capabilities of monitoring tools which look for known and well-defined metrics. Augmenting AIOps with NetDevOps principles is a foolproof and faster way of implementing network infrastructure changes. Enterprises can leverage features of SD WAN for basic experience measurement. Abstraction of data/telemetry from other elements of infrastructure and co-relation through AIOps will be imperative to measure and address UX concerns. Enterprises that take a holistic view of enterprise infrastructure and network transformation along with adequate operations transformation initiatives will be able to unlock business value.
This whitepaper is published jointly by Microland and Fortinet, and discusses the importance of SD-WAN in the age of digital transformation.