The time-to-market advantages of software-defined wide-area-networks (SD-WAN) and the dramatic cost reduction realized by replacing MPLS networks with inexpensive broadband are becoming more widely known. What’s less understood is other significant network considerations, particularly when SD-WAN deployments are at scale.
In this multi-part blog on scaling SD-WAN, we share what we have learned from deploying SD-WAN to more than 60,000 sites. The first installment focuses on a pragmatic approach to security.
While the network considerations we’ve listed below are not confined to large-scale sites, they become more significant in large scale networks.
- Lack of IT and security staff. Large distributed enterprises tend to have a significant volume of remote sites with lean or sometimes even no field IT staff, making it imperative that the WAN require an absolute zero touch provisioning mechanism.
- Complex multi-box solution. In many cases, the WAN has grown by accretion, with new boxes and appliances daisy-chained in a rack or closet as a new app or service is added to the network. It is difficult to manage and secure remotely, and no one on site understands how it works. The obscurity of the solution at the edge creates a vulnerability in that it will likely not be kept up-to-date with security patches, and manual configuration across thousands of sites will inevitably result in configuration errors.
- Attractive target for security breaches. In addition to lacking security staff, such remote sites typically carry vast amounts of data that contain sensitive information i.e. personally identifiable information (PII), making them particularly attractive to cybercriminals.
- Multi-tenant requirements. A large, distributed enterprise network serves a wide variety of tenants with divergent needs, making the ability to cater to multi-tenancy critical for both security and privacy.
- Mixed networks. At scale, a WAN is more likely to be composed of heterogeneous networks, from legacy networks to next generation IoT-enabled networks that lack standardized security protocols, or even lack security altogether.
- Shadow IT apps. In any network, users will install shadow apps, i.e. applications not sanctioned by IT. As such, visibility into these applications and any underlying vulnerabilities that can easily exploited.
- Challenges of scaling. The larger a network grows, the greater the challenge of rolling out security consistently across all sites.
*IDC’s 2016 Worldwide SD-WAN Survey Special Report validates our findings on top considerations for SD-WAN deployments, with the roll-out of consistent security topping the charts.
The Security Edge White Paper
Download the white paper “The Security Edge: Why Choose Secure SD-WAN Over VPN?” to read more about how traditional VPNs are failing to meet the challenges of distributed enterprises and why secure SD-WAN solutions are gaining broad market adoption.
ExxonMobil shared its experience of deploying SD-WAN at scale in an Open Networking User Group (ONUG) panel session.