How to Protect Your Global Enterprise Network and Applications in 2019
In today’s cloud-centric world, global enterprises are considering SD-WAN solutions that offer reliable connectivity, fast application performance, and best-in-class security, without adding network complexity and extra costs. Securing IT resources for any business is hard enough, but it’s even more challenging when it comes to protecting a network with connections that reach around the world, not to mention the variety of service providers you have to manage and the support resources necessary to manage a mix of endpoint security appliances.
The security picture becomes more complex when you try to build up your network with SD-WAN to subsidize aging MPLS networks. Most IT leaders will find themselves with an SD-WAN that exclusively uses the public Internet for transport.
This is an important consideration to evaluate when you’re considering the security implications of edge-based SD-WAN options. However, if you replace the public Internet with a software-defined private network to accelerate and protect the middle mile of your WAN, that equates to adding an additional layer of security.
Providing your enterprise with a multi-layered defense-in-depth approach is the best way to approach security for your global enterprise network. There are simply too many threats and attacks vying for access to your network for a single security solution to do any good. Some defenses won’t work all the time and an enterprise must have additional layers of defense ready to protect the network.
So what are the best practices required for any global enterprise? Here is what we recommend:
- Make sure your provider can deliver a portal that enables you to monitor your global network from a single pane of glass. Odd traffic spikes or multiple connections from an unexpected part of the network or the world might be indicators of nefarious activity that demand closer inspection. This would further enable you to quarantine users and prevent the spread of an attack.
- If your business solely uses the public Internet for middle mile transport, there is no way to know where your traffic will traverse and who has access to various facilities (say nothing of the performance hit you’ll get using best effort public Internet for SD-WAN transport).
The alternative is to sign up for a fully-managed solution that is provided over a secure, private global network. Using a private network for the middle mile significantly minimizes attack vectors by eliminating exposure to the public Internet.
- There must be two objectives for IT leaders: avoid the public Internet and assure your traffic is systematically transported in a true multi-tenant fashion. A network with dedicated tunnels for each customer will keep your traffic from mixing with those from other companies.
- Diversity is a core virtue for a defense-in-depth security strategy, but some SD-WAN suppliers are touting the so-called “advantages” of building and integrating their own security stack.
The best practice is to have security delivered by the best-of-breed suppliers who partner with your network provider and your business. This approach mitigates the fundamental vulnerability associated with utilizing a single-vendor security stack.
This is exactly why Aryaka has partnered with top security vendors such as Palo Alto Networks, Symantec, and Zscaler for edge- and cloud-based security. All of whom are focused on the global enterprise WAN. Homegrown protection from a smaller company just can’t compare. If you’re a large or mid-sized global enterprise, integrated best-of-breed security from multiple vendors is a must.
- If your business needs a layer of security for both inbound and outbound traffic at the network edge, most SD-WAN providers will have limited options and will try to dictate a specific strategy rather than accommodate your preferences.
Obviously, there is no such thing as 100% security, and that’s why a defense-in-depth model is critical. Look for SD-WAN providers that can deliver services over a secure, private, managed network, and offer best of breed options for each of the multiple security layers required to protect your global network and your business-critical data!
To learn more, join Mouli Radhakrishnan, Vice President of Product Management at Aryaka and Amit Raikar, Senior Director of Business Development at Zscaler in our upcoming webinar to learn how enterprises can improve application performance and protect mission-critical data by combining cloud security with a global connectivity solution.