How secure SD-WAN can improve security and cut costs [Q&A]
Securing enterprise networks has always been a challenge, but 2020 and the shift to remote working has made it even more so.
Fortunately secure SD-WAN technology can help businesses to deal with the new landscape as well as reducing costs and making strong security accessible to more organizations. We spoke to Mike Wood CMO of Versa Networks to find out more.
BN: How is network security changing?
MW: A lot of times in the past, there's been a separate security team and a separate networking team, and I would say often times they were in silos. What we're beginning to see instead is there's a much tighter collaboration between those teams and in some cases it's almost described as convergence within some organizations.
We see this showing up, and manifesting itself through the interactions that we have with these companies and organizations. For something as simple as a complaint, an IT team will issue a request for information or request for proposal from vendors for example and service providers and resellers and system integrators asking them to respond to a series of questions. Convergence and collaboration are clearly happening within companies.
There are telltale signs that the networking team has been intimately involved in this, the specifications of the requirements for those offices, for that entire network, and how the cloud is consumed.
BN: This year, in particular has seen a big change to the way every business does things. Is SD-WAN technology whose time has come?
MW: It's almost a perfect storm where there have been a number of factors that have been developing over the last decade. Cloud is one of them, clearly cloud is becoming much more a necessity for businesses to be agile and responsive and scalable. Digital initiatives, including digital transformation is another factor.
Also three to five years ago, just a fraction of employees were working a fraction of the time from home and now you're seeing that it's possible 100 percent of the employees and contractors are working 100 percent of the time remotely from home.
So this creates dispersal of the individuals and the users accessing those applications and then the cloud creates a system where those applications could be could be sourced from just about anywhere around the globe. Combine that with internet access and speeds and things like that, and the pandemic really was a forcing function for a lot of us, so there were categories of businesses which had nobody had anticipated.
Some businesses and organizations were prepared, they didn't know what was going to occur that was going to test their preparedness, but they were prepared because they had actually implemented digital transformation, cloud, and technologies like SD-WAN that enable them to connect all the way down to the home. They also implemented the beginnings of SASE -- Secure Access Service Edge -- and that allowed them to take and deliver networking and network security from the cloud to anywhere, whether it was a business' actual office, or if that office happened to be somebody's home.
BN: Presumably this helps with the cost of rolling out technology too?
MW: There's an elasticity and scalability that's naturally enhanced with the cloud for SASE. Those services take advantage of economies of scale and ultimately end up driving down the costs in several ways. One way is that much technology, hardware for example, in the branch office can be scrapped, I can reduce my footprint from five devices down to one device there, so that's a natural capex reduction.
Secondly, if I'm leveraging more of the cloud services I only pay for what I need. I provision a site at minimum necessary security and connectivity networking required for that site, and maybe I expand its bandwidth requirements for example when I look at the number of individuals. As a business I pay for the number of people that are on the system, so that really drives down the cost also.
If I can reduce the number of hours, and people that are maintaining running my network and my security by centralizing the management that controls the configuration, if changes are allowed within one platform and interface then I require fewer people to manage it. With this type of model I can actually train and have one single person manage all that through a single portal.
BN: So that will help make these technologies more accessible for smaller companies that might not have been able to afford this level of security before?
MW: It's inherent within a genuine cloud native implementation, there's the ability to scale down so far that a small medium business or small, medium enterprise can take advantage of that. What Versa's providing in this case is something called the Versa Titan. This is a system that's designed for lean businesses. Cloud economies of scale allow a very small business to get on to the service, where in the past they would have had to purchase very expensive hardware. To implement these services now they can just take a portion of what they need from the cloud and they only pay for what they use too.
BN: One of the buzz phrases of this year has been zero trust, how does secure SD-WAN play into that?
MW: The timing again is fortuitous, zero trust network access is part of the SASE collection of services. To be a true SASE user you really need to have these services integrated within a single software stack that runs in the cloud and runs on premises.
Zero trust network access is about three things. It's about identity, it's about trust and it's about context, those are the key aspects. Identity means I know who you are, I can identify you as an individual, my concern does not necessarily gravitate towards the physical device that you're on, whether it's a laptop, a tablet, a smartphone. There's a level of trust that's established between the system and us an individual.
But another thing that occurs here is that the context may change. So, you’ve established a connection, verified it with multi-factor authentication, etc, but I naturally keep track of your actions. Maybe today you're in London and that's where you normally are, but for some reason, tomorrow you happen to be in Taiwan, it's a little strange but you've still identified as you and I trust you, because we've got through our multi-factor authentication. However, I noticed that you're in the PR department but you're trying to access our source code, that's strange and you've never done that before, so I'll ask you to re-authenticate, reset your password, and go through a whole slew of challenges that only you would be able to do.
The other challenge is it's 2020 and you're working from home which is probably the least secure network. It's harder to know that the enterprise network is secure because the perimeter has moved. That's why zero trust network access is so interesting and powerful because it can be used, no matter where you are, you can work safely from anywhere.