BT

By BT

08 Oct 2019

Sponsored

BT looks at how to secure your SD-WAN services, starting with security by design 


The flexibility, scalability and cost savings of SD-WAN make it highly attractive to global organisations, but it can come with higher risks.

Security by design

While moving to SD-WAN brings significant benefits, you are also potentially exposing your business to additional security risks around your network, application availability and performance. Your SD-WAN routers and management platform are directly connected to the internet. Using the internet for traffic flow means you lose control of the data path, your data is flowing in zones of zero trust. And the physical security of your SD-WAN elements becomes more critical.

Purely relying on the inbuilt security of an SD-WAN in many cases will not be sufficient - it is left to the customer to assess their own requirements and what security controls they need, or face the risks of hacks of SD-WAN routers, lateral movement once past them, DDoS attacks or insider threats.

SD-WAN – the wedge between the CIO and CISO?

But in around 80 per cent of the bids we see, customers aren’t actively considering or aware of the risks. SD-WAN is highlighting the tension between CIOs, focussed on supporting the business with technology enabled solutions, and CISOs, concerned with managing information security risks. Both CIO and CISO recognise savings and agility SD-WAN can offer, but it’s solely the CISO’s job to ensure the business remains secure whilst benefits are realised.

In fact, cybercriminals are fully aware of these challenges as well and have an interest in ensuring that IT and security teams remain disconnected. Any digital transformation that is not tightly coordinated between these functions is likely to lead to an increasing amount of vulnerabilities or delays as security considerations are retrospectively implemented, potentially at significant cost compared to having designed the required security in at the start.

Design principles for security

Implementing an SD-WAN proof of concept or solution needs the networking team and security teams to work together. By analysing what you want to achieve, understanding your network and applications and where your crown jewels are, you can work out what you want to protect and how.

Regardless of technology, we need to move away from thinking about data security and network security to thinking about policy, visibility and control of the network underlay, the SD-WAN overlay and the Cloud Security Architecture.

We recommend seven design principles:

  1. Apply security at all layers
     
  2. Control access through identity
     
  3. Protect data at rest and in motion
     
  4. Automate security
     
  5. Monitor continuously and hunt for threats
     
  6. Adhere to compliance regulations and laws
     
  7. Prepare for disaster

SD-WAN security controls

By classifying sites as mission critical, business critical or other business sites, you can design the right security controls for each type of site. For some of our customers, the answer may be to take a hybrid approach, leaving mission critical sites on secure MPLS but migrating other business sites to SD-WAN, or by adding in additional security controls.

General security considerations should also include things like continuous security monitoring for discovery of unusual traffic, vulnerability management/patch management and identity and access management to the SD-WAN controllers and devices.

We embed security controls such as firewalls, identity and access management, intrusion detection and prevention and URL filtering directly into the network, allowing us to provide different security postures across applications and sites depending on what the organisation is trying to protect and where they need protection. 

Network and security can no longer be considered separately. Our in-depth understanding of both means our consultants can help you understand your potential risks around SD-WAN, ensuring you don’t inadvertently expose your organisation, critical assets and data to unknown threats while transforming your network.

Find out more about how to make security integral to your business.

Click here to download BT's white paper on network transformations with SD-WAN

Related
Government efforts to reduce its estate-waste back on track
19 Apr Civil Service Reform
Government efforts to reduce its estate-waste back on track
by Tevye Markson

Read the most recent articles written by BT - A critical enabler

Categories

Civil Service Reform
Share this page
Read next
WFH: Unions slam John Glen's 'political attack' on civil servants
17 Apr Civil Service Reform
WFH: Unions slam John Glen's 'political attack' on civil servants
Cutting civil service jobs could cost more in the long run, PAC chair warns
28 Mar Civil Service Reform
Cutting civil service jobs could cost more in the long run, PAC chair warns
DWP building fire: No significant damage detected, says council
28 Mar Civil Service Reform
DWP building fire: No significant damage detected, says council
Partner content
What the tech industry can learn from the civil service Partner Content
What the tech industry can learn from the civil service
08 Nov 2021 by NetApp
Delivering change across the public sector Partner Content
Delivering change across the public sector
27 Oct 2021 by Bain & Company
Cloud adoption challenges and how to overcome them Sponsored
Cloud adoption challenges and how to overcome them
07 Jan 2020 by BT
Was legendary grand master Yoda using red teaming to evaluate all his defences? Sponsored
Was legendary grand master Yoda using red teaming to evaluate all his defences?
17 Dec 2019 by BT
Three best-practice measures in the event of a data breach Sponsored
Three best-practice measures in the event of a data breach
03 Dec 2019 by BT
How to take control of your network Sponsored
How to take control of your network
26 Nov 2019 by BT