by Eric Fritzler, efritzler.com
SDWAN does a wonderful job of optimizing performance of branch sites, but how can you trim your entire technology stack at a branch office while achieving robust security? The answer is a combination of SDWAN and Cloud Based Security Services.
Securing tens to hundreds of branch sites can wreak havoc on a business both in terms of capital expense as well as operational expense. There are ways of consolidating the security spend to the corporate office or data center by backhauling all traffic, but the inefficiencies of backhauling are difficult to overcome in these types of solutions. When you add customer WiFi into the branch the bandwidth expenditure of backhauling can increase by orders of magnitude particularly in places where private MPLS is expensive.
Each branch office requires protection including at a minimum a zone-based firewall, and many branches need additional security services such as IDS/IPS sensors and proxies just to provide a rudimentary level of security. Adding in the complexities of dealing with PKI and the inspection of SSL encrypted traffic, you quickly create a setup in the branch that costly to install but even more expensive to maintain.
SDWAN appliances often provide the fundamental level of security such as a zone-based firewall. Many of them can even create secure tunnels to cloud security services such as Zscaler, Palo Alto Networks GlobalProtect, or Symantec’s Web Security Service. Policies can be set to force application traffic through these services using the direct Internet or broadband connection in the branch, providing a cost effective and secure solution that is much easier to implement and support throughout the life of the branch than conventional strategies. SDWAN appliances can then manage policies for routing and performance while internet access is directed towards the cloud security solution for protection against malware, advanced threats, phishing, browser exploits, malicious URLs, botnets, and more.
Many businesses are also virtualizing their branch environments using VMware. An alternate architecture would involve using a virtual form factor for the SDWAN appliance in conjunction with a cloud security service or local virtualized security platforms. With local virtualized security platforms in the branch, the business can retain the control, management, and monitoring that they expect out of owned/operated equipment without requiring the physical footprint. Obviously in this model deployment and roll-out are simplified and streamlined, managed through software.
These solutions allow for a lower cost branch environment optimized for both application delivery and for advanced security services. These savings further extend in the ongoing operations and manageability of the branch.
Original article: efritzler.com