TOP STORY
Oct 11, 2024
The surprising gains of non-routable wide-area networks.
The following is guest post from Mike Gemza, CTO, Cornerstone Building Brands.
At a time when cyberthreats are becoming more advanced and network infrastructure needs are increasing, it's not just important to use a zero trust approach to software-defined wide-area networks (SD-WAN). It's also essential. As connectivity keeps changing, those who use new solutions like zero trust (ZT) SD-WAN will be in the best position to succeed.
Limitations of traditional SD-WAN
There’s no question traditional SD-WAN solutions have revolutionized network management by enhancing performance, reducing operational costs, and improving the user experience. SD-WAN has enabled enterprises to manage traffic across multiple connection types—like multiprotocol label switching (MPLS), long-term evolution (LTE) wireless, and broadband—while optimizing bandwidth.
However, these benefits come with significant security trade-offs as enterprises evolve their multi-cloud environments and begin to adopt a zero trust architecture. SD-WANs typically rely on site-to-site VPNs and implicit trust models, expanding the attack surface and allowing lateral movement within the network. VPNs, in particular, are frequent targets for cybercriminals due to their inherent vulnerabilities. This setup is incompatible with zero trust principles, which assume that no entity, internal or external, is trusted by default.
The zero trust difference
First, ZT SD-WAN redefines network security by eliminating vulnerabilities associated with traditional SD-WAN. Unlike models that rely on implicit trust, ZT SD-WAN brokers all communications through a unified platform, enforcing security policies, minimizing attack surface, and preventing lateral movement. This ensures secure, efficient connectivity that adapts to the needs of modern enterprises and provides the flexibility their users demand.
Second, ZT SD-WAN also enhances benefits from embedded zero trust principles directly into the network. This approach eliminates the need for traditional VPNs, firewalls, and router overlays, which introduce vulnerabilities, complexity, and cost.
Third, ZT SD-WAN can be plug-and-play, requiring only an internet connection for a simple and swift deployment. By removing outdated components, ZT SD-WAN provides a more streamlined and secure alternative that reduces business risks and prevents the propagation of ransomware and other threats.
This architecture is based on the principle of least-privileged access. Users and devices are only given the minimum level of access they need to do their jobs at any given time. ZT SD-WAN ensures that, even if a breach occurs, the threat is contained and cannot spread laterally.
Advanced security and segmentation
ZT SD-WAN's security innovations extend beyond minimizing the attack surface. It also offers zero trust segmentation, crucial for eliminating lateral threat movement. Industries like ours plus finance, healthcare, where the impact of a breach can be catastrophic, prefer such advanced segmentation.
In traditional networks, once attackers gain access, they can move laterally across the network, targeting additional systems and data. ZT SD-WAN prevents this by creating isolated segments for different users, devices, and workloads, each operating independently with strict access control that limits communication between segments.
ZT SD-WAN simplifies segmentation management through centralized policy control. IT teams can define and enforce policies across the network from a single console, reducing the complexity of managing multiple security appliances and configurations. The result is improved operational efficiency, freeing IT resources for strategic initiatives rather than time-consuming and burdensome day-to-day maintenance.
Enhancing network performance
ZT SD-WAN also improves network performance. Traditional SD-WANs, while flexible, often struggle with performance bottlenecks due to a reliance on slow and unreliable VPNs and firewalls. These components introduce latency and reduce efficiency, particularly as traffic increases.
ZT SD-WAN, on the other hand, improves traffic flow through intelligent path selection and dynamic routing. Unlike traditional SD-WANs, which sometimes route all traffic through a single, congested path, ZT SD-WAN continuously dynamically routes traffic through the best available path. This ensures critical applications receive the bandwidth and low latency they require, even during peak usage periods.
Moreover, it integrates application-aware routing, prioritizing traffic based on each application’s specific requirements. For example, real-time applications like video conferencing or VoIP can be prioritized over less time-sensitive traffic, ensuring a smooth and uninterrupted user experience. This is valuable for organizations in situations where application performance directly impacts productivity.
ZT SD-WAN in practice
Cornerstone Building Brands, North America’s largest manufacturer of exterior building products, is a prime example of an innovator with the foresight to adopt a non-routable WAN. The company implemented a zero trust security framework that spans across branches, data centers, and the cloud. ZT SD-WAN has empowered them to protect their business against increasing cyberthreats by reducing attack surface, preventing lateral threat movement, and enhancing application performance with a non-routable WAN. The North Carolina-based company also reduced M&A integration time by 83% and simplified vendor access to OT systems, eliminating the need for expensive site visits. Finally, Cornerstone reduced the security risks associated with lengthy M&A processes, where legacy systems and disjointed security protocols can create vulnerabilities.
The future of secure connectivity in a zero trust world
As organizations evolve, so must their network infrastructure. ZT SD-WAN offers the flexibility, security, and scalability needed to meet the demands of a rapidly changing digital landscape. By simplifying network management through automation and centralized policy control, zero trust SD-WAN allows IT teams to focus on strategic initiatives rather than day-to-day maintenance.
The ability to integrate emerging technologies like AI and machine learning for enhanced security and performance monitoring ensures organizations are well-prepared for future challenges. These technologies enable predictive analytics and automated responses to potential threats, further enhancing network security and efficiency.
Investing in ZT SD-WAN today helps build a network foundation that supports long-term goals and positions organizations for success in an increasingly connected world.
What to read next
Five signs your traditional software-defined wide area network isn't keeping up
Recommended