No 1 Security Solution for SD WAN
by Stuart Hardy - Director at OneSecure
As thousands of African companies start to investigate and/or deploy SD WAN solutions, one consistent question arises – Security implications.
The benefits of SD WAN seem to have resonated with many companies in Africa, providing an intelligent and cost-effective way to use the Internet to supplement, or even replace, expensive MPLS. And while SD WAN delivers tangible benefits which include faster access to web-based applications, lower cost and more intelligent application routing - the one thing it does that goes against most organisational mindsets, is the decentralisation and loss of control over security.
Diagram 1.1: Centralised security architecture
The SD WAN business case promises lower cost and better performance but is often undermined by the need to decentralise security and add a firewall at each branch break out to the Internet. In this regard maintaining the same level of security as in a centralised model is complex and prohibitively expensive.
Today, most organisations still run centralised security architectures, which secure Internet breakout from an MPLS network. But in a growing cloud application world and due to SD-WAN growth, this traditional architecture is breaking. Some of the challenges related to the Old Security Perimeter include:
- Users and branches are only protected when they are inside the secure perimeter making it challenging to enforce policies when outside
- It’s difficult and prohibitively expensive to replicate this (centralised) security stack at the edge when using SD-WAN or local Internet breakout
- Appliance driven security cannot keep up with the exponential growth of Internet, creating a bottleneck
- The security stack is often made up of a range of point solutions with little visibility or real-time analytics
- Deploying appliance-based security at the edge for hundreds of sites on SD WAN comes with a high cost, and logistical and management overhead - especially in Africa
- Secure remote access solutions still require users to connect to corporate HQ even when accessing cloud applications
- Secure remote access provides network wide access to users when remote.
Moving to Cloud Security with Zscaler
Moving your centralised security stack to the cloud is the only logical option when your users and applications are moving out of the network. Essentially it’s the same argument as when moving business-critical applications to IaaS like Azure and AWS, as opposed to placing applications on hardware in your head office.
With Zscaler, you can seamlessly protect your users, branches and applications in any architecture, which will underpin your drive into both SD WAN and cloud - making Zscaler
the number one security solution for cloud and SD WAN evolution.
Diagram 1.2: Full security stack in the cloud with Zscaler
Some key benefits include:
When you move your security to the cloud, you remove all the limitations associated with physical hardware, while positioning your company to easily evolve into greater mobility and cloud application delivery. With Zscaler your users will always be driven to the Zscaler cloud ensuring global policy enforcement no matter where the user is.
- Secure your users no matter where they are by routing all mobile user and branch based Internet traffic through the Zscaler cloud
- Secure all Internet breakouts without compromising security and maintaining same standard as the Head Quarters
- No appliances means instant deployment and evergreen scalability, with no logistical or High Availability issues
- Connect remote users directly to corporate applications and not the network (Zero Trust)
- Direct access to private cloud applications securely, bypassing the corporate network for faster private and public cloud application delivery.
Zscaler for SD WAN
The Zscaler Cloud Security solution is not only recognised by leading companies worldwide, but by almost all SD WAN vendors as the No 1 Cloud Security solution for SD WAN network designs.
Zscaler SD WAN integration partners include: Velocloud, Citrix, Riverbed, Viptela, Meraki, Aryaka, CloudGenix, Infovista, Nuagenetworks, Silver Peak, Oracle, 128T and Aruba.
Diagram 1.3. SD WAN with Zscaler example
In most cases, integrating Zscaler in a SD WAN deployment, is as simple as provisioning a simple API call at the click of a button. This makes sure all Internet traffic will go directly to Zscaler, ensuring comprehensive security enforcement and protection. This full inline inspection provides a full security layer and includes URL Filtering, Antivirus, Sandboxing, DLP and advanced L7 Firewall in the cloud.
Customers who deploy Zscaler get a central view of users, policies and application access through a single pane of glass and in real time.
It’s clear that the traditional appliance-based strategy is out-dated and is being replaced by a new generation of cloud-focused services. The benefits of IaaS solutions like Azure and AWS go beyond just the economics of Cloud, driving straight into the concept of digital transformation where organisations can quickly, efficiently and economically, take advantage of technology that will improve their business processes.
Zscaler has been the undisputed leader in Cloud Security representing the same values and digital transformation drive customers are looking for.