Why security should be the first step on your SD-WAN journey

Like Comment

One of the compelling reasons to switch from an MPLS network to a Software-Defined WAN (SD-WAN) is the affordability of access circuits. Typically, internet access circuits can be more cost effective, allowing some organisations to achieve notable savings, increase performance by making more effective use of bandwidth and improving business continuity.

SD-WAN is also a game-changer for digital transformation and an enabler for using cloud services.

It changes the way you deliver internet breakout to your organisation. With a conventional WAN, internet breakout is typically centralised at a hub site, where a traditionally-monolithic security stack protects the organisation against cyber threats.

In contrast, SD-WAN can provide local internet breakout for each branch site. Users can enjoy a greatly improved experience when accessing cloud services, with none of the latency associated with backhauling to the hub.

Consequently, you cannot count on the centralised security stack for protection. You need to secure each local internet breakout point.

Historically, that would have demanded investment in security appliances at every site — for many organisations, especially those with large numbers of branch sites this is not an economical option. Neither does this scale effectively with the increased uptake in cloud services and web traffic.

Better protection with Cloud Security

Fortunately, there’s an alternative way to secure local internet breakout at the branch: shift to cloud-based security.

Advanced Cloud Security solutions tend to be those that were purpose-built as cloud platforms, rather than adapted from on-premises offerings. They leverage elastic scalability and benefit from utility-based consumption models that do away with capital investment.

Compared with onsite firewalls and security appliances, Cloud Security also offers additional benefits:

With a predominantly desk-based workforce, access to resources was typically controlled based on IP address or LAN segment. However, as mobility increasingly becomes the norm — especially with BYOD — this approach is no longer sufficient.

The protection provided by on-premise security doesn’t extend beyond the enterprise perimeter. Cloud Security solutions, however, deliver security policy where access to resources can be driven by not only network location, but also a user’s identity and device posture.

The policy follows the user, and provides protection that’s appropriate to the environment they’re in:

• Logging on from the office means less rigorous challenges for access and inspection.
• Logging on from a coffee shop means more access challenges (eg Multi-factor authentication) and more restricted access to sensitive data.

Cloud Security solutions can also offer secure alternatives to traditional VPN-based remote access solutions. Access is governed by a ‘cloud broker’ that allows connectivity between the end user’s device and the corporate resource. All traffic is outbound, and is securely tunnelled via a secure cloud, which prevents the end-resource from being exposed to inbound threats from the internet.

On top of that, sophisticated Cloud Security solutions are starting to use AI and machine learning to protect organisations against zero-day threats.

Back to SD-WAN and why it pays to think about security first

Organisations adopting SD-WAN often begin their transformation with a gradual switch to internet access circuits, typically as their MPLS circuits contracts expire. But here’s the thing: as soon as you implement the first internet access circuit at one of your sites, your organisation’s security posture changes. The site is no longer reaching cloud resources via the central hub and security stack, but via local internet breakout.
Our recommendations are:

1. Think bigger picture – Plan for both network and security transformation as part of the process. Consider what other projects could be delivered through the adoption of SD-WAN and Cloud Security – eg UC and other cloud-migration initiatives.

2. Consider making security the starting point of your SD-WAN journey. Shift your security stack to the cloud and nail down identity and access management.

With Cloud Security and a solid Identity and Access Management platform/strategy, and the confidence that your organisation is protected by a robust and scalable security platform, you should be able to capitalise on all the benefits of SD-WAN — including reduced connectivity and cloud costs, higher quality collaboration and improved network performance/visibility.


Xalient is an award winning, disruptive network transformation company that specialises in software-defined networking, cloud security and unified communications, providing an innovative and independent alternative to traditional service providers. Our services are provided to large and global enterprises through a range of consulting and managed services, delivered from offices in the UK and USA.

A market disruptor designed for a cloud-centric world, Xalient was established to challenge traditional providers with an alternative value proposition – one that differentiates through innovation, responsiveness, flexibility, deep expertise and independence.

Our service portfolio ranges from consulting strategies and assessments through to solution design, deployment and fully managed services, incorporating market-leading technologies (including SD-WAN, Cloud Firewall, Secure Remote Working, Identity and Access Management and Zero-Trust Networking) in each of our specialist areas.

In 2021 Xalient was named by Dun & Bradstreet as #6 in its inaugural Accelerate 50, recognising the 50 fastest growing tech companies headquartered in the UK.

Click here to view our YouTube Channel 

1 Contributions
0 Following