IT Vortex - Managed IT Services

SD-WAN Projects Must Involve the CISO

Extending advanced services to the WAN Edge of the network can have a serious impact on a security architecture and strategy. News cycles are filled with stories about critical network breaches that began by taking advantage of some neglected element of the network, whether by exploiting a vulnerable IoT device or by hijacking some wireless access point at a remote retail location.

Those stories are almost always the result of an organization failing to have a single, consistent security strategy that can shine a light into every corner of the network. Which is exactly why organizations cannot wait until the analysis and selection of an SD-WAN solution has been completed before asking the security team how they should go about adding protections to this new solution.

When CISOs are engaged in the selection of a Secure SD-WAN solution, they not only enable their organization to build a robust WAN edge, but they can also ensure that those connections don’t become the weak link in the security chain.

Security Needs to be Part of the SD-WAN Strategy

What’s needed is a Secure SD-WAN solution that deeply integrates network connectivity functions with advanced security so that they function as a single, integrated system. The CISO and security team are uniquely qualified to not only provide critical analysis of the security capabilities inherent in any solutions under consideration, but also weigh in on the compatibility with security deployed across the rest of the network. When done properly, an SD-WAN solution should enable security teams to extend existing security strategies to the WAN Edge through the SD-WAN solution, rather than trying to wedge a new security solution into an existing security framework.

For example, a Secure SD-WAN solution, especially one that includes direct internet access, needs to ensure that all connections are automatically secured. This requires the implementation of an NGFW, not as a separate appliance, but as a fully integrated solution so that networking and security functionality are seamlessly integrated together.  

Likewise, web applications not only need to be identified and given appropriate connectivity status, such as QoS or weighted queueing, but things like cloud access security brokers (CASB) need to be included to provide in-cloud application assessments and to ensure authorized access to SaaS connections. This helps maintain the integrity of web applications and related data while also preventing the introduction of shadow IT.

And rather than requiring the security team to bolt on security after the fact, a true Secure SD-WAN solution should include a full range of security tools right out of the box that can ensure ultimate WAN edge security. This should start with an NGFW-based appliance that includes full SD-WAN functionality along with all necessary security functions – including IPS, anti-virus/anti-malware, and web filtering, as well as seamless integration with cloud-based services such as web application firewalls, sandboxing, and CASB – as part of a single, fully integrated solution.

In addition, and perhaps most importantly, all of these elements – both the advanced networking functionality and the defense-in-depth security – need to be able to be managed through a single management portal. This enables administrators to see the entire WAN as a single system to see and trouble shoot issues, combined with granular controls that automatically tie WAN connectivity to security functions.

Secure SD-WAN Needs to be Part of the End-to-End Security Fabric Strategy

One of the biggest challenges that security teams face in today’s rapidly expanding IT infrastructure is keeping track of all of the new edges being created by IT teams. It can become impossible to keep pace with digital transformation demands if security teams are constantly forced to try and apply security solutions after the fact. IoT, mobile users, IT/OT integration, hybrid multi-cloud, and the WAN edge are all being introduced in some way or another across most organizations.

When new network elements are created in an ad hoc manner, such as adding SD-WAN, and  the central security team is not included in the architectural discussions from day zero, organizations end up with a hodgepodge of often mismatched security solutions that came with the chosen solution by default. As a result, this new service or solution may not be able to share and correlate essential threat intelligence, enable identical policy enforcement, or even provide consistent functionality with the rest of the security infrastructure. Far too often, by the time the security team is engaged, IT has already introduced critical security gaps into the network that can be expensive and time-consuming to overcome.

This challenge is precisely what a fabric-based architectural strategy was designed to address. With a master strategy in place, each security component is selected based on its ability to provide consistent functionality and enforcement, regardless of form factor (hardware, VM, or cloud), wherever it is deployed. They also need to run on the broadest array of public and private cloud environments possible to give the organization maximum flexibility for building and deploying whatever combination of networked environments is needed. This also ensures that interoperability is fast and easy to establish regardless of how and where organizations decide to expand their networks.

To help with this process, fabric connectors need to ensure that policies and protocols are translated seamlessly and accurately as they move between platforms. This allows each element to interoperate seamlessly to ensure critical threat collection and correlation. A threat detected in one place should be automatically shared across the entire distributed network to trigger a coordinated response.

Just as importantly, these solutions must be designed to function natively in whatever place they are deployed to maximize the use of local APIs and controls. And each of these components needs to also have been optimized to provide maximum performance so that security never interferes with business functions. This can only happen effectively if the CISO and security team are part of the discussion from the onset.

Make Sure You are Part of the SD-WAN Selection Process

From a security standpoint, extending digital transformation efforts to the WAN should be no different than adding new capacity or resources to any other part of the network. SD-WAN connections need to be a natural and seamless extension of the larger security strategy, and with as little overhead and cost as possible. And to make that happen, the CISO needs to be part of the broader IT planning and strategy process.

To achieve this, IT teams may need to be educated – and re-educated – on the need to strictly follow the corporate security fabric strategy. This includes adding the CISO to early strategy meetings where new networking ecosystems are being considered, and engaging with the security team from the very first planning sessions. When done properly, the organization will not only save money and manpower upfront, but perhaps save itself from serious damage later due to flaws inherent in an after-the-fact security implementation.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on tumblr
Share on whatsapp
Share on email

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions

Tech Tips, Cyber Threat Mitigation, Cutting Edge Technology, Cost Savings and More!

 

IT Vortex, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. You will consent to us contacting you for this purpose, by submitting the form.

Fortinet logo

Fortinet is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

microsoft logo

Name of the partner

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions

ACTI Logo

Technology Reseller and Distributor, Certified Implementation Expertise with all ACTi products and services. IT Vortex has worked with ACTi for over a decade implementing security camera solutions for a multitude of industries with AI, Facial Recognition, License Plate Recognition, Loitering Detection, Cloud storage, and more.

Amazon_Web_Services_Logo

IT Vortex partners with AWS via VMware for the VMware on AWS offering that allows for cloud services fulfillment via AWS utilizing the same VMware products many companies already enjoy the benefits from.

Barracuda Logo

Barracuda Technology is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Cisco logo

Cisco Technology is offered in our Cloud Hosting Platform via DUO for MFA. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Condusiv Technologies logo

Condusiv Technology is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dell logo

Dell servers are a key component offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dropbox logo

We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

DTEN logo

We use DTEN extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

ingram micro cloud logo

Our distribution preferred partner for our technology offerings.

Apply for this position

Fill out the form below and our hiring team will reach out to you as soon as possible

microsoft logo

Various Microsoft technologies are offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

mitel logo

Our telephone platform of choice. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

NEAT Logo

We use NEAT extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

observe IT Logo

ObserveIT/Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Proofpoint essentials Logo

Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Solarwinds Logo

Solarwinds is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Trend Micro Logo
veeam green logo

Veeam is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

vmware logo

Our Datacenter is built on a VMWare architecture. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

wasabi logo

Wasabi is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

zoom-logo

We use Zoom extensively to meet internally and externally. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Security as a Service (SECaaS) by IT Vortex

Pricing Calculator

Choose a service, answer a few simple questions, and receive an individual quote for our services

User count by type

Fill out the form and we will call you to answer all your questions