Perhaps more than in any other part of your network, your SD-WAN strategy needs to be equal measures networking and security.
By definition, the SD-WAN interfaces with and runs across external, often public, networks – the source of many threats.
Additionally, the site networks, whose traffic flows across your SD-WAN, are likely to be multifaceted.
Each site will likely handle critical business applications, provide access to cloud services, handle common web browsing, and often handle Internet traffic generated by visitors and guests.
Each of these traffic flows has different security needs. And, to these elements we add the need to secure the SD-WAN infrastructure itself.
Growth in IaaS, PaaS, and SaaS all impact your SD-WAN and attacks on branch office users can expose the corporate applications and data they use.
You will find no argument on this topic. Security is an essential aspect of SD-WAN.
An overarching question is where physically to implement security – at each branch office, in the cloud or at a central headquarters location?
Security elements are likely required at all three. But, where to begin?
Simplify with comprehensive, integrated WAN Edge security
83% of businesses say their organisational and IT complexity is increasing the risk of security breaches. While local breakout simplifies application access across your branches, it also opens your network to threats by exposing it to the Internet.
To protect your network without increasing complexity, you need a comprehensive, multi-layer security strategy that doesn’t require adding infrastructure in every branch.
Citrix SD-WAN increases your security posture with a built-in stateful firewall that allows you to centrally define application-centric policies that limit or reject traffic by applications and zones.
You can also add a fully-integrated security stack with web filtering, IDS/IPS and malware protection to guard against threats without compromising performance.
With a cloud-based single pane of glass, you can simplify deployment, management, and monitoring without having to configure multiple products from multiple vendors.
In addition, Citrix has partnered with industry leaders like Palo Alto Networks, Zscaler, and Symantec to deliver joint solutions that enable SD-WAN to be a transparent gateway for Secure Web Gateway (SWG) service.
Ensure security compliance
No breach is inexpensive, but when you have specific data compliance requirements from HIPAA, PCI-DSS, and GDPR, a breach could cost you millions. In fact, the average cost of a healthcare data breach is $429 per record.
To maintain strict compliance requirements or to maintain separation between Security Operations (SecOps) and Networking Operations (NetOps) teams, Citrix offers an SDN/NFV-ready platform which host various virtualised network functions (VNFs) to provide advanced, next-generation firewall capabilities.
Secure the branch with cloud network security
It’s important to protect your branches against threats that may breach Internet or cloud connections. In addition to the fully-integrated edge security stack, Citrix SD-WAN offers security with leading cloud-based network security services.
You can keep your preferred security vendor and allow Citrix SD-WAN to automate the connectivity to these leading cloud-based secure web gateways for your branches.
Because Citrix SD-WAN Orchestrator handles all provisioning, your network is just a few clicks away from being connected to local security enforcement points.
This provides strong SD-WAN security for your users, apps, and data at the branch, without compromising the SaaS experience.
This article was published in partnership with Citrix.