Blog · 09 Jul 2021

3 essential actions to implement SD-WAN securely

As companies are forced to open up their networks, how can they do so securely without exposing their data and operations?

Steve Mulhearn
Director of Enhanced Technologies, Fortinet

Looking back over the past 18 months, it’s fair to say that the pandemic has forced a lot of organisations down a route they didn’t necessarily want to go down.

Just to keep running, many companies had little choice but to move core assets, data, and applications online and open up their private networks to remote access. And while this accelerated their digital transformation a lot faster than planned, the trade-off was that many security teams didn’t have enough time to prepare for the new risks they had to take on.

SD-WAN offered companies the flexibility to connect businesses across a wide range of locations and prioritise traffic, all while still using their underlying network. In 2020, around 30% of enterprises were using SD-WAN, and that’s set to grow to 60% by 2024. But with such a huge amount of their valuable data now online and a growing attack surface outside their trusted perimeter, it’s understandable that many of the companies I’m speaking to aren’t comfortable with the level of risk they’re now operating with. 

There is a way to navigate through this situation to a more stable position. Here are 3 key areas to focus on to manage your risk and move forward with a secure network.

1. Rethink your strategy

Many organisations are finding that they’re needing to rethink their security strategy because they’re handling a lot more personal data over the internet than they’ve ever had to before. One large organistion I’ve been working with in the food industry, for example, has seen 82% of their sales move online during the pandemic. Suddenly, GDPR compliance is a top priority. If businesses don’t stick to the guidance, they risk fines and reputational damage which will also lose them customers.

It’s time for a rethink. Start by looking at ways to encrypt your data, maintain safe storage and use best-of-breed technology to process everything securely. SD-WAN brings much-needed agility that MPLS just can’t deliver, but the network transformation made possible by SD-WAN comes with an increased level of risk. Accept this, and work with it. Explore ways to integrate security into your SD-WAN from the outset.

2. Re-evaluate your risk appetite

Risk appetites will vary massively from industry to industry, and you need to be honest about the amount of risk your organisation is willing to handle. For example, the evolution of retail means that increased flexibility and scalability are critical, so the benefits of SD-WAN may outweigh the risks in this sector. However, for financial services organisations, the risk of data exposure can have far more serious consequences and these organisations are often far more hesitant to let precious data leave their perimeter. Manufacturers are also exceedingly cautious around SD-WAN deployment, because connecting their operational technology to the outside world, exposes them to intrusion and costly downtime, which for larger companies could cost millions in just a single day.

During the past 18 months of accelerated digital transformation, both your business model and your risk appetite might have changed. A big move to trading online, for example, can shift your attitudes towards cyber threats and security. So, carry out a thorough reassessment of your risk appetite to make sure your security strategy fits your new approach.

3. Address silos and skills shortages

Networks and security can no longer be kept separate. Organisations are going to have to break down historic IT silos if they’re going to successfully deliver secure network solutions. Generally, SD-WAN has always been labelled as a network problem, but due to the changing risks organisations are now taking on, security teams are also having to provide a budget for deployment. Just like the technology, departments are going to have to converge to help their networks evolve securely.

Regardless of industry, businesses are generally finding they don’t have all the necessary skills in-house. Across the board there’s an IT skills shortage, and this is holding many organisations back on their digital transformation journey. Last year, we found that 73% of organisations had at least one breach or intrusion over the previous year that could be partially attributed to a gap in cybersecurity skills. Deploying SD-WAN means taking on a more complex infrastructure and adding that burden onto an already limited security team clearly isn’t ideal.

You’re going to have to shake up your thinking to put a successful approach to SD-WAN in place. This will involve finding ways to break down those silos, as well as working with partners to access the SD-WAN expertise you need.

Consider co-sourcing for a secure future

Finding the level of expertise needed to manage the convergence of networks and security is challenging and therefore managed security service providers are becoming an increasingly attractive option to companies of all shapes, sizes, and sectors.

At Fortinet, we understand the value that secure SD-WAN can bring to many different industries and know that organisations face different challenges and risks depending on their unique requirements. That’s why, alongside BT, our unique approach to security-driven networking enables us to offer a secure SD-WAN solution with organically developed routing, SD-WAN and security – all powered by our FortiOS operating system.

The BT and Fortinet partnership taps into years of experience in both networking and security that we’ve refined during a decade of working together. So you get the peace of mind that comes with working with two globally trusted security providers, both widely recognised by IT analysts as leaders. Together we can help you stay ahead with our experience and unrivalled understanding of cybersecurity threats.

To find out more about our managed secure SD-WAN solution, visit:  https://www.globalservices.bt.com/en/solutions/products/managed-firewall-security

Contact