SD‑WAN is quickly evolving from upholding physical on-premises connectivity to becoming cloud-centric. This was accelerated by the Covid pandemic, where remote work was accelerated, and redefined networking in the process. The hybrid workforce – blending on-site, remote and work from home (WFH) – and other cloud use cases are now second nature.
This disruption has resulted in more sophisticated threats, which in turn has elevated the urgency and importance of holistic security. In response, this new reality for SD-WAN necessitated employing a new policy-based framework of security management known as Secure Access Secure Edge (SASE) in conjunction with Zero Trust (ZT) authentication to access cloud-based applications and data.
Developed by Gartner in 2019, SASE redefined SD-WAN security architecture in response to the disappearing physical perimeter which governed enterprise network security for generations. SASE addresses two major trends. The first is long-standing migration of applications and data from the data center into the cloud, presenting a new host of security challenges. Second, the post-Covid workforce is returning from WFH, to a hybrid model, with dramatic implications.
SASE is a distributed security architecture where security functions are hosted in the cloud (vs. the data center), and is intended to address the cloud-centric enterprise. Enterprise end-users simply connect to a local cloud access network.
Zero Trust (ZT) – a companion technology proposed by Forrester Research in 2010, eliminates the notion of trust, necessitating that access must be granted for each application transaction. Every time cloud-hosted resources are accessed – data, applications, or other resources, ZT dynamically assesses whether the requesting user has the privileges, the context is appropriate, as their identity is authenticated. Only then will access be granted to the specific applications and/or data requested.
Staying on top of secure SD-WAN challenges
The MEF has a number of projects underway in response to the SASE wave. Spirent is a leading contributor to the MEF SD‑WAN Security testing initiatives, including Application Security for SD‑WAN (MEF 88), along with the emerging Secure Access Service Edge (SASE, MEF 117) and Zero Trust Framework (ZTF, MEF 118) projects. Spirent is leading the Security Test and Certification Incubation Group to explore how MEF can certify the emerging security standards. In addition, Spirent also drove creation of the first SD-WAN certification program, with MEF selecting Spirent as the first, and currently primary, Authorized Certificate Test Partner (ACTP) for SD-WAN.
While MEF is steadily paving the way towards Secure SD-WAN in the near-term, enterprises, managed service providers (MSPs) and managed security service providers (MSSPs) must ensure their solutions perform as expected for their customers. At times, these organizations do not have the qualified technology expertise, time, or budget required to ensure an SD-WAN solution’s holistic promise. In instances like these, a trusted, vendor-neutral testing and validation partner is required.
Enterprises, managed service providers (MSPs) and managed security service providers (MSSPs) must ensure their solutions perform as expected for their customers.
Spirent’s deep experience with SD-WAN also extends into the delivery of security solutions across a broad range of customer challenges and is the leader in 5G testing. Spirent has developed an extensive portfolio of testing platforms based on our proven network and cybersecurity testing methodologies. In addition to products, Spirent offers a range of testing services that leverage our extensive expertise working with the world’s largest managed service providers to provide customized solutions for design and pre-deployment testing.
Empowering the realization of SD-WAN’s promise
SD-WAN ushers in a new era of cloud-based services, which tailor the network to the application demands. However, migration to the cloud incurs challenges of reliable interoperability and inherent inefficiences. This includes new risks and vulnerabilities as the potential attack surface increases dramatically with an explosion in endpoints and increased use of publicly accessible networks.
The complexity of SD-WAN services is further complicated by the virtualization of SD-WAN endpoints and controllers, which introduce a new set of challenges. Any organization attempting to address these complexities on their own, without a deep bench of expertise and technology capabilities, faces serious challenges. For additional details on how Spirent’s SD-WAN validation approach may benefit MSPs, MSSPs, and their vendors, download our new SD-WAN eBook, Paving the Way to Secure SD-WAN.