What do you think of when you think of integrating security into the WAN?
WAN Dynamics' Jason Gintert sees a changing connectivity landscape that presents no shortage of challenges to security teams.
The good news is that new security strategies and tools are taking shape in an almost equal measure.
Jason cites a handful of changes in newer platforms—like service chaining capabilities and open APIs that allow WAN and security teams to exchange information—as answers to evolving security challenges.
"The cool thing is that it seems like the WAN and the security stack are merging in some ways. There are more open integrations to a lot of those platforms now where you can tie the security elements you need in multiple places," said Jason in the latest episode of the pod.
If you've got WAN security on your mind—or if you want to hear Greg and Jason exchange pre-quarantine concert stories—tap below to take in this week's episode.
Subscribe to access all of our episodes:
Apple | Google | Spotify | Stitcher | TuneIn | Podbean | RSS
Key Takeaways
WAN and Security Functions are Converging
Driven by shifts in network architecture like SD-WAN and the adoption of local internet breakouts, the traditional model of backhauling all traffic to a central data center for security inspection is no longer sufficient.
This has necessitated the integration of security functions closer to where the traffic originates, whether at branch offices or user endpoints. As a result, the WAN and security stacks are merging, with security vendors adding WAN capabilities and SD-WAN vendors integrating security features, often through open APIs and service chaining. Tools are becoming more mature and distributed while still allowing for central management. This convergence requires greater coordination and collaboration between previously separate WAN and security teams.
The Shift to Remote Work Validates (and Accelerates) SASE and Zero Trust
The rapid move to a widely distributed workforce, particularly accelerated by the events in March 2020, significantly impacted network infrastructure and validated SASE and zero trust models.
Cloud security services were crucial for accommodating the sudden increase in remote users and the associated load, which traditional data center infrastructure couldn't handle. SASE, described as creating a "borderless network" where security inspection points are everywhere, close to the endpoint, is seen as here to stay.
This contrasts with traditional network-based security and requires monitoring traffic closer to the source, whether through agents on remote devices or potentially through emerging smaller, portable hardware appliances designed for work-from-home environments.
Overcoming Organizational Silos
While technical solutions for converging WAN and security, or implementing models like SASE, exist and are maturing, a significant challenge lies in overcoming organizational hurdles.
Historically, WAN and security teams have been functionally separate, leading to issues when decisions made by one team significantly affect the other. Integrating security into the WAN and adopting new architectures often requires breaking down these silos, fostering a more collaborative approach, and navigating the internal political landscape.
Greg Bryan
Greg is Senior Manager, Enterprise Research at TeleGeography. He's spent the last decade and a half at TeleGeography developing many of our pricing products and reports about enterprise networks. He is a frequent speaker at conferences about corporate wide area networks and enterprise telecom services. He also hosts our podcast, TeleGeography Explains the Internet.