SD-WAN and SASE – a secure WFH platform
By Wesley van Rayne, Principal Engineer at Redvine Networks
The ongoing pandemic and resultant lockdown have seen companies of all sizes and industry sectors being required to embrace work from home (WFH). However, it is not as straightforward as giving an employee a laptop, dedicated internet access (DIA) even if it is broadband and hoping for the best. For WFH to be successful, organisations need the assurance that employees will have the same connectivity experience and functionality of the corporate network at home as they would at the office.
The security of the connection should always be a top priority. The past few months have seen an increase in demand for users to easily log into the corporate back-end from home using any number of private electronic devices. However, these often do not have the same level of security protocols in place that exist in the corporate environment.
Unfortunately, DIA connections are best effort and do not have any way of prioritising one traffic type over another. This means IT teams have no way of effectively optimising systems to cater for the increase in demand from remote employees. And if a link goes down, the remote worker is completely cut off significantly impacting on the productivity of teams.
Traditional virtual private network (VPN) tunnelling over DIA is also a challenge as this does not provide the robustness required from security and usability perspectives. This tunnelling is also not designed to scale according to the traffic requirements on the network given the influx of remote connections. For example, from a one to one ratio to a one to many and back again. There are also difficulties in monitoring user activity to ensure that only authorised devices are accessing the network. Beyond this, the company must also understand which applications are used and easily remove unwanted ones that interfere with business critical solutions.
Embracing SASE with SD-WAN
With the continuous shift in end client requirements, the necessity to deliver multiple services to the end point, seamlessly integrated with existing infrastructure has become increasingly relevant. These services need to be delivered regardless of the end user infrastructure (connectivity and client device with little to no reliance on traditional network core/ backbone infrastructure). In this context, it also means that network relatively, security; client endpoint secure and secure content delivery needs to be delivered as a single solution, through multiple mediums.
This is where software-defined wide area networking (SD-WAN) comes into its own. In recent months, SD-WAN has become an integral component to ensure the security of operations given the reality of remote working. At Redvine, we believe that security must be a given. In effect, SD-WAN is about providing an enterprise-grade VPN that delivers high-availability security, connectivity, and access regardless of the physical location of users. It also supports secure access service edge (SASE) capabilities to deliver comprehensive security functions. We are able to deliver this through our combined endpoint application control, with SD-WAN and cloud delivered next gen security capabilities to not only meet, but also exceed these requirements.
From a technical perspective, SD-WAN solutions can differ significantly in feature set. For example, one of the Redvine vendor offerings uses IPSEC over UDP 2426. Encryption for data plane traffic can be configurable up to AES-256 and the technology supports two-factor authentication via an SMS pin and single sign-on using OpenID Connect.
More practically, SD-WAN decouples network software services from the underlying hardware. Effectively, it ensures that the entire network infrastructure can be managed, optimised, and even upgraded from a software perspective. From an orchestration perspective, the Redvine solution features a central Web-based management and configuration platform that runs on HTML5 making it accessible from most devices.
Not only does SD-WAN optimise application performance by providing consolidated monitoring and visibility across multiple WAN links and service providers (ideal for hybrid cloud environments), but it simplifies network management. In other words, organisations can provision branch and remote offices faster with an automated zero-touch deployment, easy configuration, and centralised troubleshooting tools. No more visiting remote sites or being physically in front of a connected device to ensure it is secure. And while being able to better secure calls made using the likes of Microsoft Teams, Skype, Zoom, is critical, SD-WAN also optimises the quality of these calls with the way it manages network traffic.
Ultimately, SD-WAN provides organisations with a secure solution delivering the enterprise-class connectivity and access required for this new operating environment. Using this, a business can expand its VPN reach all the way to the remote employees without needing to deal with the challenges of a DIA link. Furthermore, this connection is compliant with corporate security standards providing peace of mind that access is only given to those who need it.
The software customisation offered in an SD-WAN environment ensures critical business applications (think video conferences) are protected and more reliable. The technology prevents any unauthorised devices connecting to the personal ‘tunnels’ linking the home employee to the corporate network.
The flexibility of SD-WAN makes it the ideal platform to meet the rapidly-evolving infrastructure needs of organisations today. It is an all-in-one value proposition that provides a secure connection and optimises the last mile link. Most WFH solutions on endpoints do not have visibility of the links nor can they fix anything when the quality gets poor.
There is simply no more returning to the traditional approach of connecting employees to the corporate network. It is now about unifying the available infrastructure to deliver business benefits and help keep vital data secure.