By Hubert da Costa, Senior VP & MD EMEA, Cybera
When it comes to connecting remote locations and deploying new applications, virtual private networks (VPNs) have been the mode of choice for pretty much all financial services organisations. However, as the data landscape has evolved and with financial services organisations becoming increasingly decentralised, it has become clear that VPNs can no longer deliver the benefits for which they were originally intended.
Today’s typical IT infrastructure comprises big data, mobility, cloud, Internet of Things (IoT), and more. It continues to extend the enterprise perimeter, and as new applications are required by distributed locations, the cost and complexity of adding more VPNs to secure them ramps up considerably.
That’s why more and more organisations are turning to innovative, multi-layered security solutions to secure and protect assets. This is where Secure Software Defined Wide Area Network (SD-WAN) for the Network Edge has come into its own. Secure SD-WAN at the Edge puts the power and security of the compute resources as close to the sources of data as possible – i.e., at the network’s edge – near where the work is actually being done. The power of secure SD-WAN Edge lies in taking a defence-in-depth approach while at the same time decreasing the enterprise attack surface by logically segmenting the network on a per application basis. Additionally, this multi-layered security methodology is offered with the architectural simplicity, scalability, reliability and significant cost savings of a virtual overlay network.
The majority of those responsible for data security in today’s increasingly distributed financial services organisations know only too well the challenges that lay with traditional connectivity solutions, such as VPNs:
- Complicated Deployment/Management – Connecting new locations and new applications is hard. Each location may have multiple devices, different device configurations and various security requirements. Turning up a new location on a VPN requires experienced IT staff to deploy, manage, troubleshoot and support. Today’s increasingly decentralised financial services ecosystem means security configurations may be deployed and/or managed by anyone from a highly trained professional to a novice. This opens-up edge compute locations to the possibility of misconfigurations or inconsistent configurations, and consequently, dangerously vulnerable to security risk.
- Costly –The capital expenditure for acquiring, deploying, managing and supporting various point solution hardware, public IP addresses, and software continues to rise. In addition, the cost to hire and retain highly skilled IT professionals capable of managing the entire infrastructure – from HQ to the remote sites – is increasing. And, when such skilled professionals are tasked with managing and putting out fires in this area, it takes them away from activities that could more directly impact competitive advantage, profitability and shareholder value.
- Rigid– Adapting to changing network needs, turning up new applications, or responding to new security threats, such as ransomware, malware and spoofing, must be automatic or rapidly executed to ensure security and business continuity. Traditional connectivity measures are inflexible and require labour-intensive efforts to execute and manage adequately.
Straightforward and Uncomplicated
As financial services organisations continue to decentralise, and more business data is created and utilised at the network edge, a straightforward, uncomplicated solution to securely connect and manage them is required.
Secure SD-WAN Edge technology streamlines enterprise networks and significantly reduces the capital and operational expense of managing enterprise WANs. Secure SD-WAN Edge technology effortlessly extends the multi-layered security defenses utilised in corporate data centres to branch locations and remote ATMs. Most importantly, secure SD-WAN Edge allows mission-critical infrastructure such as ATMs and electronic card readers to co-exist with public applications like Wi-Fi on a single network while providing application-specific security and end-to-end network segmentation. These applications are segmented into their own dedicated logical networks, preventing them from intermingling with other application traffic on the network.
With secure SD-WAN Edge solutions, these applications are connected in a cost-effective, scalable way without compromising security. This is a distinct benefit over VPNs, which provide an either/or scenario: either all traffic intermingles on one VPN, which is lower cost but very insecure; or all traffic can be segmented on separate VPNs, which requires more cost and complexity to maintain security.
Virtualises the WAN
Secure SD-WAN Edge virtualises the WAN so that all network intelligence is handled in software.
For example, remote locations can be defined simultaneously and then kept perfectly in sync using centralised cloud-based policy administration inherent in SD-WAN Edge connectivity models. This groundbreaking architecture helps reduce expenses and complexity, while increasing network flexibility. Best of all, it can be piloted in your network incrementally on a branch-by-branch basis, mitigating concerns about network disruption, and giving you a quick way to determine the return on your investment.
Where to start?
Here are the high- level steps for financial organisations that wish to commence their secure SD-WAN Edge journey:
- Identify and engage all key stakeholders in creating and/or approving the Strategy & Program (IT, security, legal, regulations compliance, C-suite)
- Develop a data connectivity and security program for HQ, as well as your remote locations
- Do your homework – explore multiple solutions and vendors, seek guidance from trusted partners/advisors
- Narrow your search, conduct POCs (proof of concept testing)
- Once chosen, roll-out incrementally on a branch-by-branch basis