Combining networking elements like SD-WAN and security tools into a single operational environment is something NTT’s “largest clients are having difficulties solving,” VP of Cybersecurity Stefaan Hinderyckx said at Netskope’s SASE Week event.
Covering these components in what Hinderyckx calls the current “edge-to-cloud topology” is made even more complicated by an industrywide skills gap. Even so, the transition from hardware-based networking to SD-WAN and stronger security infrastructure has been made unavoidable by the new reality of hybrid work and cloud-based applications.
Hinderyckx noted that increasing convergence between security services edge (SSE) technology and SD-WAN will help move the industry away from MPLS and VPNs – an acronym which he has re-dubbed “very poor network” due to the tool’s limiting scalability and need for a backhauling of traffic.
“MPLS is horribly expensive. The telcos have been riding that wave and making phenomenal margins for years,” Hinderyckx added. But he said people have come to realize the Internet is “strong enough and solid enough to actually run all of your traffic, including the mission critical traffic across.”
Hinderyckz noted the best return on investment (ROI) comes when organizations take on SD-WAN as their first project. “SD-WAN has some very strong return on investment advantages,” he said.
He explained SSE elements – including zero-trust network access (ZTNA), Cloud Access Security Broker, secure web gateway (SWG), and firewall-as-a-service (FWaaS) – typically come into play very quickly after SD-WAN. “It's a natural symphony of both movements,” he added.
Single Pane of Glass vs. Best-of-BreedOrganizations go for SD-WAN and SSE with a best-of-breed, best-of-suite, or full managed-service approach, and there are varying opinions on which is the right choice. “There's three use cases and it's all complimentary,” Hinderyckz said.
He added there's pros and cons to having a single pane of glass across an SD-WAN and the SSE infrastructure, versus choosing the best SSE solution and the best SD-WAN solution.
“I don't think there's a better solution. It all depends on the client's topology on the current SD-WAN estate, on the current security estates, and how do you get from A to B,” Hinderyckz reasoned.
He suggests organizations consider their current infrastructure, cost base technology, service-level agreement (SLA), and managed services. Because these projects are “quite complicated,” Hinderyckz indicated a three-year roadmap is often the right timeline to pursue.
“What I would recommend is don't just go out there and buy a product,” Hinderyckz said. “Go to someone who understands both worlds and have a consulting-led approach where you can get the best of both worlds.”
Chief Information Security Officer (CISO) Facing Skill Gaps Should Break Security, Networking SilosMany Chief Information Security Officer (CISO) have attempted to solve emerging problems in isolation through single solutions like CASB or data loss prevention (DLP), according to Sushila Nair, VP of security services at NTT Data Services.
“At the same time, we've had this enormous skill shortage,” Nair added. “Most Chief Information Security Officer (CISO) today are under incredible pressure.”
Chief Information Security Officer (CISO) are often challenged pursuing simplified policy deployment, but Nair said with front-end engagement to plan for networking and security convergence, they will be able to phase out some of these unnecessary or redundant security solutions.
She said this “tool catalog reduction” can eliminate costs and re-architect the network for new risks. However, Nair warned that organizations whose networking and security teams are still siloed will have trouble moving forward.
“In organizations people like to speak to their tribes,” she said.
As organizations put an SSE and SD-WAN convergence strategy together, they have to bring the stakeholders together. “This is a journey and a phased approach is gonna bring you the most benefit,” Nair explained. “And having those stakeholders in there really allows you to align and get the most benefit out of it, both from a security and a financial perspective around networking.”