My Fascination with Amazon Go

My Fascination with Amazon Go

Amazon Go Recently, Amazon unveiled the world’s first completely self-service, no checkout, grocery store — and it’s really captured the public’s imagination. Lines have stretched around the block to try the new, “no-line” experience. It’s the new topic of water cooler, coffee shop, and morning t.v. conversation. And
How to Transform Your Operating Model for the Cloud

How to Transform Your Operating Model for the Cloud

Transform Your Operating Model It can be tough for established organizations to embrace change, so when they start working with cloud-based technology, they're bound to encounter hurdles. While some companies transform themselves, others lag behind. So what gives? In truth, it’s not so much about the

Benefits of Virtualizing SD-WAN

As more companies adopt SD-WAN technology to enhance the agility of their networking architecture, they must give strong consideration to how and where to apply security across the network. There’s no “one strategy fits all” in terms of which SD-WAN product to implement, and what security model to adopt. In this article, I’ll talk about the approach of consolidating SD-WAN and security as virtual instances within the same hardware.

This approach is only viable for companies that don’t want to implement security in a central location but prefer to distribute it to the branches. For example, retailers with a lot of store locations can benefit from virtualized SD-WAN and security. Companies that fit this model typically have key applications that run at a centralized data center. They use internet VPNs at the branches to connect back to the mothership to access these applications. In addition, they need local access to the public internet in order to offer services such as guest access to the internet. With these requirements in mind, there needs to be some kind of security parameter at all the remote sites.

Benefits of Virtualizing SD-WAN

For companies that fall into this architectural model, SD-WAN provides the ability to direct traffic over split tunnels to accommodate the security needs. Traffic going from a remote site to the data center, or from one branch to another, is directed over an IPsec tunnel to ensure end to end security. Guest traffic at a branch location can go direct to the public internet via another tunnel for things like Facebook or YouTube with minimal application of security.

But to go to the public internet, SD-WAN only provides certain security features. It can do things similar to an access control list (ACL), but there are a lot of limitations to what SD-WAN can do. So, when a security parameter (like a firewall) is added at every location, it’s easy to over-complicate things. Now, every single policy is specific to a site. Consequently, it’s easy to end up with policy mismatches between sites because there are completely separate security devices at every one of these locations. What’s more, the cost of hardware and managing physical devices grows with each new branch.

An alternative to local devices is the full virtual security that is natively integrated with an SD-WAN. Versa, for example, allows customers to run a Palo Alto, Check Point or Fortinet virtual firewall on the same hardware device as the SD-WAN. The big value in consolidating to just one device is the ability to manage the two environments – the SD-WAN and the security environment – out of a single platform. Now, the management of security as well as the management of SD-WAN is fully centralized.

Virtualization increases agility

Virtualizing security makes it possible to move from a configuration-based security model to a templatized security model. The organization can build a template with all its ACLs and security policies and then push it to the entire network environment. Every time there is an update, it can be done on the central platform and simply be pushed out to the branches. This eliminates the mismatch between locations’ security policies as well as the complicated nature of physically logging into firewalls at every location to make changes.

When the SD-WAN and security are both software-defined, the underlying hardware can be an x86 white box. At that point, the hardware is an investment that can be reused to run anything. This provides the flexibility for the organization to change its SD-WAN, or its security, without having to pay for new hardware. Of course, in the scheme of things, the software licenses tend to be the more expensive part of the equation; not the hardware. Nevertheless, there’s a bit of a cost benefit from commoditizing the underlying hardware.

Virtualization increases agility for companies that need to turn up or turn down sites often. For example, think about engineering or construction companies that need to support an office or showroom at a project site. The office might only be needed for six months to a year. It must be connected to the WAN for that short time period, then disconnected when the project is done. The company can have a runbook where temporary locations get a plain server and the virtualized SD-WAN and security licenses are migrated onto that server for the short time needed. The site can be turned up quickly without having to pack and ship a physical firewall, which would have to be packed up and shipped out once again at the end of the project.

There’s another aspect to the split tunneling mentioned earlier. Many companies are increasing their use of cloud services like Office 365 which come with their own security features. For people in the branches who use such applications, the traffic going between the branch and the application service is encrypted, so the company doesn’t necessarily need to apply a lot of security measures. Some may choose to deploy a CASB, or cloud-based security. Deploying the security parameter at the SD-WAN device and having the ability to run a CASB-type of license at the edge adds a lot of value.

Virtualization provides significant benefits to companies that host a large percentage of their applications across different regions in the cloud. Consider the global company that has critical business applications on AWS in North America, Asia Pacific and Europe. Virtual edge SD-WAN devices and virtual security platforms can be deployed on these AWS instances such that they become an actual part of the company’s WAN rather than being an outside resource. This approach greatly increases cloud application performance while maintaining a consistent way to enforce security on enterprise applications.

To sum it up, companies with a lot of branches can benefit from virtualizing their SD-WAN and security in one device and using templates to push security to each location. This model reduces hardware costs, simplifies security management, and increases flexibility for the entire organization.

By Hamza Seqqat

Hamza Seqqat

Hamza Seqqat, Director of Solutions Architecture, Apcela

Leading Apcela’s solutions architecture efforts, Hamza is responsible for collaborating with customers to design cloud-ready, next-gen solutions. While his core responsibility is supporting a team of solutions consultants and working closely with enterprise customers, he also works with Apcela’s product team to develop new offerings. Prior to joining Apcela, Hamza designed and deployed the core network infrastructure for large carriers including: Time Warner Cable, Charter and Windstream. Additionally, he designed and deployed DukeNet’s first 100G core network.

View Website

TOP ARCHIVES

Built to Last: Choosing the Right Infrastructure Partner for Your Game

Built to Last: Choosing the Right Infrastructure Partner for Your Game

Choosing the Right Infrastructure Partner There are millions of gamers around the globe, and according to gaming market research firm ...
GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
Advanced IoT systems provide analysis catalyst for the petrochemical refinery of the future

Advanced IoT systems provide analysis catalyst for the petrochemical refinery of the future

Advanced IoT Systems The next BriefingsDirect Voice of the Customer Internet-of-Things (IoT) technology trends interview explores how IT combines with IoT to help ...
The Current Wave of Smart Home Technology

The Current Wave of Smart Home Technology

The Future of Smart Home Technology Some say the vision of smart homes kicked off with the invention of household ...
2019 Big Data and Data Science Predictions Through the Lens of Comedy Movies

2019 Big Data and Data Science Predictions Through the Lens of Comedy Movies

2019 Big Data and Data Science Predictions It’s that time of year again when I look into the Crystal Skull…er, ...
Four Tips For Better Information Security In The Cloud

Four Tips For Better Information Security In The Cloud

Information Security Businesses are increasingly relying on cloud based application deployments and are open to entrusting their most critical data to it. Unlike the early days of cloud, now, there is wider acceptance that cloud-based data can be as secure ...
10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent of organizations store sensitive information in the cloud, according to a recent Intel security survey. As a result, the risk ...

CLOUD PROGRAMS

Microsoft Professional Program in Cybersecurity

Microsoft Professional Program in Cybersecurity

As the number of cyberthreats continues to increase, the demand for skilled cyber professionals is also growing. Become knowledgeable on the wide set of skills that will allow you to start or grow a cybersecurity career. Protect. Describe the current threat ...

$990.00Learn More

CISSP® Exam Prep Course

CISSP® Exam Prep Course

The CISSP® Exam Prep Course prepares test-takers for the Certified Information Systems Security Professional exam, as administered by the International Information System Security Certification Consortium (ISC)2. The CISSP® certification is recognized worldwide and adheres to the strict standards of ISO/IEC ...

$549.00Enroll Now

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.