Many SD-WAN vendors in the marketplace today offer the promise of “simple” or “easy” SD-WAN deployment — all packaged with a rich set of features that enterprises can’t live without.
Yet all too often, “simplicity” comes at the expense of security. What’s more, this tradeoff is often made without the explicit knowledge or consent of customers and end-users, for whom security in the SD-WAN environment is of the utmost importance.
At CloudGenix, we take the security of our implementation extremely seriously, while making sure the complexities of doing so are transparent to the end customer or end-user. As a customer, you should never accept anything less from a vendor than the highest levels of security, transparency, and service — marketing claims notwithstanding. Being committed to using best practices for security with your SD-WAN deployment, we wanted to share some of the security features at CloudGenix that help set us – and any vendor – apart:
CloudGenix uses a combination of Manufacturer Installed Certificates (MICs) and Customer Installed Certificates (CICs) as part of the provisioning process, over a secured SSL channel. A MIC is a certificate installed/created by CloudGenix for a device at the time of manufacturing, and a CIC is a certificate created for a Customer Tenant at the time a device is claimed/provisioned.
Without Zero Touch Provisioning, it is impossible to guarantee that rogue devices will not join an SD-WAN fabric and access each part of the environment that becomes exposed.
By utilizing the certificate process and SSL to onboard devices throughout the provisioning process, CloudGenix avoids some of these common pitfalls experienced with other vendors:
With CloudGenix SD-WAN, all ports that have an Internet connection/label automatically have a firewall applied, allowing only VPN traffic to connect to these interfaces. With other vendors, this feature must be explicitly configured.
Leveraging a firewall by default for all Internet ports solves for the following challenges:
One of the biggest weaknesses of any VPN implementation is the keys used for encryption. If encryption keys are weak and/or rotated infrequently, it presents an opportunity for malicious actors to decrypt the traffic and intercept/inject themselves into the traffic stream.
CloudGenix takes advantage of several technologies and techniques that mitigate or eliminate the issues commonly associated with keys. Some of these strategies include, but are not limited to:
The heart of any SD-WAN system is its management console and associated analytics. Our approach to protecting this environment is the same as with the rest of our ecosystem: hardened security with minimal or zero user intervention.
We take a number of steps to protect the Management and Analytics of our SD-WAN:
While there are many more features and strategies that we at CloudGenix enable to enhance security, the above list provides a sample of what we do to help secure our customers’ SD-WAN environments.
When evaluating an SD-WAN vendor, make sure to ask tough questions about how they secure the environment on your behalf. The list of features for which vendors should provide answers as to how they are secured must include (but is not limited to):
Our belief at CloudGenix is that, while ease of implementation and use is obviously critical, it can never come at the expense of security. Customers deserve nothing less than industry-leading best practice, when it comes to securing their SD-WAN environments.
For more information on secure SD-WAN with CloudGenix, visit /network-security/sd-wan
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.