Secure SD-WAN: Best Practices from Palo Alto Networks and CloudGenix

Sep 26, 2019
4 minutes

By now, most organizations have extended their IT infrastructure to the cloud. And many are using multiple clouds. ESG, in a recent webinar presented by CloudGenix and Palo Alto Networks, shared findings from a survey of 600 senior IT decision makers showing that 76% of respondents had already deployed multi-cloud environments, and nearly as many – 67% – were already using SaaS-delivered business applications.

ESG also talked about the challenges of not only ensuring network performance in these complex multi-cloud environments, but also making sure that SaaS-delivered apps are always on, are always secure, and always perform how employees need them to – especially employees in remote office locations.

In a traditional network architecture, applications are housed in an on-premise data center. Remote office workers access those apps via MPLS VPN connections. Routers enable the underlying network between geographically diverse locations, and firewalls deployed at both the central data center and at each remote office create a security perimeter.

But this approach simply doesn’t work in the world of cloud. Here’s why:

  • Cost – more routers are needed to deploy and manage as well as additional MPLS fees.
  • Complexity – already overcommitted teams must manage multiple systems to fulfill network and security needs across multiple locations, and traditional MPLS-based networks are notoriously hard to provision or modify.
  • Performance – with the rise of SaaS-based apps comes a need to not only ensure that networks are performing as needed, but that the apps critical for employees and customers are as well.
  • Security – data breaches and attacks are part of today’s reality, and in the world of cloud services where data is traveling over the public internet, there is no fixed perimeter to patrol.


Opportunities and Obstacles of SD-WAN

Many organizations have adopted SD-WAN solutions to solve for these issues, but they too present their own challenges. Most solutions require multiple hardware products for SD-WAN and security, which once again means more complexity and more cost. Some solutions that have separate roadmaps for features related to network and security, making it near impossible for an organization to simultaneously meet both networking and security needs.

So how can organizations cost-effectively and securely meet the needs of remote branch offices? In reality, overcoming the challenges presented by centralized network architecture or legacy SD-WANs means re-imagining remote office IT infrastructure. It needs to be cloud-delivered rather than based on complex hardware or software stacks, and:

  • WANs have to be unconstrained and highly reliable
  • Security has to be pervasive across multi-cloud, SaaS, and data centers
  • Unified Communications as a Service (UCaaS), voice, and video have to be highly reliable
  • Multi-cloud access has to be high-speed
  • IT operations have to be proactive


Next-gen WANs: The CloudGenix Autonomous WAN

The CloudGenix Autonomous SD-WAN uses global intelligence to deliver performance and security SLAs for all applications over any WAN-type. By providing app-policies aligned to business intent, direct access to multi-cloud and dev-ops frameworks, it delivers significant productivity gains and cost-savings compared to gen-1 SD-WAN alternatives.

Our new joint solution with Palo Alto Networks – and validated by ESG in the Secure SD-WAN: 7 Best Practices from Palo Alto Networks and CloudGenix webinar – combines CloudGenix Autonomous WAN with Palo Alto Networks Prisma Access, enabling organizations to deploy best-of-breed secure SD-WAN that is pre-integrated, requires no additional hardware or software to provision at the remote office, and lays the foundation for a zero-trust security architecture.

The joint secure SD-WAN solution enables organizations to:

  • Apply traffic policy to application traffic. No longer are they restricted to applying policy within the on-premise network. L3 is insufficient in a multi-cloud, hybrid model. L3 – L7 is ideal.
  • Ensure consistent performance and high availability by automatically monitoring performance metrics against threshold, minimizing the need for manual intervention.
  • Create policies in the cloud once and deploy them everywhere without the need for backhauling traffic to a controller
  • Via an easy-to-use platform, integrate other services to be used in conjunction with SD-WAN and deploy them with a few clicks

To hear experts at Palo Alto and ESG talk more about this solution, as well as explain the 7 best practices for a secure SD-WAN, check out the on-demand webinar Secure SD-WAN: 7 Best Practices from Palo Alto Networks and CloudGenix now.

For a more in-depth look at Secure SD-WAN with CloudGenix and Prisma Access, watch a demo here.

Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.