Two Requirements for SD-Branch

September 9, 2019

Software-defined wide area networking (SD-WAN) has solved many of the problems that tend to emerge with a cloud environment, such as managing the cost of higher bandwidth demands and improved visibility into the network. Changes at the branch level require enterprises to take things a step further and invest in the software-defined branch (SD-branch), which simplifies management and improves the security at each location.

The need for SD-branch is partly due to the increased number of Internet of Things (IoT) devices being deployed from branch locations, as well as a growing set of endpoints that broaden the security plane. In addition, because SD-WAN removes the need for IT staff at each branch for network troubleshooting and configuring, branches generally don’t have an IT staff member addressing their concerns that are unique to that branch.

Enterprises are using SD-branch to apply some of the concepts of SD-WAN to the branch level to improve security and simplify management. This approach helps future-proof each branch by applying principles of elasticity and scalability to the security framework. There are two key elements necessary to future-proof with SD-branch:

  • Flexible, Secure Architecture:
    SD-branch relies on flexible security and network architecture that functions as an integrated system. This allows for the levels of elasticity and scalability necessary for branch locations while also supporting security requirements.In this model, each access point and network switch function act as an extension of the next-generation firewall (NGFW), providing visibility into each device on the network and its security profile, including the IoT devices being used at the branch. This step supports the same level of security on direct connections to the internet and cloud services that other data and applications receive through the SD-WAN solution.There also needs to be network access control set up, so that when new devices are connected, it determines whether they meet security policy and then match them with the right level of network access based on the types of resources necessary for access. Network sensors need to be set up to continually monitor the devices so anomalies are detected and unauthorized devices can be identified and quarantined.
  • Streamlined Management:
    SD-branch should work as a single system with integrated security and network functions and policy that is automated and managed through a single console. Enterprise branches should also pursue a zero-touch model because branches are typically relying on IT management from headquarters.

    This means that when an SD-branch security device is plugged in, it is automatically connected to the central network via the SD-WAN solution, where it is recognized and initiated into device onboarding. Onboarding includes applying security policies and segmentation as well as securing access points, all through an automated process.
  • The Importance of Future-proofing:
    The most critical aspect of SD-branch is that security cannot be applied as an overlay. As the networking and branch needs evolve, security must be elastic and integrated well enough to implement new devices and applications without leaving gaps in the security plane.To evaluate your branch locations for SD-branch, contact us at Access Tech. We can help you future-proof your branches for a simplified, integrated network with security management.
For more insights on this topic: