The credit union was already dissatisfied with telco support and did not want to give telcos more responsibility.
“We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution.”Īlso, conventional SD-WAN solutions required going through a telecom provider or ISP, who would manage the solution for Guardian.
“We led with ‘security first’ in our assessment, but conventional SD-WAN solutions sold security as an add-on or required a separate security solution.” Rosen investigated conventional SD-WAN solutions, but none of those alternatives prioritized security. You really need to have inspection and control in the network.” Rosen Considers SD-WAN Solutions but Finds Security, Management Lacking “You can use endpoint control in the computers but that doesn’t fix IoT or devices that might have different operating systems than the ones you control. You must inspect the traffic.”Īnd that inspection must be based in the network.
If there’s a piece of malware in the branch, which thankfully we never had, the malware could propagate across the network. “If you trust the traffic between a branch and a datacenter, you’re increasing your risk. The notion that traffic across the WAN can be trusted, a common belief in legacy network design, had to be upturned. It meant that security had to be part of his SD-WAN assessment. “Now that we’re getting away from private connections, we risk exposing ourselves by providing Internet connections now at all locations. SD-WAN provided a way to simplify the network but that meant adopting Internet everywhere. SD-WAN Requires Security to Replacing MPLS The company was increasingly looking to adopt video conferencing, Microsoft 365, and other applications so providing quality of service (QoS) at the edge was very important. One reason improving visibility was particularly important for Rosen and his team was because of the struggles voice and cloud applications had across private networks like Guardian’s. We wanted to reduce the complexity of the network but maintain its protection and resilience.” “So for us, moving to SD-WAN wasn’t necessarily about reducing costs, even though that was something that happened, but it was more about visibility of the network. You don’t just go out and take a couple of courses in how the network works in a complex environment,” says Rosen. Managing a complex network requires lots of training, which Rosen wanted to avoid as a requirement for Guardian’s IT operations team. “I have experience in complex environments so it’s not hard for me to get it and support it, but I have other things to do too and so does our team” “I have experience in complex environments so it’s not hard for me to get it and support it, but I have other things to do too and so does our team,” says Scott Rosen, vice president of technology for Guardian. In short, it was the kind of complex configuration typica of legacy enterprise networks. The MPLS and Metro Ethernet network was configured in a hub-and-spoke, backhauling requests to Guardian’s central datacenter to access applications, data, and from there through a secured Internet portal. Like many companies, Guardian had relied on a mix of point-to-point, layer-2 connections to connect sites. The credit union needed better visibility and application control, without compromising security or making the network so complicated it would require a team of wizards to operate. Guardian Credit Union is a regional business that faced big network challenges. Cloud applications demand greater network visibility, without compromising security or increasing complexity
0 kommentar(er)
