The benefits of the cloud are abundant. Low adoption costs, universal accessibility and, frankly speaking, liberation from the often onerous and existing processes. However, you already know that.'SD-WAN, or software-defined wide area network, must be part of every business cloud strategy.' ~ Amar Singh @amisecuredClick To Tweet
In this blog post I am going to discuss a little-known technology, SD-WAN, that in my opinion must be part of every business cloud strategy, regardless if you are well established in the cloud, moving to the cloud or planning your migration.
- The Challenge: The overall challenge facing the small and medium enterprise or SME
- Shadow-IT: How to reduce the shadow-IT; where your employees stealthily deploy and abuse corporate data without your knowledge.
- Security & Productivity: Increasing your security posture and how to increase employee productivity and efficiency in the corporate and satellite offices.
- What is SD-WAN: Software Defined WAN. Don’t be intimidated by term WAN – In this context it simply means any connection method or technology such as broadband, mobile, 3g / 4g frame-relay, ISDN or cable that connects you to the Internet.)
Apart from keeping the business operational, there are a few technological and people challenges facing the digital SME business today.
- Limited/poor connectivity: Despite the promise of uber-fast connectivity most western nations are stuck somewhere in the middle. Connectivity is acceptable but not really what the office user needs to do his/ her job effectively
- South Korea, Singapore and Japan have probably the most solid super-fast connectivity I have seen)to cloud either from the main office or satellite offices,
- Branch Offices: This problem is further exasperated when a business has multiple offices (satellite or branch offices) that need to connect to the corporate office to connect to the Internet:
- The Frustrated Employee: As a result, many employees are often frustrated as they are not able to fully and quickly connect to the internet at maximum speed.
- The Abuse of Bandwidth: A much acknowledged problem in most businesses – The overuse (as we would argue) of bandwidth-hungry social media and Internet sites like YouTube, Facebook and Instagram, leads to a disproportionate allocation of bandwidth for the media-hoggers leaving other employees frustrated and ineffective as they can’t access the internet at an acceptable speed.
The Challenge: Shadow-IT
As a result of the above issues, the technically and or determined employee who just wants to get on with his/her job starts to get creative.
They start to use their cell phone or a Wi-Fi dongle to connect cyberspace, thereby bypassing the corporate broadband, the corporate security configurations and any corporate monitoring of the traffic.
This out-of-band, blind-spot, Internet channel can be used for the following:
- Create cloud computing instances without going through the proper processes. As much as employees that want to surf the internet on corporate time there are employees that want to work and get the job done. These worker-bees then find workarounds to complete their job; A perfect example of shadow-IT.
- Daily operational tasks: The freedom to use their own broadband or Internet connectivity can become addictive and leads to employees bypassing existing monitoring controls. You can’t control what you can’t see.
In summary, Shadow-IT can be described as the act of bypassing existing business processes and controls to carry out business activity (example create servers or files, transfer production or sensitive data to a file-share or 3rd party or delete a created computing instance)
Join Amar Singh and Steve Vickers for this free, non-technical webinar:
Saving Money and Stopping Cyber Attacks – 3 Simple Steps for the Small Business
The Challenge: Security & Productivity
It is safe to link normalised Shadow-IT practices and a weakening security posture for the organisation to the following three risks:
- Loss of assets: An IT or development engineer will bypass the office slow connectivity to connect to the cloud and create their own code-repository where they will store confidential code and or privileged credentials. The business, meanwhile, is oblivious and blind to this activity.
- The Hidden Ransomware: While the reason for using an unsanctioned internet access might be humble, the associated security risks are just not acceptable. Unfiltered and unmonitored access to the internet is one of the most common reasons for “catching a cyber-cold” – ransomware or spyware, hiding on the (example, laptop) waiting to infect other laptops when connected to the corporate network.
- Loss of productivity: The perennial problem of the employees who abuse the privilege of corporate broadband connections to satisfy their own bad-habits of aimlessly surfing cyberspace.
Put simply, SD-WAN or Software-Defined Wide Area Networking is a set of technologies that allow you to create software-defined (not bound to hardware) communication tunnels. The best way to explain this:
Example: My household has two broadband connections. One from Virgin Media (their superfast 300Mb broadband) and one from BT; average speed broadband that I have only as a backup, mainly for DR purposes.
Enter SD-WAN: As this is my home-office I will need to procure a hardware device and connect the BT and Virgin Media wires to the device and literally, with a few clicks, the device will start maximising the use of both the broadband connections and intelligently decide what uplink to use based on link type and actual link health data.
Embedded smart security: The device also knows that when I work on Office365 docs it must not apply deep SSL inspection and anti-malware because it would otherwise render my office online word document unusable, when connecting to applications like salesforce.com however it knows to scan every attachment…keeping me secure without actually hindering my work.
Game of Thrones and SD-WAN: Another example, if you and or the family watch high-definition Netflix, as in my house, there is a problem. Netflix demands a certain amount of speed and bandwidth. Without SD-WAN I have to shout at my son to switch off Netflix when I am on a conference call because he is using my 300Mb pipe. With SD-WAN I don’t need to. The product, in this case Barracuda’s Cloud Gen Firewalls takes care of that for me and prioritises my Zoom.us video-conferencing connectivity automatically. Sorry son, now you know why Netflix doesn’t work that well during the day.
Free Webinar: Saving Money and Stopping Cyber Attacks – 3 Simple Steps for the Small Business
Business leaders must understand the benefits of maximising functionality with ease by using SD-WAN technology, especially when their operations and offices are geographically distributed. Further, as growth can be marred by technological limitations, SD-WAN is apt for maximising across multiple links and handling new use-cases and traffic patterns.
- Increase employee productivity: You can very easily and automatically (without increasing employee resource count) enforce policies that ensures staff are not abusing the Internet connection whilst ensuring that your multiple broadband connections are fully utilised.
- You can ensure that business-critical, low-latency applications like video conferencing are prioritised over other non-critical traffic like Facebook or Twitter.
- As a result of maximising your Internet connectivity you decrease the likelihood of office-based employees seeking alternative connections to carry out their tasks, thereby lowering the chances of Shadow-IT taking hold.
Join Amar Singh and Steve Vickers for this free webinar on saving money and stopping cyber attacks
Amar is the CEO & Founder of the Cyber Management Alliance. Amar is an industry acknowledged expert and public speaker and is regularly invited to speak and share his insights by some of the largest and most respected organisations in the world including The BBC, The Economist’s Intelligence Unit, The Financial Times, SC Magazine, InfoSec Magazine, Computer Weekly, The Register and the AlJazeera English Channel. You can connect with Amar on LinkedIn here and follow him on Twitter here.