IT departments are deploying SD-WAN as an important first step towards building optimized environments that are ready for a multi-cloud world. Getting SD-WAN “right” is important, because your enterprise and customer-facing applications must run effectively across different edge, cloud and SaaS environments. It’s also critical to get security “right.” As workloads and customer data are distributed outside of the traditional data center or cloud, data privacy, data sovereignty and security will become even more important to high-value clients, regulators and individuals.
The good news is that virtualized edge platforms and applications, such as SD-WAN, can help increase security by running applications that help protect data where it is processed and stored. It’s crucial for enterprises to be able to analyze traffic as it is received so that it can be denied access or routed appropriately. SD-WAN enables unprecedented visibility into datacenter or SaaS applications, applies network-wide business and security policies, inserts local, third-party and cloud security services wherever and whenever IT designates, and extends the WAN perimeter from the cloud to any physical location (i.e. branch, store, manufacturing site, etc).
Additional Security Technologies for “Enterprise” Edge
As a platform, SD-WAN is a solid first step in deploying edge security applications and services, but SD-WAN by itself is not a robust, security solution. In fact, industry observers have already identified some of the biggest weaknesses in SD-WAN security deployments, today. In a Network Computing article, Michael Leung, founder and management consultant to advisory firm Canadian Cybersecurity Inc., said, “…additional threat management and network security requirement capabilities are usually needed ... such as those found with secure web gateway services or with next-generation firewalls (NGFWs) with intrusion prevention, SSL inspection, web filtering, and anti-malware protection."
Why Processor Architecture Matters
Why does choosing the processor architecture for enterprise SD-WAN and edge security solutions matter? When investing in the placement of data center-grade network, compute and storage at the edge, it’s important to consider an architecture capable of supporting application, control, packet processing, AI and analytics on a single platform. The Intel architecture is designed to process multiple workloads on a single platform, providing a unified view into all network traffic. This architecture is well-suited to support cybersecurity approaches like security analytics that enable real-time monitoring and analysis of network traffic in order to help take preventative actions before an actual threat occurs.
2020: Planning for 5G, Edge and IoT
The 5G era is nearly upon us and it’s quickly becoming a catalyst to drive convergence for IoT, edge and enterprise. This is driving the proliferation of data-centric use cases, workloads and security requirements for CommSPs, enterprises, governments and technology companies around the world.
Let’s look at 5G network slicing as an example. Network slicing supports the allocation of fixed partitions of network resources to specific services based on quality of service (QoS) and service level agreements (SLAs). As a result, different types of traffic can be directed to distinct channels with specific security requirements. In IoT, it is common to encounter sensors or gateways that lack appropriate security, creating risk for the broader enterprise. In order to prepare for the commercial 5G services in 2019 and beyond, enterprises will need to make near-term decisions about architecture, platform and software solutions focused on edge workloads.
Building Blocks for Edge Security
Intel is focused on data-centric network transformation for CommSPs and enterprises through ongoing innovation in the Intel architecture and deep partnerships with our global partner ecosystem. Intel has number of key enabling technology ingredients to help enable our partners and solution providers to best address the complex landscape of network security, such as:
- Intel® QuickAssist Technology (Intel® QAT): hardware acceleration for security, authentication, and compression.
- Hyperscan: Open source regex matching library, optimized for Intel architecture and suitable for deep packet inspection (DPI), intrusion detection (IDS/IPS), and firewall applications.
- Intel® Virtualization Technology (Intel® VT): Hardware assist for virtualization software, eliminating performance overheads; improving security; and reducing software size, cost, and complexity.
- Integrated CPU capabilities that store keys, passwords, and digital certificates, and support Microsoft* firmware requirements for a discrete Trusted Platform Module (TPM 2.0).
Enterprises should partner with an ecosystem of security vendors to support more advanced security capabilities, such as monitoring, fraud detection and advanced threat detection.
It’s appropriate that RSA Conference 2019 follows on the heels of MWC Barcelona, the largest mobile event in the world. The security of data is as important as the end-to-end 5G innovation across the network, cloud, client and edge. I encourage you to read more about some of the security-related news from Intel at RSA in an Intel News Byte and blog.
Software and workloads used in performance tests may have been optimized for performance only on Intel microprocessors. Performance tests, such as SYSmark and MobileMark, are measured using specific computer systems, components, software, operations and functions. Any change to any of those factors may cause the results to vary. You should consult other information and performance tests to assist you in fully evaluating your contemplated purchases, including the performance of that product when combined with other products. For more complete information visit www.intel.com/benchmarks.
For more information about Intel’s solutions for network transformation, visit intel.com/network. For more information about Intel hardware-enabled security capabilities, visit the related website.
Join me for a conversation on Twitter at @BobGhaffari