Cloud and managed services enable companies to focus scarce IT resources on business outcomes. According to Gartner, the “market size for cloud is growing exponentially, and cloud is projected to be a $317 billion industry by 2022.”
Managed service providers (MSPs) leverage the power of software-defined wide area networks (SD-WAN) to offer higher quality services and reduce branch network costs. SD-WAN offers compelling advantages for distributed organizations with critical branch operations, including the benefits of business agility, improved application performance and lower bandwidth costs.
MSPs invest considerable time and energy in ensuring that their servers, applications, data centers and people are always available. The same amount of attention needs to be paid to managing customer connectivity, as connectivity issues will result in customer support and retention issues, together with increases in cost and decreases in monthly recurring revenue.
While bringing connectivity to the data center is viewed as a customer-driven activity — meaning that MSPs are relying on end-users and carrier networks to deliver their customer experience — managing that connectivity is primarily, but not always, the responsibility of the MSP.
However, the quality, performance and security of carrier networks can be outside of the MSP’s control, creating vulnerability in the MSP’s service delivery and revenue process. Many MSPs are, therefore, rightly concerned about the safety of end-user data as it passes over the carrier networks. Outsourcing security measures and data assurance for end-users’ critical data can sometimes be undesirable and, thus, should be considered as part of a risk mitigation strategy.
Making SD-WAN More Secure and Flexible
A challenge that most MSPs face is ensuring that their customers’ data is encrypted safely in an SD-WAN environment and the integrity and confidentiality of that data is assured.
An on-premise, scalable encryption management solution that can integrate into an SD-WAN without disrupting an MSP’s environment provides the flexibility MSPs are seeking. In addition, the utilization of micro-segmentation using cryptography to prevent lateral movement of threats between segments can protect the confidentiality and integrity of the end-user’s data providing the security both parties need.
A viable encryption solution that makes the SD-WAN environment more secure and flexible provides the data assurance MSPs and their end-users are seeking, while mitigating risk and reducing the attack surface for everyone.
Data Assurance with Separation of Duties
Layer 4 encryption provides data assurance and eliminates risk for both the MSP and the end-user with the separation of duties, allowing the end-user to encrypt and protect their data prior to sending it over the MSP/carrier networks. Through crypto-segmentation, fine-grained policies are defined and enforced to protect the confidentiality and integrity of the end-user’s data.
In practice, this means that MSPs do not take on the risk of having to manage and protect the confidentiality and integrity of their customers’ data, nor do they have to accept risk to protect end-user data when it’s on their network — it remains the responsibility of the end-user.
Similarly, the end-user can eliminate risk to their data from both the MSP and whatever carriers they, or the MSP, may be using for the connectivity; they do not have to trust the carrier team or network to be secure.
Ensuring Fine-Grained Regulatory Policies with Crypto-Segmentation
Most MSPs will have enterprise, government and high assurance customers, all of whom are under varying data protection regulations. The end-user can now use crypto-segmentation to create separate policies and data flows, thus eliminating risk by defining fine-grained policies that are difficult to infiltrate.
Crypto-segmentation enables MSPs with customers who must adhere to different or multiple industry and/or government regulations — for example, to generate these fine-grained policies by each customer and regulation (GDPR, PCI, CJIS, NERC CIP) etc.
Scalable Implementation Into Any Network or Transport
Lastly, a scalable, network agnostic overlay which integrates easily and sits on top of SD-WAN can make the SD environment more secure for MSPs and their customers without disrupting the current network architecture and with zero impact to performance. This solution should be fully interoperable with the SD-WAN, scale to support the breadth and depth of the customer’s environment and operate without impacting the SD-WAN core functionality.
MSPs and their end-users need to mitigate the risks and vulnerabilities associated with multiple carrier networks. In order to achieve this, it is essential that MSPs investigate flexible and secure data assurance solutions that help both carriers and end-users to take advantage of the management services provided by MSPs and provide critical separation of duties to mitigate risk for both parties.