Plugging Security Holes with SD-WAN


Restaurants, hotels and countless other organizations within and outside of the hospitality space have traditionally relied upon virtual private networks (VPNs) to connect remote locations and/or for deploying new apps.  In the past, VPNs could help control costs, as well as provide a level of security.  However, as the data landscape has evolved – with organizations becoming increasingly decentralized, especially, in the hospitality market space where families of decentralized brands, chains and franchises are the norm – it has become clear that VPNs can no longer deliver the benefits for which they were originally intended.  They simply were not engineered with today’s requirements in mind. Today’s applications, such as mobility, big data, social media, cloud, Internet of Things (IoT), and so on, continue to extend traditional enterprise perimeters, rendering VPNs inadequate and vulnerable to threats. Ironically, as new applications are added to distributed enterprise locations, the cost and complexity of adding more VPNs to secure them have correspondingly escalated.By embracing innovative, multi-layered security solutions, today's hospitality organizations are evolving to protect their assets.  Alas, the remote distributed sites of these newly modernized corporate data centers are oftentimes not brought up to date as rapidly or as completely.  And, even for those that are provided similar IT hardware and/or software, they likely do not possess the same level of onsite IT expertise to ensure ongoing optimum IT operation.  This leaves the remote sites possible weak links in the overall security chain – and not just vulnerable at their specific location, but potentially opening avenues of vulnerability into the corporate site as well.  Given this all too common scenario, it is not surprising that the question of how to extend enterprise data center-grade security to remote sites with limited IT staff and tight budgets remains at the top of most IT and security professionals’ priority list.  Secure Software Defined WAN (SD-WAN) for the Network Edge has emerged as an ideal solution to overcome these challenges.  Secure SD-WAN at the Edge puts the power and security of the compute resources as close to the sources of data as possible – i.e., at the network’s edge – near where the work is actually being done.  It is purpose built to address these challenges by uniting security and simplicity into an integrated solution.  The power of secure SD-WAN Edge lies in taking a defense-in-depth approach while simultaneously reducing the enterprise attack surface by logically segmenting the network on a per application basis. Moreover, this multi-layered security approach is delivered with the architectural simplicity, scalability, reliability and dramatic cost savings of a virtual overlay network.

  • The Drawbacks of Traditional VPNs

    Let’s examine how traditional VPNs are failing to meet the challenges of distributed enterprises in the hospitality space and why secure SD-WAN Edge solutions are gaining broad market adoption.

    Traditional Distributed Enterprise Connectivity’s Top 4 Challenges

    Too Insecure. Multiple touch points for manual security configurations leave networks prone to misconfigurations or inconsistent configurations, opening them up to security risks. Traditional security approaches are falling short of the needs of today’s enterprise.

    Too Complex. Connecting new locations and new applications is hard. Each location may have multiple devices, different device configurations and various security requirements. Turning up a new location on a VPN requires knowledgeable IT staff to deploy, manage, troubleshoot and support.

    Too Inflexible. Traditional infrastructures are rigid and necessitate labor intensive efforts to support changing network conditions, especially when it comes to remote locations. For example, adapting to changing network needs, turning up new applications, or responding to new security threats (such as POS malware) must be executed quickly to ensure business continuity. Traditional networks are often too bulky to adapt in a timely manner.

    Too Expensive. Supporting the various point product solutions typically required for VPNs is costly. The capital expenditure for various point solution hardware, public IP addresses, and software continues to rise. Also the costs of qualified IT staff management required for supporting remote sites are growing.

Secure SD-WAN overcomes these challenges without disrupting your existing network.As more and more applications are deployed to help run your business, a simple solution to securely connect them with minimal effort is needed. Secure SD-WAN Edge is particularly well suited for this cause.

Secure SD-WAN Edge solutions greatly simplify enterprise networks and dramatically reduce both the CapEx and OpEx costs of managing enterprise WANs. They easily extend the multi-layered security defenses used in data centers to branch locations. Most importantly, secure SD-WAN Edge allows mission- critical applications like payments and loyalty to co-exist with public applications like Wi-Fi on a single network while providing application-specific security and end-to-end network segmentation. These applications are segmented into their own dedicated logical networks, preventing them from intermingling with other application traffic on the network.

With secure SD-WAN Edge solutions, these applications are connected in a cost-effective, scalable way without compromising security. This is a distinct benefit over VPNs, which provide an either/or scenario: either all traffic intermingles on one VPN, which is lower cost but very insecure; or all traffic can be segmented on separate VPNs, which requires more cost and complexity to maintain security.

Secure SD-WAN Edge Overview

Secure SD-WAN Edge virtualizes the WAN so that all network intelligence is handled in software.
For example, remote locations can be defined simultaneously and then kept perfectly in sync using centralized cloud-based policy administration inherent in SD-WAN Edge connectivity models. This groundbreaking architecture helps reduce expenses and complexity, while increasing network flexibility. Best of all, it can be piloted in your network incrementally on a branch-by-branch basis, mitigating concerns about network disruption, and giving you a quick way to determine the return on your investment. Additional values of secure SD-WAN Edge are provided below.

Benefits of Secure SD-WAN at the Network Edge

Increased Security - Logical network segmentation allows security policies to be enforced on a per application basis. By applying complete end-to-end segmentation of each application, exposure from any potential breach is limited to that single application. Just as importantly, the centralized virtual overlay approach of secure SD-WAN Edge configurations eliminates the multiple manual configurations that open your network up to security risks. With secure SD-WAN Edge, you can easily extend the multi-layered security approach used in data centers out to the edge of your network without highly skilled IT professionals at the branch.

Reduced Complexity - Distributed enterprises can be operationalized in minutes instead of months. Secure SD-WAN Edge simplifies network setup with automatic provisioning and configuration from a central controller. The remote location will also receive network updates and changes automatically.

Increased Agility - Secure SD-WAN Edge functionality allows for zero touch deployment, resulting in the rollout of network services “on demand”, supporting the needs of an agile business. For example, new cloud applications, such as POS and loyalty, can be rolled out quickly.

Proven Scalability - Secure SD-WAN Edge is designed with scalability in mind and provides the level of security and performance on demand network services need in large distributed enterprises. Policy changes, software updates, and new branch deployment are made simple and expedient without compromising network performance. It is precisely because of all these benefits at dramatically lower costs that multi-unit organizations such as Arby’s, Blimpie, Cold Stone Creamery, Rocky Mountain Chocolate Factory, Shell and Kirkland’s have incorporated secure SD-WAN Edge into their networks.


Decreased Costs - With secure SD-WAN Edge virtualization, the cost of WAN infrastructure hardware, software, and support can be reduced by up to 79%. The technology eliminates the need for multiple, dedicated premise devices by integrating functionality, such as WiFi, wireless back-up, firewall and intrusion detection/ prevention in one solution.

Hungry to get started, but not sure where to begin?  Here are the first simple steps to launch you on your way to securely and cost effectively connecting your distributed enterprise:

  • Develop a data connectivity and security program for your remote locations
    • Be proactive about protecting your environment
    • Engage key stakeholders to ensure a holistic approach
  • Pilot a secure SD-WAN Edge solution
    • Roll-out incrementally on a branch-by-branch basis
    • Avoid disrupting your existing architecture and minimize risk


Michelle Arney

About the Author

Michelle Arney, Head of Product, leads the product team at Cybera Inc., responsible for the product vision, strategy and roadmap team.  Prior to joining Cybera, she spent her career working with startup and enterprise IT and Developer technologies, most recently at Microsoft where she focused on Server, Cloud, and Emerging technologies. 

This ad will auto-close in 10 seconds