SD-WAN security risks misunderstood and ignored

Certes Networks has released the findings of its international research survey, Assurance v Security: Understanding SD-WAN Risks in High Assurance Industries, which examined how SD-WAN security is being approached by regulated organisations and service providers. The study identified a widespread complacency over SD-WAN security and data assurance - despite an acknowledgment of regulatory shortfall - as well as failure to take into account the long-term business significance of a data breach.

The study of decision makers within regulated businesses and IT Service Providers (ITSPs) / Managed Service Providers (MSPs) in the USA and UK provides critical insights into the security gaps that exist within current SD-WAN deployments and the steps that organisations need to take to realise a mindset change with regard to data assurance.

Key findings include:

Despite 96% of respondents being confident that regulatory requirements do provide sufficient support and guidance to protect against breaches, three quarters (72%) believe there are risks involved in adopting an approach that focuses primarily on compliance first

With regard to the data assurance limitations associated with SD-WAN, almost two fifths (39%) highlight concerns that unprotected data is lying within a protected network. Almost a quarter (24%) say that SD-WAN security is not enough and that a data breach in one area could affect the entire organisation, while 22% flag the lack of onsite security features.

40% say that, in the event of a data breach, the financial impact in the long term is not considered, and only 33% consider the long-term business impact of data loss.

Businesses expect ITSPs to cover 48% of the costs in the event of a data breach – but 73% of ITSPs also consider themselves responsible for paying fines and damages, and believe they should pay 51% of the costs.

“The move to SD-WAN can be done in a way that provides a level of assurance but today the SD-WAN technology is just focused on connectivity and network security, not assurance of the customers’ data. That attitude needs to change urgently,” says Paul German, CEO, Certes Networks.

“It is only once the responsibility for data assurance is understood by all parties, that the correct steps will be taken to maximise the power of SD-WAN to accelerate business change while mitigating the risk down to the lowest acceptable level,” he concludes.

This report assesses the SD-WAN deployment levels in regulated industries, as well as perceived strengths and weaknesses of its implementation; discusses the confidence placed in a simply regulatory-compliant approach, as well as the perceived risks; measures where perceived responsibility lies in the event of a data breach; identifies the security functions organisations with SD-WAN are currently able to enact, and as a result the gaps that still exist; and highlights how best to improve confidence and achieve high assurance data.

Talent and training partner, mthree, which supports major global tech, banking, and business...
Company scales existing manufacturing and integration footprint from 7000m2 to 12,000m2 in response...
Base-16 solutions complete Panduit’s comprehensive fibre infrastructure product selection.
New fire suppression, UPS, LED lighting and EMS infrastructure installed on time and in budget.
A unique, new programme designed to provide athletes with the resources and support needed to...
Zumtobel and its sister brand, Thorn, both lighting brands of the Zumtobel Group, have been...
To accelerate enterprises’ readiness to further connect and support AI and non-AI workloads,...
Infrastructure Masons (iMasons), a global, nonprofit, Digital Infrastructure professional...