Let’s talk security. Nowadays, the remote or branch office is the most likely entry point for cyber-attacks into a business. As attacks become more and more common managed service providers and network architecture need to evolve and be ready to defend against them.
Business Cybersecurity Statistics
- 43% of cyber-attacks target small business.
- Only 14% of small businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective.
- 60% of small companies go out of business within six months of a cyber-attack.
- 48% of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
- Small businesses are most concerned about the security of customer data
Businesses either manage their security in-house or leverage a managed service provider. Depending on the number of locations, and which approach the managed service provider takes, there are several challenges to address when multiple security technologies are deployed as separate resources in the branch:
- Cloud Applications / Connectivity – businesses have applications in the cloud and in data centers. Also, depending on the size of the office, each location’s connectivity could be different, varying from plain Internet to MPLS, to a hybrid option. Each of these options has different security requirements, depending on the applications used at each location and how they’re accessed. This adds another layer of complexity when using traditional security appliances to create a standard branch security model. This is complicated further if all traffic to and from the cloud applications must be routed through the data center, impacting end-user performance.
- Complexity and Cost of Ownership – purchasing, deploying and managing point devices for several security layers at locations without any IT/security expertise on site, results in high Capex and Opex costs.
- Complexity and Risk of Error – Integrating several different security layers without minimizing overall protection
- Lack of Agility – Long deployment times due to hardware shipping, as well as consultants scheduling of consultants or integrators to install, integrate and test equipment. This occurs both at initial deployments, but also when capacity upgrades are required (e.g. if a new or larger WAN circuit is provisioned to a direct Internet access office, then higher capacity firewall is required)
Leveraging Software-Defined Security
While the above issues with branch security are very real, technology advances like SD-Security can offset many of these challenges. SD-Security can be centrally managed and policy orchestrated, zero-touch provisioned, and service-chained, addressing many of the operational challenges above.
SD-Security is “software-defined” in terms of both form-factor and operations/policy creation/enforcement. This is compounded by the fact that it also decouples security functions from proprietary hardware, enabling the use of security functions in software running on commodity x86 servers and white box appliances.
Taking an example of branch security, imagine an enterprise with 400 branch offices that needs a refresh or to increase its branch security. Instead of scheduling new Unified Threat Management (UTM) or Next-Generation Firewall (NGFW) appliances and shipping them to branch sites at the rate of 20 per month (an aggressive schedule, at one installation per business day), and a project schedule of over 1.6 years. The enterprise or managed service provider can ship commodity white box appliances to 100 branches per month, and simultaneously activate and test 25 devices per week remotely, for a total project time of 4 months. The result is a far lower cost of deployment, as well as compliance and data protection delivered more than a year faster than the first plan.
In summary, deploying SD-Security for the branch and remote office involves adding additional layers of security for better defense-in-depth, when and where the client needs them. Adopting a software-defined approach gives managed service providers the flexibility to deploy the right security functions necessary to meet an ever increasing complex threat landscape for their clients, while reducing deployment times, operation complexity and significantly reducing capex and operating costs.