SD-WANs and MPLS : Locking Down Security


The Gist

SD-WANs are quickly becoming a popular choice for enterprises as a cost effective solution, but while quality might not be compromised, will security?

IT executives and CIOs are continually faced with the challenge of finding the most cost effective IT solutions while making sure they are delivering agile and high quality services. That is why Software-defined WAN (SD-WAN)s are becoming increasingly popular for enterprises in terms of creating connectivity between offices due to their significantly lower cost to their Multiprotocol Label Switching (MPLS) counterpart. However, the catch is that SD-WANs security is still questionable for security experts.

Due to the fact that SD-WANs are more dependent on the Internet, this also means that they are more open to security vulnerabilities. In response, network managers are now encrypting, filtering and managing their traffic more effectively by opting to install firewalls as a virtual machine at a branch instead of as a hardware device or choosing to go with more of a cloud-based security option.

MPLS is often advertised by carriers to be more secure. This is untrue; it is actually less secure due to the lack of encryption. Carriers tend to say data is secure because it is “in their network”, in truth, your company’s sensitive data is riding in the “open” on the carrier’s network with no encryption. If someone were to tap into the [little green] telecom box out on the corner of the street by your office, they would have full unrestricted access to your unencrypted data. If your network traffic were to fall into anyone’s hands, it would be in the clear for their use.

Both MPLS and Internet networks allow for a secure VPN network to ride on top. Secure encrypted VPN’s can easily be built on top of MPLS networks just as easily as Internet based networks and is the recommended method for all businesses to secure their traffic across any connection.(Encrypting traffic may require you to find alternative ways to apply QOS / TOS to your traffic depending on your network.)

Both MPLS and Internet networks allow for the VPN network to be fully meshed. This simply means that each location can be connected to every other location over either MPLS or Internet thus providing direct site-to-site communication and or redundancy.

At Affant Communications, we are always looking to find you the most cost effective and downright reliable technical solutions for your business. If you want to find out more information on topics covered in this article contact us at or speak with an IT specialist at 714.338.7100.

Go to top