As organizations explore SD-WAN as a way to make their networks more configurable and efficient, some will inevitably have questions about the technology\u2019s security.\nIn general, there are two schools of thought on SD-WAN security. One suggests that because many SD-WAN vendors use IPsec to protect data in transit, the technology is therefore secure. The second suggests that SD-WAN is not secure because it doesn\u2019t scan network traffic for vulnerabilities before it\u2019s sent. As with many things in life, there\u2019s a bit of truth in both views. SD-WAN typically uses encrypted tunneling technology like IPsec to protect traffic from prying eyes and man-in-middle attacks while it\u2019s in transit.\nBut SD-WAN technology, in itself, doesn\u2019t scan traffic for malware and other vulnerabilities as it enters the network. For example, it doesn\u2019t protect an organization when there\u2019s a corrupted file on either end of the connection. So if an employee forwards an email containing ransomware to a co-worker, a bare-bones SD-WAN installation doesn\u2019t have tools to pump the brakes. Without additional security tools, that email will be sent.\nA big hole\nIn a sense, this is quite the gaping security hole. The edges are traditionally not intelligent enough to screen out bad traffic.\nIn addition, SD-WAN, like most other software packages, can ship with vulnerabilities. In recent months, some vendors have issued vulnerability alerts and advised users to update their software.\nIt\u2019s worth noting, however, that SD-WAN in general is neither more secure nor less secure than traditional WAN technologies. The network isn\u2019t a security tool. Like with traditional WAN services, there\u2019s no determination of trusted traffic and sites. In most cases, organizations tend to consider their branch offices to be trusted.\nAs with older WAN technologies, the security vulnerability is at the existing sites, not with SD-WAN itself. The platform\u2019s job is to secure the transport, and it does that using encrypted tunneling technology.\nBetter options through the cloud\nBut organizations adopting SD-WAN do have options to better secure their networks. Some SD-WAN and security vendors are now offering \u201csecure\u201d SD-WAN, which typically means a traffic screening service installed at the edge of the network. In many cases, this is a cloud-based service with digital firewalls, threat modeling, and related products scanning network traffic before it moves over the WAN.\nCloud-based security services make a lot of sense in an SD-WAN setting. With many organizations adopting SD-WAN to drive more efficiency in their networks, a heavyweight, appliance-based security system works against the reasons for installing SD-WAN in the first place. The security scan can\u2019t slow down network traffic.\nIn addition, many organizations will not want to install new appliances at the branch office. This installation will slow down the adoption of SD-WAN and potentially limit the configurability of the network. With many employees working from home due to the COVID-19 pandemic, home offices are now branch offices. Who will install security appliances in every home office?\nFlexible security\nAs networking and security teams work out the security measures a new SD-WAN installation requires, they should talk about centralized vs. distributed security management. The cloud-based security model described above is an example of a distributed approach, but some organizations may want a more centralized security system. For other organizations, security provided through a regional hub may be the best approach.\nOne of the advantages of SD-WAN is its configurability, and organizations can decide that some offices need a centralized security approach, to take advantage of a hardened security posture. Others can use a more distributed approach with cloud-based security installed at the edges. SD-WAN gives organizations the flexibility to choose which approach is best, depending on the traffic they see.\nSD-WAN certainly offers organizations more network flexibility, visibility, and scalability. Organizations looking at the technology should, however, be aware of the security issues they will face as they adopt the technology. In many cases, working with a managed services provider will help ensure that the SD-WAN adoption is as secure as it can be.\nLearn how to integrate SD-WAN securely into your network here.