Can SD-WANs meet standards requirements?


Any innovative technology faces a battle of doubt. When Amazon first rolled out AWS, few could imagine servers running in the cloud. Before Salesforce, many thought CRM to be too critical to run as SaaS. I find SD-WANs to be facing a similar battle. It’s inconceivable to many that an SD-WAN could replace MPLS. This is particularly true for security teams.

At one recent client, a chemical company, the team was looking to transition from MPLS to SD-WAN. The security group, though, could not accept the fact that SD-WANs met the requirements stipulated by CFATS (Chemical Facility Anti-Terrorism Standards) guiding the chemical industry.

It was a classic example of professionals getting hooked into the implementation and failing to consider alternative approaches to addressing the same need. CFATS professionals assume MPLS and firewalls to be mandated by the standard. MPLS being the de facto transport. As for firewalls, “Organizations understand and feel safe with firewalls,” says Nirvik Nandy, my partner and the president and CEO, of Red Lantern, a security and compliance consultancy.

But, in fact, neither are mandated by the specification. CFATS recommends Risk Based Performance Standards for protecting facilities with Chemicals of Interest (COI). The specification looks to deter theft, diversion or cyber sabotage, which includes preventing unauthorized on-site or remote access to critical process controls, such as Supervisory Control and Data Acquisition (SCADA) systems.

Leave a Reply

Your email address will not be published. Required fields are marked *