I implemented Cisco SD-WAN to replace our MPLS network about two years ago, and it has been great for reducing costs and speeding up deployment. However, now that we are undergoing a SOC 2 audit, our security team claims that using SD-WAN over the public internet doesn't meet compliance requirements. They suggest we add Zscaler as an additional security layer, but this feels like it complicates our setup more than it simplifies it by requiring us to manage two vendors and multiple platforms. Am I wrong in how I architected this? Is layering a security solution like Zscaler on top of SD-WAN just standard practice?
5 Answers
When dealing with compliance, it’s key to challenge the security team on what exactly isn't compliant. Insurance should function at least as well as your MPLS did. If Zscaler is being added, is it really replacing necessary security functions or just creating a heavier process?
I recall they also need to ensure public internet connections are being managed correctly. It's complicated!
You're not at fault here! Many vendors advertise SD-WAN as a full solution when it’s more like advanced routing. Compliance issues typically require a more robust security approach and having that discussion during audits is crucial.
Absolutely! It's on all of us to look beyond marketing and understand what the tools really do.
So true! It's easy to get swept up in the sales pitch.
Cisco sold you a connection, but with compliance, they should have advised you about needing extra security layers. It’s a common pitfall when adopting SD-WAN solutions. You might want to consider alternatives like SASE which can offer a more integrated approach
Couldn’t agree more! SASE integrates networking and security, potentially easing your management burden.
Yes! Next time, consider options that converge multiple services into one to avoid this mess.
It's important to know what specific compliance control failed your audit. Can you share what aspects they flagged?
Exactly! Without knowing the specific compliance requirements, it's tough to give tailored advice.
They mentioned lacking data inspection and threat prevention, right? SD-WAN might secure traffic but doesn’t handle deep packet inspection or security policies like MPLS.
Stacking Zscaler on top of SD-WAN is quite common, but it highlights how complex our networks are getting. If performance issues arise, good luck figuring out where the fault lies! You're not alone—many have faced this when trying to simplify their stack.
Right? Double licensing and support requirements definitely complicate things.
So true! It seems like every solution adds burden instead of resolving it.
Right! If they're citing issues like DPI and threat prevention, it would help to get those specifications in writing and understand the actual gaps.