When I was working on my expert networking certifications many years ago, I loved the idea of private VLANs. Something simple that allowed me to isolate hosts and prevent traffic leakage. Putting devices in a DMZ in a private VLAN was a great way to ensure that even if one of them happened to be compromised it wouldn’t allow those attackers to move laterally to another device in the DMZ.
Private VLANs may have fallen out of style in the past few years but the idea of host isolation hasn’t. In fact, host isolation is at the heart of technologies like Zero Trust Network Architecture (ZTNA). ZTNA is the new buzzword that solves all your security needs no matter what they might be. Unless those needs require you to have devices in remote locations. Or those devices don’t have user accounts. Or those devices aren’t powerful enough to run the entire security suite that was developed for a modern compute machine with an abundance of resources.
While we live in a world full of modern technology and more computer power than we could ever hope to use there are still areas of our lives that are ruled by low-cost CPUs. Something as simple as an ATM has a multitude of challenges when it comes to how they’re used. They may look like a computer, but they don’t act like one most of the time. They have a very specific function that requires a lot of security. You don’t want the transmission of deposit information or withdrawals to be intercepted and scraped or modified. But how can you secure a remote system in a network you don’t control and ensure the data is secure along the entire path?
VMware SD-WAN Client
I was recently a part of a Tech Field Day Showcase featuring VMware. They spoke at length about their new SD-WAN Client and how it can help you solve many of the challenges you face in a world that has become increasingly distributed. The old days of the enterprise bastion are long gone thanks to a workforce that is doing their job at home or in a coffee shop. We no longer have a castle but instead we have knights roaming the countryside. We must ensure they are armored to keep them safe.
In the video, Aamer Akhter talks about the VMware SD-WAN client and how it is built to function in a new distributed world. It’s more than just a piece of software for an endpoint. It’s a system of relays and connectors that allow the SD-WAN connection to use the fastest network connections to get the data to the right location. It’s a client that only initiates secure communications when needed to preserve device resources. It’s also an architecture that allows for multipath resilience and performance. Instead of hoping that you’re using the best path to the cloud or to your private data center the VMware SD-WAN Client continually assures that you are.
Going back to our ATM example, VMware SD-WAN is a perfect fit for the needs of these devices. They don’t need to send large files all the time and have no need for constant communications. Everything is transaction based and, aside from a few pictures of deposits or camera footage, are usually text-based in nature. Many ATMs run an operating system based on Windows, which would allow a client developed for that OS to work seamlessly.
VMware has taken it one step further though. Instead of using a specialized client that works only on ATMs they have built in the kinds of configurations needed for a headless client to operate on any devices. Using security tokens and device profiles you can install the VMware SD-WAN Client on the ATM and have it log in automatically without any user intervention. That means that the device will be protected even if it reboots. That should prevent wily attackers from knocking the machine offline to interrupt communications to compromise it.
Creating a client that has these kinds of capabilities is a boon to the distributed device security crowd. No longer do you have to worry about securing these devices with custom hardware or expensive solutions that require on-site technicians to configure. Instead, you just send the new ATM to the location with a tech that plugs in a hardware token and everything comes up like it should. Imagine this kind of technology working on any number of headless devices. From LED billboards to slot machines to hallway clocks the possibilities are endless. All can be secured thanks to the development efforts of VMware and their SD-WAN Client technology.
Bring It All Together
I miss Private VLANs. Sure, they didn’t scale very well, and they were more problematic to troubleshoot. They wouldn’t work in a cloud-first environment. However, knowing I could isolate traffic was an ace in the hole when I needed it. Today’s world calls for better technology that offers similar capabilities but extends out from the local network. VMware has a real winner with their SD-WAN Client and the platform around it. Don’t limit yourself to thinking about SD-WAN as just hardware. Rethink how you want your network to operate and stay secure.