Orange Business Services' John Isch: Think of security first when planning for SD-WAN services

Orange Business Services' John Isch talks security and getting over the great firewall in China to deploy SD-WAN. (Pixabay)

With Orange Business Services' presence in 220 countries and territories, John Isch has seen the gamut of issues when it comes to deploying his company's SD-WAN service.

John Isch (Orange Business Services)
John Isch (Orange Business)

Isch, director of the network and voice practice in North America for Orange Business Services, said that complying with the European Union's General Data Protection Regulation (GDPR) put a new twist on offering SD-WAN across Europe. China and Russia presented unique challenges as well.

In this Q&A with FierceTelecom, which was lightly edited for clarity and length, Isch talks about some of the challenges implementing security and rolling out SD-WAN globally.  

FierceTelecom: Security seems to be top of mind with just about everyone these days. What do you tell your customers in regards to security and SD-WAN?

John Isch: if I could change one thing about the way customers operate within this idea of deploying SD-WAN and internet at the edge, it would be to get secure infosec (information security) engaged early in the project.

FREE DAILY NEWSLETTER

Like this story? Subscribe to FierceTelecom!

The Telecom industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceTelecom as their must-read source for the latest news, analysis and data on the intersection of telecom and media. Sign up today to get telecom news and updates delivered to your inbox and read on the go.

We're talking to IT because that's where SD-WAN naturally lives. It's sort of routed infrastructure. We're halfway through the project and then they (customers) bring in full security and infosec. Suddenly there are a lot of roadblocks that we have to overcome.

The more successful engagements that we've seen are the ones where security is in the room right from the beginning so you can surface those issues early. You can work them into your plan and have them be part of the overall plan.

RELATED: Orange Business Services' Isch on the creation of a one-stop shop for SD-WAN

Every customer that I go to when I'm sitting in the room with just IT, I say, "Let's get information security in here and let's start talking about what this really means." I think one of the strong advantages you're going to see with SD-WAN is the ability to send traffic out from the edge directly to the internet. But the security people get nervous about those things. You're poking holes in their infrastructure, so you need to make sure you do that in the right way, and there are a lot of different ways to do it.

FierceTelecom: Has the implementation of GDPR had any impact on how Orange Business Services offers SD-WAN?

Isch: it doesn't seem like that would be much of an SD-WAN concern, but it in fact it is because of the visibility that you could have into your network. One of GDPR's requirements is that if you can identify user data, that's considered GDPR data. In some SD-WAN environments,you can identify a user from just the monitoring data that you have. So you have to treat that with the same care as any other data that's beholden to GDPR.

And then there are countries like Russia and China. They have requirements around IPSec (Internet Protocol Security) and what you can see and what you can't see. More specifically, in China, they've got the 'great firewall' that you have to contend with to get traffic out of China if you're using internet infrastructure.

FierceTelecom: Is there a workaround in countries like China that lets you get that traffic out?

Isch: What we're doing there is employing SD-WAN gateways inside the countries. That way we can terminate that overlay network inside the country and then use a private network to get outside the country. That has proven to be a very effective way to handle that traffic that is in one of those tough countries where you have these security infrastructures that are difficult to operate around.

China is a good example of where, officially yes, you can run IPSec through the firewall and it'll run. Sometimes it will run fine and sometimes it doesn't. But when it doesn't run well, I think that the intermittent problems are what drive users crazy.

FierceTelecom: With more than 50 SD-WAN vendors, do you expect the SD-WAN space to consolidate?

Isch: Absolutely. I think that there are probably customers who are going to do SD-WAN on their own. It happens and it will continue to happen. But I think the carrier market is one that the SD-WAN providers realize that they need to have. I get almost daily calls from various SD-WAN providers wanting to talk about working with us. But there's just a scale that we need in order to provide services on a global basis. I think you'll see that the ones that can hit that scale quickest are the ones that are going to survive and are going to make a difference here.