SD-WAN for Financial Services in Five Use Cases

Share Post

In a previous blog post, we detailed the networking and security challenges financial services institutions face in the digital era. These challenges included digitization and cloud migration, working from home, poor network infrastructure, cybersecurity risks and regulatory compliance.

In this blog post, we’ll explain how SD-WAN is a key enabler to tackle five use cases in the financial services industry to overcome these challenges, accelerate business growth, and fully embrace digital transformation.

1. Simplify network infrastructure while reducing costs

With SD-WAN, financial institutions can securely leverage internet broadband and 5G/LTE connections at a lower cost and get the same benefits as private dedicated lines. SD-WAN indeed combines MPLS, broadband internet and 5G/LTE in a single logical link and routes the traffic based on business-driven policies. An advanced SD-WAN, such as the Aruba EdgeConnect SD-WAN edge platform optimizes data transmission in internet and 5G links using techniques such as forward error correction that rebuilds transmitted lost packets, and packet order correction that helps re-order data at destination. Local Internet Breakout is another feature that sends cloud application traffic directly to the internet depending on security risk, avoiding backhauling all the traffic to the corporate datacenter, thus freeing up cluttered and expensive dedicated MPLS lines and reducing costs.

Additionally, Aruba EdgeConnect helps reduce equipment sprawl in branches by unifying a router, a firewall and WAN Optimization network functions in a single platform. It also continuously monitors network conditions and automatically adapts traffic handling to overcome the effects of WAN transport service brownouts or any other network disruptions.

Aruba EdgeConnect enables financial institutions to move from a complex architecture to a simple, cost-effective network infrastructure

2. Quickly spin up new branches and work from home securely

It can take two to four months to connect a new branch location or a new ATM location with MPLS. Not only can Aruba EdgeConnect SD-WAN deliver private line-like performance over broadband internet services, with its zero-touch provisioning approach, a new branch can be deployed in few days (or less) through centralized orchestration of configuration settings and security policies.

As remote working is becoming the new normal, financial services’ employees should enjoy the same level of digital services in their home. By using internet broadband, and with the advent of 5G, Aruba Microbranch makes working from home a reality by connecting home offices to the headquarters in an easy and flexible way. Micro Branch deployments automates the formation of IPsec tunnels between access points of a remote site to the Gateway cluster of the parent WLAN network. It protects remote workers and small remote branch locations by providing SD-WAN capabilities including orchestration and secure internet breakout in an easy-to-use yet powerful Wi-Fi access point device.

Securely connect from home with Aruba Microbranch SD-WAN

3. Accelerate backups and improve disaster recovery plans

Data are often backed up in remote disaster recovery sites that can be hundreds or even thousands of miles away from the main headquarters data center. This distance results in latency that slows down data transfers. Data may also be not fully backed up, putting the financial institution at risk as it may lose important customer data in case of a disaster. And in the event a disaster recovery operation must be performed, it must be completed as quickly as possible to keep business running.

Optional Aruba Boost WAN optimization software, fully unified with Aruba EdgeConnect, uses TCP protocol acceleration techniques to achieve better throughput. It also employs sophisticated data deduplication and data compression algorithms. Duplicate data is fingerprinted and a pointer is created to reduce transmission of repetitive data across the WAN. Data compression leverages an LZ (Lempel-Ziv) compression algorithm that is applied both on the IP header and the payload.

With Aruba Boost, as the amount of data to be stored continuously increases, financial institutions ensure that data is properly backed up in remote disaster recovery locations.

4. Secure access and protect customer data

With the rise of mobility, the security perimeter is dissolving. Customers and employees of financial institutions connect to financial services applications from anywhere. It is no longer possible to secure a limited, well-defined perimeter and backhaul the internet traffic to corporate datacenters for security inspection as it increases application response time and reduces performance. Security should now be based on a zero-trust approach that identifies users and devices, and assumes that they should not be trusted by default.

SASE (Secure Access Service Edge) is an architecture that implements security services in the cloud. SASE combines WAN edge network functions at the branch such as SD-WAN, routing, basic security functions, and WAN optimization capabilities with security services including Firewall as a service, ZTNA (Zero-trust network access), CASB (Cloud Access Security Broker), SWG (Secure Web Gateway), and more delivered from a cloud-delivered security service.

Aruba EdgeConnect provides the foundation for a full SASE approach by incorporating role-based firewall capabilities. It natively integrates with third party cloud security vendors to provide fully automated orchestration capabilities. This allows financial organizations to select a best-of-breed SD-WAN provider and best-of-breed cloud security provider(s), depending on their needs, while easily transitioning from a traditional architecture to a SASE architecture.

Automate security orchestration based on application type and threat with Aruba EdgeConnect

5. Meet PCI DSS compliance mandates

Financial institutions are required to comply with many kinds of regulations. An SD-WAN solution can help comply with these regulations. One example is the PCI DSS standard (Payment Card Industry Data Security Standard) that sets data security standards and guidelines for the payment card industry. PCIDSS indeed specifies twelve requirements to achieve compliance that can be met thanks to Aruba EdgeConnect. For example, one requirement specifies encrypting transmission of cardholder data over public networks, and another requirement specifies installing and maintaining a firewall configuration to protect cardholder data. These two requirements are easily met with Aruba EdgeConnect.

The Aruba EdgeConnect SD-WAN platform enables financial institutions to simplify their network infrastructure and reduce costs by combining MPLS, 5G and internet broadband lines in the same logical link. Aruba EdgeConnect is centrally orchestrated and easy to deploy. EdgeConnect can also be deployed in small remote locations or home offices to offer the same level of SD-WAN capabilities as in large branch offices. It provides advanced security capabilities including data encryption, zone-based firewall and zero-trust segmentation. Coupled with best-of-breed cloud network security providers, it is the foundation of a strong and reliable SASE solution that allows financial services to fully embrace digital transformation while mitigating cybersecurity risks.

To learn more, please download our business paper on SD-WAN for financial services.

Related Resources