Latest News

Certes’ study reveals SD-WAN security risks are widely ignored and misunderstood

Certes Networks, global cybersecurity and data assurance technology provider, today releases the findings of its international research survey, Assurance v Security: Understanding SD-WAN Risks in High Assurance Industries, which examined how SD-WAN security is being approached by regulated organisations and service providers. The study identified a widespread complacency over SD-WAN security and data assurance – despite an acknowledgment of regulatory shortfall – as well as failure to take into account the long-term business significance of a data breach.

The study of decision makers within regulated businesses and IT Service Providers (ITSPs) / Managed Service Providers (MSPs) in the USA and UK provides critical insights into the security gaps that exist within current SD-WAN deployments and the steps that organisations need to take to realise a mindset change with regard to data assurance.

Key findings include:

  • Despite 96% of respondents being confident that regulatory requirements do provide sufficient support and guidance to protect against breaches, three quarters (72%) believe there are risks involved in adopting an approach that focuses primarily on compliance first
  • With regard to the data assurance limitations associated with SD-WAN, almost two fifths (39%) highlight concerns that unprotected data is lying within a protected network. Almost a quarter (24%) say that SD-WAN security is not enough and that a data breach in one area could affect the entire organisation, while 22% flag the lack of onsite security features.
  • 40% say that, in the event of a data breach, the financial impact in the long term is not considered, and only 33% consider the long-term business impact of data loss.
  • Businesses expect ITSPs to cover 48% of the costs in the event of a data breach – but 73% of ITSPs also consider themselves responsible for paying fines and damages, and believe they should pay 51% of the costs.


“The move to SD-WAN can be done in a way that provides a level of assurance but today the SD-WAN technology is just focused on connectivity and network security, not assurance of the customers’ data. That attitude needs to change urgently,” says Paul German, CEO, Certes Networks.

“It is only once the responsibility for data assurance is understood by all parties, that the correct steps will be taken to maximise the power of SD-WAN to accelerate business change while mitigating the risk down to the lowest acceptable level,” he concludes.

This report assesses the SD-WAN deployment levels in regulated industries, as well as perceived strengths and weaknesses of its implementation; discusses the confidence placed in a simply regulatory-compliant approach, as well as the perceived risks; measures where perceived responsibility lies in the event of a data breach; identifies the security functions organisations with SD-WAN are currently able to enact, and as a result the gaps that still exist; and highlights how best to improve confidence and achieve high assurance data.

To learn more, read the report in full: Assurance v Security: Understanding SD-WAN Risks in High Assurance Industries