I've been reading a lot of stuff about SD-WAN lately, and I constantly see examples where people are like:
So I've got a VPN tunnel that I use as a failover if my MPLS isn't working [...]
I also have heard it from my peers several times over the years - stuff like:
Well maybe we don't need the bigger firewall if we have this point to point and the IPsec is only used as a backup.
I have spent my last 6-7 years in IT in sectors where there's very sensitive data (defense, banking, healthcare), and to me, an MPLS connection is just another connection over an untrusted network (ie. a network that I don't control), and I wouldn't dream of sending unencrypted packets across it. According to HIPAA, if my service provider takes a PCAP, I've gotta report a breach.
Is it just me, or do a lot of people actually use MPLS without IPsec?
No comments:
Post a Comment