SD-WAN, or software-defined wide-area networking, is the latest innovation in IT infrastructure to hit the retail space. The technology uses software to route network traffic over the fastest path across multiple connections, and can segment traffic flow to prioritize business-critical data. It’s efficient, yet highly reliable, even when the same network has to support multiple high-bandwidth applications.
It’s also highly secure. Because it uses IPSec tunneling, the connectivity layer (MPLS, broadband, LTE, etc.) is only for transport; data on the network travels from site to site, or from device to device, fully encrypted. That allows SD-WAN solutions to securely connect branches to any application (whether hosted in the data center or the cloud) across any wide-area network (WAN) connectivity.
SD-WAN also has the flexibility to segment multiple networks. That means retailers can reduce the “attack surface” open to bad actors and cybercriminals by isolating cardholder data into a smaller, more tightly controlled environment. So, for example, a fuel and convenience retailer that wants to offer customers free Wi-Fi can use standard public internet via SD-WAN to provide wireless access, with the assurance that sensitive card data only travels the network via a secure payments gateway.
But SD-WANs don’t only rely on segmentation as the sole line of defense. The technology also allows for dynamic policy management to be implemented for every network-connected device, and for these policies to be centrally controlled and updated on the fly as threats evolve. Some solutions, including TNS Secure SD-WAN– a managed service powered by Fortinet – offer additional security protections, such as anti-virus protection with anti-malware and spyware; URL filtering and TLS packet inspection; dynamic policy management; and regular firmware updates.
Beyond these network security protocols, of course, any merchant that takes credit or debit cards must be assured they are using a PCI DSS-certified service provider and their transaction as it traverses the service provider’s infrastructure is secure.
If a merchant uses an SD-WAN service provider that is not PCI DSS certified, the onus is on the merchant to explain their choice of a non-compliant service provider to their acquirer. This can add complexity as well as incremental expenses.
Instead, merchants can select an SD-WAN solution from a managed services provider that offers PCI DSS compliance covering the infrastructure they control. TNS Secure SD-WAN is a broader solution that extends PCI DSS compliance not just across the provider’s backbone network, but all the way to the network edge. This has two key advantages for merchants:
- It reduces the scope of the merchant’s PCI DSS assessment, because TNS provides all necessary attestations of compliance covering their infrastructure. During their PCI review, the merchant would simply present the attestation documentation from TNS to simplify their review process.
- It minimizes the cost and effort of implementing and maintaining ongoing PCI DSS controls.
In addition to relying on TNS’ PCI DSS compliance, a solution like TNS’ also helps simplify a retailer’s overall networking needs. Retailers gain not just a way to transmit payments data to processors in a secure and compliant manner, but also the ability to protect all data and network traffic that flows to and from a store to other branches, headquarters, a data center, and/or the cloud.
TNS Secure SD-WAN combines PCI compliance and global connectivity across broadband, LTE, and 5G with a high-touch, next-generation network security managed service for branch retail locations. This allows retailers to benefit from PCI DSS-compliant payment connectivity in a managed-service network that is also highly reliable and flexible. It’s a win-win.
John Tait is Global Managing Director of TNS’ Payments Market business. He is responsible for identifying and driving growth across the Americas, Europe and Asia Pacific regions and is focused on meeting the unique requirements of TNS’ customers.