By Nirav Shah
The need to maximize user experience, whether for employees or customers, has been a driving force behind much of the digital transformation networks have undergone. Things like business-critical applications, data-driven manufacturing and supply chains, immediate access to essential information, and advanced productivity tools require uninterrupted access to information from any place, using any device, and from any location.
One of the areas of the network that has undergone the most significant transformation, largely in response to data and resources being distributed throughout the increasingly distributed network—most often in the cloud—has been the WAN. SD-WAN provides the flexibility, performance, and reliability—providing almost instant ROI—that today’s complex networks require. They enable accelerated access to applications while reducing or eliminating delays and jitter that can come from streaming high-performance applications over the public internet.
Achieving WAN Transformation with Security-Driven Networking
Unfortunately, many traditional SD-WAN solutions also include some serious challenges, the most serious of which is poor security implementation. With few exceptions, SD-WAN solutions are notoriously poorly secured. Organizations looking to protect critical data streaming across an SD-WAN connection are often forced to deploy multiple point products to cover security gaps and meet compliance requirements. But that is easier said than done. The strength of an SD-WAN solution is its ability to monitor and make connection adjustments and fine-tune application performance in real time. This can make it impossible for traditional security solutions that rely on fixed and reliable connections to monitor and inspect traffic to keep up. In such circumstances, not only is developing and deploying an overlay security solution for SD-WAN expensive to deploy and manage, but the security implementation is in a constant state of trying to catch up to a dynamically shifting and self-healing environment.
What’s needed is an SD-WAN solution designed to function seamlessly within a complex, and highly dynamic WAN environment. That not only requires having a broad range of security solutions deeply embedded in the SD-WAN solution itself, but one that is also tightly integrated into the network itself. The concept, known as security-driven networking, ensures that security systems and network functionality work as a single system. Security-driven networking is fundamental for an effective SD-WAN strategy. It also enables SASE to provide flexible access and consistent security whether users are on-prem or remote, and whether services need to be provided through a local device or from the cloud. The goal is for the network to include security in its moment-by-moment decisions to ensure data and applications move from one place to another as fast as possible. This enables security to perform all of the essential assessments, tracking, inspection, encryption and decryption functions it needs to keep the business safe, and without missing a beat—or a byte.
But even that is not enough. This integrated network and security solution also needs to function within the parameters of different environments. SD-WAN is being deployed everywhere, but most SD-WAN solutions—especially those that don’t include an integrated security-driven networking strategy—aren’t able to handle any more than a handful of scenarios, which means it is even more difficult to find the right SD-WAN solution for the job. And that is especially so for organizations with a variety of WAN environments that need both flexible performance and protection.
Four Use Cases for SD-WAN
Here are four different scenarios that require specialized performance and connectivity services combined with the deep integration with security that only a security-driven networking-based SD-WAN solution can provide:
Many branch operations, such as financial and healthcare offices, remote teams engaged in research and development, or organizations that gather and process sensitive customer or similar information, have a mandate to ensure that data, connections, and resources are secured. The security needs for such offices go well beyond simply securing their WAN connections. The extension of Secure SD-WAN into SD-Branch, for example, enables essential protections to extend across the entire branch office. This convergence of networking and security ensure that the entire operation—from connectivity, applications, and cloud-based services, to wired and wireless access points, to LAN operations at the branch, and out to all endpoint devices—are all protected. When this same concept is extended into a SASE strategy, any user on any device can safely access any resource from any location, regardless of where those resources are located, something that Gartner refers to as “Anywhere Operations.”
These organizations need a security-driven networking solution that ties together a full stack of security options with advanced routing, granular access controls, endpoint protections, reliable and self-healing connectivity, and advanced cloud on-ramp.
Large Scale, Small Footprint Retailers
Another group that needs a unique approach to security plus connectivity are retail operations with a large number of small footprint locations. The biggest issues beyond reliable connectivity are providing local security at each branch, secure connections between branch locations as well as to the central data center, and consistent, centralized configuration, management, and orchestration.
Achieving this requires an SD-WAN solution that combines incredible performance with easy-to-deploy and easy-to-manage functionality. And retailers with multiple, smaller locations require all of this in a smaller appliance. That requires selecting a solution that uses advanced ASIC innovation so routing, SD-WAN, a wireless controller, a switch controller, LTE failover, and a full stack of security can be consolidated into a small appliance footprint for better performance and predictable ROI.
Consistency is crucial, which means they require a single management, analytics, reporting, and monitoring framework. The objective is to be able to manage all devices and layers of services delivered at the branch through a single solution—but one that can also scale-up to thousands of users. And unfortunately, that means that most SD-WAN solutions that rely on a non-integrated collection of point security products to provide necessary protections are simply too expensive, both in terms of capital expenses and cost of ownership.
Many organizations have begun deploying SD-WAN to support their cloud-first strategy—whether that means cloud-based infrastructure or software as a service (SaaS). The challenge for many organizations, especially that 93% of companies are now using multiple cloud service providers, is few SD-WAN solutions provide advanced connectivity and security seamlessly across all major public cloud platforms as well as optimal cloud on-ramp for thousands of SaaS applications and services. SD-WAN needs to be able to support software-defined networking (SDN), enabling it to leverage cloud on-ramp functionality to ensure application acceleration through the cloud. This enables them to reduce middle mile unreliability and ensure a quicker route to IaaS and SaaS applications. And SD-WAN support for (and deployed within) every cloud provider enables cloud-to-cloud connectivity and security to support and scale advanced cloud-to-cloud functions, and applications and workflows that need to span multiple cloud environments. A security-driven network strategy ensure that not only are all of these needs met, but that security is included at every step along the way.
The large global WAN infrastructures of the largest enterprises can be extremely complex. Thousands of meshed VPN tunnels, a mix of public and private clouds, distributed data centers, thousands of public and home-grown applications, and regional variations that impact everything from bandwidth to compliance, are no place for most SD-WAN solutions. And at the center of it all is the need to maintain user experience. Such massive deployments require combining an enterprise-grade routing stack with self-healing and WAN remediation capabilities coupled with advanced automation.
They also require detection and response functionality so any impairment in a connection or in the delivery of a business-critical application is not just detected and logged, but also automatically resolved—with details provided about what was done and for what reason. This requires the integration of advanced AI so the SD-WAN solution can monitor for and detect latency, packet loss, jitter, and available bandwidth and then make meaningful decisions about how to ensure availability and protect application performance. And it needs to do all of this while also maintaining consistent security—even as critical adjustments and remediations are being made.
This means that SD-WAN needs to go far beyond just connectivity and security. It also needs to support things like forward error correction, per-packet load balancing—even across different interfaces, and packet duplication so not only can networks move packets around efficiently, but also help balance and normalize traffic to maintain an optimal end user experience. This requires an advanced SD-WAN solution that supports an adaptive security-driven network combined with advanced routing functions.
One Size Does Not Fit All
It is also critical to remember that WAN transformation requirements are not fixed. A single organization may need a solution that supports some or all of these use cases as their organization continues to grow and evolve. In fact, some organizations may need to support remote workers, smaller regional WANs, global deployments, and security-sensitive branch offices all at the same time. What they don’t need is to deploy and manage a series of unrelated SD-WAN solutions coupled with a complex overlay of security solutions. That level of complexity is a disaster waiting to happen. Flexible SD-WAN solutions combined with security-driven networking that enables the convergence of infrastructure and security will allow organizations to enable digital innovations while deploying consistent, integrated security anywhere on any WAN edge.
Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.