Business & Technology
With the escalating adoption of bandwidth-hungry SaaS applications, VPs of networking are having to rethink their wide area networking (WAN) strategies. Instead of accommodating increasing and variable demand with costly, inflexible WAN connections, more network leaders are looking to implement a software-defined wide area network (SD-WAN). SD-WAN is attractive not only because it provides more efficient and cost-effective bandwidth allocation, but also because it improves WAN performance, agility, and operational flexibility.
As network leaders assess their SD-WAN options, however, what is often missing from their deliberations is how to adequately address security risks. SD-WAN vendors are increasingly embedding security features into their offerings, but these tend to be basic, Layer 3 network controls and not the robust security functions that these environments require. Considering the current cyber-threat environment, should security embedded in an SD-WAN-enabled appliance be relegated to perfunctory specs, subjugated to SD-WAN’s greater mission of pushing packets through pipes as seamlessly as possible? Because that is exactly the problem with most of today’s SD-WAN-plus-security offerings.
Embedded security may seem like a moot point for many enterprises in which security and networking are handled by different functions in the organization. The networking team deploys an SD-WAN solution, and the security team is responsible for deploying a next-generation firewall (NGFW) as a gatekeeper for the SD-WAN-enabled appliance. But if implementing SD-WAN involves two teams, managing two types of products, using separate management consoles, the TCO of the solution may become more than what the CIO bargained for.
What’s more, lack of integration between SD-WAN and NGFW products also heightens risk due to potential gaps between the disparate technologies that cybercriminals are highly motivated to exploit. Finally, and perhaps more importantly for some, network performance bottlenecks are almost guaranteed to ensue. For example, increasing SSL-encrypted enterprise traffic, which now comprises over 50% of all network traffic, must be thoroughly checked for hidden malware, a CPU-intensive process that result in significant overhead for many traditional NGFW solutions
In an attempt to address this challenge, a number of vendors have begun to offer advanced firewall features embedded into their SD-WAN appliances. It sounds promising, until you realize they’re not really integrated: You must still manage separate security and networking domains, which hampers IT visibility and control.
So, what’s left? As is often the case, the answer is revealed through a change in perspective: Rather than trying to find an SD-WAN solution with security features, you might be better served by seeking to create a secure environment for implementing SD-WAN. One of the best ways of doing so, that is available today, is an SD-WAN-enabled next-generation firewall.
For enterprises with high security requirements, an NGFW is essential to provide Layer 3 through Layer 7 protection. But what about SD-WAN functionality? Lest “SD-WAN-enabled NGFW” become a euphemism for SD-WAN compromise, candidate NGFWs claiming to provide SD-WAN functions should be assessed for several key capabilities:
That’s up to you. A fully integrated secure SD-WAN solution should integrate both networking and security functions for simplified management through a single pane of glass. This not only reduces finger pointing and wasted time, but also increases your flexibility in allocating FTE resources.
A secure SD-WAN can help you lower TCO all around, and it’s a straightforward path to creating one that meets the needs of both your networking and security teams, if you know what to look for. Download “Research from Gartner: Four Architectures to Secure SD-WAN” for more details on this pioneering approach.
The release of the Fortinet Secure SD-WAN Solutions portfolio earlier this year is enabling organizations around the world to securely realize the full benefits of what promises to be a global game-changing technology.
Read more about how Fortinet is driving the adoption of secure SD-WAN for distributed enterprise branches.
Read how Fortinet's Security Fabric (SD-WAN) enabled 21st century teaching and learning with Upper Grand School District.