Business & Technology

Financial Institution Minimizes SaaS Latency With FortiGate NGFWs

By Renee Tarun | June 12, 2020

Fortinet Customer Perspectives

For many organizations, the shift to telework in response to the COVID-19 pandemic has caused significant network performance issues. As a large number of employees suddenly begin connecting from outside the network, organizations are seeing significant strain on their perimeter-based network infrastructure.

For one global financial institution, the telework surge exacerbated existing network performance and latency issues. When all of the company’s employees were working on-site, the performance of the organization’s Microsoft 365 applications would occasionally decline. With approximately 50,000 employees working from home, these issues became nearly constant.

Legacy Security Solutions Increased SaaS Latency

As a financial institution, this organization must maintain strong data security and visibility for regulatory compliance. To do so, the company had deployed a thick security stack, which provides visibility and security for traffic entering and leaving the enterprise network.

While this deployment provided robust security, it did so at the cost of network performance. The organization is heavily reliant upon Microsoft 365 functionality. With all employees working from home, all cloud-bound traffic traversed the existing security stack before being routed to its destination. This caused unacceptable performance degradation and network latency for remote workers.

Microsoft has issued guidance and best practices to users of its SaaS products for their remote users. This would enable traffic intended for trusted Software-as-a-Service (SaaS) solutions, such as Microsoft 365, to be routed directly without impacting performance.

While this solution could have solved the organization’s network latency issues, it would do so at the cost of visibility and security for Microsoft 365 traffic. Additionally, Microsoft commonly changes the URLs, IP addresses, and ports of its Microsoft 365 servers. With the financial institution’s legacy firewall deployments, updating these dynamic URLs and IP addresses would be a time-consuming manual process, which could negatively impact performance as well.

FortiGate Next-Generation Firewalls Optimally Route Microsoft 365 Traffic

The financial institution had already been working with Fortinet prior to the COVID-19 outbreak. Through this relationship, Fortinet had gained insight into the organization’s network infrastructure and business needs.

Consequently, when the financial institution began experiencing increased network latency on Microsoft 365 traffic, it reached out to Fortinet for guidance. The institution wanted to implement split tunneling as Microsoft recommended, without compromising on security.

A FortiGate next-generation firewall (NGFW) enabled the organization to accomplish this goal and resolved the server IP address and URL update problems as well. The Internet Services Database (ISDB), which is an integrated component of the FortiGate’s SD-WAN capability included in all FortiGate NGFWs maintains updated IP addresses of Microsoft 365 servers and can route traffic accordingly.

By deploying the FortiGate NGFW, Microsoft destined traffic receives the benefit of the FortiGate NGFW’s threat detection capabilities. From there, it is routed directly to the internet, eliminating the latency associated with the legacy security stack. This solution provided measurable improvements in email, Skype, Teams, SharePoint, and OneDrive load times, with minimal changes to the organization’s network infrastructure.

Setting the Stage for Future SaaS Adoption

The COVID-19 crisis has driven organizations to suddenly support telework, and, for many, this work arrangement is unlikely to change soon. The issues this financial institution experienced with regard to SaaS traffic performance and latency are a widespread problem.

By taking advantage of the ISDB integrated into FortiGate NGFWs, an organization can solve latency issues associated with any SaaS application. The ISDB performs the same optimized routing for other SaaS applications, such as Salesforce or Amazon Web Services (AWS), enabling organizations to support telework at scale without sacrificing network performance or security.

Discover how Fortinet secures financial services institutions from advanced threats while optimizing for cost and efficiency. 

Read these customer case studies to see how Coopenae and this global financial services organization secure sensitive information with high-performance security solutions backed by the latest threat intelligence.