Business & Technology

Realizing the Full Potential of Secure SD-WAN

By John Maddison | May 21, 2018

The growing appeal of SD-WAN technologies has caught the attention of the IT world. The benefits of efficient cloud adoption, broad application visibility, and lowered operating costs have combined to create a powerful value proposition that resonates with both IT professionals and business executives alike.

However, while the decision to deploy an SD-WAN may be relatively straightforward, extracting the full range of benefits requires an in-depth evaluation of a variety of other supporting components. If ignored, it is all too easy for the enticements of speed and agility to overshadow some of the more fundamental needs of a corporate environment, such as security.

To combat this potential imbalance, more and more companies are looking for solutions to realize the SD-WAN promise while simultaneously maintaining pervasive network security. In order for a security solution to meet the demands of an SD-WAN architecture it needs to share many of the same design tenets, including speed, agility, and flexibility, coupled with dramatic scalability. Simply handing off traffic inspection to an entirely separate security solution can create challenges for latency and time-sensitive applications and workflows. Instead, SD-WAN and security need to be as tightly integrated as possible. An effective solution needs to be able to provide granular inspection while also intelligently prioritizing the routing of applications to optimize network bandwidth based on specific application and user needs, while single-pane-of-glass management is essential for the secure adoption of SD-WAN’s software-defined networking technology.

Another critical factor in selecting an SD-WAN architecture solution is its ability to support and secure a hybrid environment that often combines elements from a legacy infrastructure with new networking components. For some projects, this transitional state may only exist for a relatively short period of time, while for others it becomes a semi-permanent state of affairs. In either case, consistent security without compromising performance and functionality is key. Which means any security solution needs to provide industry-leading protection and performance across legacy, SD-WAN, and hybrid configurations without adding additional complexity to overall visibility, management, and orchestration.

Below are some brief examples from organizations that have implemented SD-WAN solutions that leverage Fortinet’s solution strategy. All four of these deployments were successful because they implemented an SD-WAN solution that included security and networking functionality woven together into a single solution. This approach allowed them to provide effective SD-WAN networking combined with next-generation protection that intrinsically understood and supported critical business rules and workflow requirements. Such an approach enabled them to realize the full benefits of an SD-WAN deployment that could also accelerate their digital transformation efforts.

Alorica

Global solutions provider Alorica has 100,000 employees in 140 locations across 16 countries around the world, and a topology that sits at the sweet spot for SD-WAN. Jonathan Merrell, Alorica’s CIO, commented, “As we transition from our legacy network to a powerful SD-WAN we rely on Fortinet solutions because they are bulletproof, massively reliable, and have the flexibility to support our business. Fortinet gives us many different ways to implement security across the entire network and yet still have the speed and flexibility we need to onboard customers.”

He continued, “Every piece of data that runs through our network is protected by the Fortinet Security Fabric. Fortinet’s SD-WAN capabilities give us enterprise-wide visibility from a single pane of glass – instead of being forced to look at individual events, we can now make decisions on a global basis.”

Hear Alorica’s CIO, Jonathon Merrel, describe his FortiGate SD-WAN experiences in this video

Major Car Rental Company

For a high-profile South American car rental company, privacy compliance legislation was used as the catalyst for wide scale upgrades of its IT environment, including the deployment of SD-WAN and extensive Wi-Fi improvements.

The FortiGate SD-WAN technology they implemented—which was then seamlessly integrated with other Fortinet solutions, such as FortiManager—resulted in a dramatic reduction of overall telecom-related costs. The company’s numerous distributed branches were able to elevate the experience of customers by reducing the service time for vehicle deliveries and returns. Fortinet access points, fully integrated with each facility’s FortiGate appliance, enabled the creation of secure guest Wi-Fi facilities at every rental location. The extensive security features of the FortiGate portfolio – including IPS, AV, and web filtering – were then activated to secure against increased vulnerabilities caused by these new BYOD policies.

Across the SD-WAN, the architectural integration and throughput capabilities of the Fortinet components selected enabled the use of an active-active configuration to provide an intelligent WAN path controller combined with high-availability redundancy with failover protection across incoming broadband links.

The ability to prioritize specific applications – using the highly granular traffic shaping capabilities of the FortiGate – enabled the IT team to ensure that key functions within the company were allocated with the highest levels of resources. Additionally, employees engaged in front-facing activities were given priority to assure an optimal customer experience.

Internet Service Provider

As one of the largest government-run ISPs in South America, this organization leveraged the ability of the FortiGate to simultaneously deliver enterprise-grade security as well as sophisticated routing and prioritization capabilities in an SD-WAN environment. Almost three thousand FortiGate appliances were deployed at headquarters and remote locations to provide application-specific traffic shaping and load balancing. Alternative non-Fortinet approaches – such as routers, firewalls, standalone application and network load balancers, etc. – were dismissed because they necessitated the use of multiple isolated devices and a complex management and configuration back end.

The flexibility and scalability of their Fortinet-secured SD-WAN solution has allowed the company to expand its offerings of business services, especially in the high-growth Secure-CPE (customer-premises equipment) sector. Across the ISP’s widespread SD-WAN infrastructure, the breadth of the FortiGate range enabled each location to receive a precisely sized model tailored to the individual needs of the facility.

European Risk Management Specialist

Focused on increasing the safety of workers and property, this company is heavily involved with industrial plants, airports, hospitals, and even nuclear facilities. A traditional MPLS network served thousands of employees and several hundred thousand clients worldwide. The network had restricted centralized management capabilities and the growing traffic density was impacting critical applications.

A new, company-wide SD-WAN implementation was the favored approach but concerns around security and the inability of the underlying IT functions to support future business directions caused the company to hesitate about moving forward. The Fortinet solution addressed multiple concerns in a single solution, including integrated URL filtering, content analysis, SSL offloading, and intelligent application routing control. In addition, the combination of FortiManager and FortiAnalyzer delivered single-pane-of-glass administration for wired and wireless devices with highly granular visibility across the entire network.

This architectural approach provided a compelling foundation for the projected evolution of the company’s service and solution offerings.

Read this eBook to find out how Fortinet's SD-WAN solution delivers critical capabilities such as:

·       Broad application visibility and classification

·       Effortless WAN efficiency for improved application SLA

·       Complete threat protection with integrated NGFW

·       Lower TCO and resource needs

 

This byline originally appeared in CSO.