The convergence of network and security allows operators in the retail industry to minimize risks while optimizing the customer experience. In an episode of the Packet Pushers podcast, Fortinet CISO for Retail, Courtney Radke, and Batteries Plus Infrastructure Architect Jason Thelen sat down to discuss the role of Secure SD-WAN in the retail space.
Many retailers have traditionally relied on back-up connectivity alone for business continuity in the event their primary internet connection went down. If their connection went down entirely, they may have only missed out on a small portion of potential sales. But that is not the case today. With robust applications being critical to retail operations and the digital “always on” experience being the table-stakes, retailers can no longer take the same approach to connectivity as they did just a few years ago.
For example, before recent upgrades, Batteries Plus used a less sophisticated firewall with dedicated Internet Protocol security (IPsec) connections that lacked an automated way to failover to a secondary connection. So if a store’s primary internet connection went down, it would take several minutes to connect to an LTE backup device, call into the help desk, or get their virtual private network (VPN) password reset. When these outages occurred, they would lose sales as customers could not be adequately supported and would unfortunately walk out the door.
Security is also a significant concern for retailers, particularly because they are responsible for ensuring customer data (i.e., credit card numbers, personal information, etc.) is kept safe. A conflict emerges, however, when beefing up security leads to a less efficient system full of delays, or conversely, when security is sacrificed in favor of customer experience.
Software-defined wide-area network (SD-WAN) solutions can provide retailers with flexibility and automation, allowing for rapid architecture changes, optimization of multiple active connections, and seamless failover when outages occur. Retail is all about customer experience, and SD-WAN is built in a way that protects and enables that experience.
Batteries Plus has incorporated SD-WAN into their current setup, which uses a terrestrial circuit and an LTE circuit in combination. Most traffic is prioritized over the terrestrial connection during regular use, with a fraction of it occurring through LTE – but when one circuit goes down, or is in a state that doesn’t meet business SLAs, the other one picks up the load. Since this move, operations have changed dramatically. “We no longer dread the day our terrestrial connections go down,” says Thelen. “Today, we have stores failover seamlessly between their primary connection to their cellular backup.”
Another significant feature of SD-WAN in the retail space is that it enables the business to open new sites very quickly since there is no longer a need to wait weeks for circuit provisioning. Instead, users can plug in whatever circuit they want and have it ride on an SD-WAN backbone, supporting an “always-on” experience. As a result, retailers are able to focus on running the business instead of micro-managing the network without worrying about sacrificing performance. “Over the last few years, and definitely over the last 12 months, we’ve seen SD-WAN really go from a ‘nice-to-have’ to a ‘have-to-have’,” says Radke.
While all SD-WAN solutions promise greater flexibility, rapid failover capabilities, and more, it’s important to note that not all SD-WAN solutions are created equally, particularly when it comes to security. In fact, many don’t come with their own security at all, instead requiring a security overlay or bolt-on solution provided by the customer, or forgone entirely, which can lead to more expensive, inefficient and unsecure setups.
Fortinet’s Secure SD-WAN solution, however, takes a security-driven network approach that consolidates SD-WAN, next-generation firewall (NGFW), and advanced routing capabilities to enable superior quality of experience at scale, the ability to orchestrate consistent network and security policies, achieve operation efficiencies, and more. “The threats are real,” says Radke. “But Fortinet’s SD-WAN is Secure SD-WAN.”
According to Thelen, “We definitely sleep better at night knowing that’s all baked into the product.” He further cites the tremendous degree of confidence that comes with Fortinet’s security standing as a primary reason for choosing Fortinet for Batteries Plus’ SD-WAN solution.
After replacing aging WAN connections with Secure SD-WAN to boost unified communications, better enable interconnectivity, and fully integrate security, retail organizations should consider incorporating a Secure SD-Branch solution, as well.
Secure SD-Branch integrates SD-WAN technology with network access to deliver an even more secure and manageable remote branch. “SD-WAN is all about protecting that experience and making sure that you’re getting the best investment from your transports,” says Radke, “And SD-Branch is all about getting the best investment from a long-lived infrastructure.”
SD-Branch boils down to the three core elements: integration, orchestration, and automation. According to Radke, “You didn’t normally get that in the past.” Instead, users would have to use one interface for switching, another for access points (APs), another for SD-WAN, and so on. The inefficient piecemeal architecture would not only prove challenging to manage, but the lack of unification would leave security coverage gaps.
Batteries Plus is now going with an SD-Branch model, which involves bringing in other Fortinet gear like wireless APs at each store. By leveraging FortiManager, Batteries Plus can now push out uniform policies to every single store at the same time, including whitelisting and blocking URLs and different network segmentation policies to provide payment card industry (PCI) data security standard security while also keeping other PCs from acting as registers when they shouldn’t be. “It’s a very well thought out architecture,” says Thelen.
This more comprehensive secure SD-Branch solution not only incorporates secure SD-WAN, making things easier to manage and more secure, but it also allows retailers to embrace a zero trust approach in its entirety. “When you start to think about your switches, APs, and firewalls in an integrated way, zero trust is much easier,” says Radke. “And moving to a zero trust methodology is honestly where everyone should be going.”
Retailers today rely on cost and technology efficiencies. This means looking for ways to standardize and reduce overall risk. According to Radke, “Those are the things that SD-Branch provides.”
Find out more about how Fortinet offers retailers a broad set of network and security technologies that are seamlessly integrated and automated to help retailers secure digital transformation initiatives.
Take a security-driven networking approach to improve user experience and simplify operations at the WAN edge with Fortinet Secure SD-WAN.