This is a summary of an article written for 5G Exchange by Satish Madiraju, Director of Products and Solutions at Fortinet. The entire article can be accessed here.
High-speed, low-latency 5G networks have the power to transform how business gets done. However, the journey to full-scale, comprehensive 5G coverage will not happen overnight. Even once it becomes more widely available, there are few devices in use today that support 5G, and fewer applications that require the level of performance provided through these networks. This means that businesses must keep all options open when it comes to connectivity, even if 5G is available in their area.
With all options left on the table, managing and securing network connections gets even more complicated. Organizations must not only provide the right kind of connection to a specific device using a certain application, but they must also recognize when connectivity requirements change or if a connection starts to break down. Additionally, they must be able to make quick connectivity changes without impacting performance or causing interruptions.
At the same time, there must be security strategies in place that prevent the exposure of sensitive traffic to risk as these connections shift. Achieving this level of security requires smart networks that can take into account decisions being made at the network/connectivity level, that can evaluate the performance capabilities of end-users, the edge, or IoT devices, and that understands the performance requirements of an application. It then needs to not only be able to map these requirements to the best possible connection, and then change connections when needed, but also maintain security as an integrated part of this process to ensure everything is adjusted simultaneously.
This is a complex challenge that few vendors have figured out how to address. And it is essential to note that adding 5G to the list of available options is not as simple as just having another choice for connectivity. Instead, adding more options to a system built on multiple moving parts can aggravate the challenge of selecting, monitoring, and managing connections exponentially – ultimately outstripping the capacity and management capabilities of traditional edge-based routers.
Because traditional WAN routers were never designed for the connectivity complexities of today’s branch offices, when organizations begin considering their move to 5G, they should also consider moving to SD-WAN. In addition to already being designed to support and manage 5G connections, these solutions can automatically determine the requirements needed to establish the appropriate connection for any given application or service. No matter the number of users making connections to different services, SD-WAN solutions can provide the flexibility needed to establish and alter connections based on bandwidth requirements, connection quality, and cost. If a connection deteriorates due to latency or packet loss, these solutions should also be able to dynamically swap it out for another. And a Secure SD-WAN solution is able to maintain critical security as an integrated component of the connectivity management process. By leveraging SD-WAN, organizations can ensure all devices have the best possible connection rates at all times without compromising on flexibility, visibility, or protection.
Despite the benefits it offers, SD-WAN, like any solution, is not perfect. When making the switch from a WAN router to a traditional SD-WAN solution, organizations lose the protections associated with traffic backhauled through the data center. While most SD-WAN solutions provide some very basic tools to replace the full stack of enterprise-class security, such as a VPN and a stripped-down firewall, they are simply not good enough.
To support the connectivity and bandwidth requirements of today’s organizations and their applications, They need a Secure SD-WAN solution able to effectively manage and secure continually changing environments in real time. If this cannot happen, security will be left struggling to keep up as connection and application requirements change, resulting in gaps that open the door for cybercriminals to exploit networks.
In addition to the usual challenges associated with securing SD-WAN, these complexities only increase when 5G is brought into the mix. To keep up with 5G speeds and avoid security becoming a critical bottleneck when performing essential tasks such as inspecting encrypted traffic, security will need to function faster than ever. In fact, faster than most purpose-built security products available today. And as the volume of encrypted traffic rises – which currently makes up more than 70% of network traffic – so does the adoption rate of TLS 1.3, the faster and more secure successor to SSL. Considering these changes, ensuring that security can support 5G speeds without interrupting business-critical communication is more essential than ever.
Achieving this level of security may be easier said than done. Inspecting encrypted traffic takes a heavy toll on next-generation firewall (NGFW) performance – so much so that many vendors refuse to even publish their performance numbers. Which means that actively inspecting the ever-increasing volume of encrypted traffic – especially when using TLS 1.3 to secure 5G connections – will have an increasingly negative impact on both the firewall and SD-WAN connectivity as performance expectations climb, ultimately threatening one of the primary reasons why 5G was initially adopted.
To meet these new performance requirements and keep pace with tasks like the inspection of encrypted traffic, organizations must adopt a purpose-built Secure SD-WAN solution designed from the ground up for performance. By leveraging purpose-built security ASICs, as opposed to commercial processors, Fortinet’s Secure SD-WAN solution is the only device designed to manage critical security functions while maintaining performance at these rates.
Security must also be seamlessly integrated with the networking side of SD-WAN to ensure that when a connection needs to be changed, both pieces respond as a single, consolidated system. Additionally, a unified management interface will ensure that any changes within the SD-WAN environment will be visible and easily managed through a single pane of glass. Fortinet is the only SD-WAN vendor to provide these essential capabilities.
As 5G makes its way to the forefront, the critical role of Secure SD-WAN in any remote connectivity strategy should not be overlooked. SD-WAN offerings built around a service infrastructure that integrates networking and security into a single solution, combined with hardware designed to deliver the performance and scalability that 5G-powered networks require, are the perfect solutions for organizations transitioning to 5G. With advanced functionality on their side, organizations can keep risks at bay as they progress through their next journey to full-fledged 5G capability.
Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.