Industry Trends

Selecting Secure SD-WAN Solutions Based on Use Case Requirements

By Nirav Shah | March 20, 2020

To keep up with digital innovation efforts, organizations are increasingly replacing their traditional WAN edge, built around static MPLS and router deployments. New SD-WAN solutions include business application recognition and steering, WAN path optimization, advance routing, and security – enabling organizations to take full advantage of the ongoing digital revolution at their remote sites and branch offices.

But SD-WAN requirements are maturing, and as a result, many solutions are incomplete. Issues like limited scalability, the lack of automation to simplify operations, and lackluster cloud on-ramp and cloud and SaaS integrations can result in a poor user experience that can undermine the value of an SD-WAN deployment. Instead, SD-WAN solutions need to provide a robust set of networking and connectivity tools that can meet and adapt to the dynamic nature of digital innovation, especially as organizations move more aggressively to the cloud, transition from regional to global deployments, or expand the number of their regional offices.

At the same time, the inadequate security capabilities provided by most SD-WAN solutions, if they are provided at all, expose the organization to far greater risk than their traditional WAN solution ever did, even when additional security tools are applied as an overlay. The multiple point security products required to fill the resulting security gaps can quickly overwhelm allocated capital expense budgets, while the resulting increased infrastructure complexity increases ongoing operational expenses.

As a result, SD-WAN customers are increasingly making a transition to a Secure SD-WAN solution that integrates SD-WAN and security functionality into a single, cohesive system.

Selecting Secure SD-WAN Solutions Based on Use Case Requirements

Even as networks become more diversified and distributed, the need to keep everyone connected to the organization and have access to critical applications and services remains constant. Which means that specific SD-WAN use cases not only continue to multiply, but evolve as well, which requires organizations to carefully consider which SD-WAN features and functions are most important for their organization, now and into the future. Today, common SD-WAN use cases include:

Smaller or Regional Wide Area Networks – Midsize organizations, enterprises with just a handful of WAN locations, or enterprises who break their WAN into smaller, regional areas – usually less than 50 locations – require a cost-effective SD-WAN solution that provides visibility and control. But they may not require the full range of application performance and optimization tools that a global installation might require. Their primary concerns include ease of use, automation, and integrated security – each of which is equally important to reduce both CapEx and OpEx. Likewise, zero-touch deployment is critical as IT resources, especially in mid-sized organizations, are often limited. And at the same time, more robust services need to be available as their requirements evolve so they aren’t faced with the need to rip and replace installed devices and central management systems.

Franchises and Independent Offices – Highly distributed locations, such as doctor’s offices and clinics, bank branches, and independent insurance agents require a different sort of SD-WAN solution than traditional regional or global deployments within a single organization. Given the often low margin/high volume business models of many of these organizations, cost is a critical factor. As a result, any SD-WAN solution needs to incur minimal overhead as well as minimal ongoing operational expenses.

And as would be expected, their connectivity primarily relies on the public internet, which can introduce issues regarding performance management as well as potential security risks. These unique challenges require small platform flexibility that can also support potentially high scalability. This use case also has unique application and security requirements to support and protect things guest internet service, as well as IoT device management for refrigeration units, point-of-sale systems, and inventory management.

Corporate-wide or Global WANs – Organizations with global or multi-national deployments, ranging from a few hundred to several thousand sites, need a robust and highly scalable solution with a full range of traffic management and connectivity controls to support multiple connection paths, meshed VPN, and broad application awareness. In this use case, often due to geographical distances or traffic or connectivity volumes, a significant number of resources have usually been moved to the cloud. This puts a significant emphasis on cloud integration and high-performance application steering to ensure optimal user experience on any SD-WAN solutions under consideration.

WAN and SaaS optimization, intelligent routing, and QoS techniques are especially critical for multi-national connections, since they can often be less reliable than local or regional services. Resulting latency, jitter, and packet-loss can seriously degrade business-critical application performance. And because data may span multiple political boundaries, the need for a suite of compliance-aware security becomes table stakes for deployments to meet a variety of data privacy and protection regulations.

Secured Environments – In places where organizations dealing with sensitive or classified data being moved between locations over an SD-WAN connection, or the collection and transfer of PII for customers, the number of locations is less relevant than the need to provide comprehensive security. Financial institutions that manage transactions and services, healthcare environments that access patient information and highly sensitive Medical IoT devices, government agencies, and even some retail environments often fall into this category. These environments require the deployment of a full stack of security solutions – such as firewall, IPS, antivirus/malware, sandboxing, web filtering, and a secure web gateway, to name a few.

However, most of these organizations also have one of the previous three use case requirements as well, which means that robust security needs to be woven into any SD-WAN solution by default. Unfortunately, most SD-WAN vendors have punted this requirement to the SD-WAN customer, requiring security services to be deployed as an overlay solution – with all of the attendant issues related to additional management and orchestration layer. And at the same time, trying to manage WAN and security functionality when they have been deployed as isolated and independent services can be a logistical nightmare, leaving organizations open to critical security gaps, such as maintaining security during a sudden connectivity failover, where security is alerted to changes in connectivity status after the fact, leaving gaps in transmission protections.

Multiple Use Cases, One Solution

Ensuring that an SD-WAN solution meets use case requirements is essential. But the challenge is that digital innovation ensures that no network will remain static for long. As a result, an organization may need to meet more than one of these use cases, if not now, then shortly. And given issues like limited IT staff due to the escalating cyber skills gap, and limited budgets available to replace deployed solutions, the last thing they need is to introduce even more vendor and solution sprawl into their organization with multiple SD-WAN and security solutions in place. Instead, they need to consider standardizing on an SD-WAN solution designed for the widest variety of SD-WAN use cases possible so it can grow with their business.

To meet that requirement, an effective SD-WAN solution needs to provide things like form factor flexibility (virtual and physical) for maximum deployment options, advanced routing, WAN remediation, and application optimization to ensure QoS and QoE, multiple WAN interfaces to support a variety of connectivity options (multiple ISPs, MPLS, LTE/5G, etc.), integrated cloud options, service chaining to automate traffic flows between services, broad application awareness for high-speed steering, VPN to ensure secure connectivity between branch offices, primary networks and datacenters, and cloud applications, and a full stack of integrated security solutions for unified functionality and management.

And for good measure, an SD-WAN solution should also be able to be seamlessly integrated into the SD-Branch environment to extend protections and connectivity options across the local LAN to protect local data and resources, including access points and connected IoT devices.

SD-WAN solutions and requirements are maturing and it is now about much more than simply connecting a branch office to the cloud. Luckily, there are cost-effective solutions available today that are dynamic enough to effectively address a wide variety of use cases to ensure consistent user experience even as organizations evolve. Today’s organizations no longer have to settle for an incomplete SD-WAN solution and should look for those that address multiple use cases to avoid compounding overhead or disrupting business as their connectivity needs expand with their business.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.