Growth in the extension of voice, video, and cloud services to branch offices is prompting many enterprises to embrace SD-WAN as an alternative to their legacy WAN infrastructure solutions. Until recently, one of the most reliable components of any network was the MPLS backbone that was used to create reliable and secure WAN connections between branch offices and central corporate computing. The addition of cloud networking and IoT devices that generate large volumes of data has changed that. Digital transformation has redistributed networks across cloud environments, making those connections both highly dynamic and often temporary. MPLS is simply too expensive and too cumbersome to adapt to today’s constantly shifting networks.
SD-WAN has emerged as a top consideration for organizations looking to adopt the efficiencies and agility that today’s digital businesses require. It is one of the most rapidly growing network market segments (60% YoY) because it helps distributed enterprises quickly respond to digital business demands by improving employee productivity, reducing operating expenses, and simplifying operations.
However, many organizations rushing to adopt SD-WAN forget one of the most critical aspects of their previous MPLS network, and that is its inherent security. Encrypted communications over hardened pipelines ensured that data, applications, and workflows were protected continuously, and that performance was reliable enough for even the most latency-sensitive services.
SD-WAN offers essential benefits associated with new digital business requirements such as direct cloud access, better application performance, increased agility, and lower costs, enabling organizations to take advantage of the efficiencies and agility that today’s networks provide. But it also comes with security challenges, as traffic is no longer routed through the corporate data center and protected by isolated MPLS connections and next-generation firewalls.
That’s why, in addition to network functions, including traditional routing, WAN path control, and WAN optimization, SD-WAN solutions need to also provide a full spectrum of powerful and integrated security tools that also operate natively. Because of the rise in cybercrime and network breaches that originate in the branch office, SD-WAN security can no longer be addressed as an afterthought.
The failure to provide fully integrated and seamless protection as part of their SD-WAN technology means that far too many vendor solutions either introduce significant risk to your organization, or force you to integrate it with your other security solutions by hand. Not only does this introduce additional costs and overhead during the initial installation, but because these tools all require entirely separate management systems they can also significantly impact TCO. Unfortunately, because most SD-WAN vendors obfuscate the nature of their security functionality, these hidden costs are often unseen until after an SD-WAN solution has been selected and deployed, and the need to implement thorough security becomes apparent.
Enterprises need to be able to translate high-level business policies into application and user-level policies that can be globally distributed to all devices with little effort. This requires weaving automation into the core components of SD-WAN to ensure reliable cloud access, better application performance, and increased agility.
Automation also enables business level policies to be translated to the user and application level. This requires seamless integration across cloud vendors so networking and security features perform identically on both ends of a cloud connection. This significantly enhances critical application performance, while ensuring that workflows and security policies can automatically track and adapt to changes in the network.
Deploying SD-WAN should also be as easy as turning on a feature. This requires single-pane-of-glass management system that consolidates the configuration, management, and monitoring of both networking and security policies through a single, centralized console. Organizations should also look for zero-touch provisioning to quickly connect and secure new branches with little expertise and no additional overhead.
In addition to all of the advanced networking capabilities that organizations require, including application steering, automated WAN path control, and zero-touch provisioning, essential security functions need to also be integrated to protect your organization from new threats targeting today's branch offices. The seamless inspection of SSL-encrypted traffic for malware, the ability to detect advanced malware using IPS, URL Filtering, antivirus, and sandboxing, and the ability integrate those security functions across existing network-wide security infrastructure and management systems are all essential components of an effective SD-WAN solution.
And because branch offices rarely have IT expertise on-site, the simple remote installation and management of SD-WAN technology must also be part of any solution you consider. The entire solution, including network and security functions, need to be managed either on-premises or from the cloud through a single console for centralized deployment, management, orchestration, and troubleshooting.
To better respond to the demands of today's highly fluid digital marketplace, organizations are having to re-architect their networks. This includes transitioning away from the static MPLS networks of the past to connect their branch offices. SD-WAN solutions hold the promise of providing the agility and flexibility today’s digital businesses require. However, far too many of the SD-WAN solutions being offered today do not adequately address security, leaving far too many organizations exposed to increased risk—just at the time that cybercriminals are increasingly targeting branch offices as one of the weakest links in an organization’s security strategy.
Enterprises that implement SD-WAN deployments without an aggressive security strategy put themselves at a higher risk for malicious attacks and data breaches because advanced NGFW solutions are rarely present at the branch. This is why built-in security is a clear differentiator for SD-WAN solutions. By combining security with SD-WAN, organizations not only reduce complexity—such as easier management, monitoring, and lower TCO—but also ensure that their digital transformation efforts to blend distributed branches into a single enterprise network don’t result in exposing themselves to new and unnecessary risks.
Visit Fortinet’s FortiGate SD-WAN homepage to learn more about this advanced security solution.