Partners

Considerations for Managed Service Providers as SD-WAN Adoption Grows

By Fortinet | August 25, 2020

This is a summary of an article written for MSPinsights by Satish Madiraju, Director of Products and Solutions at Fortinet. The entire article can be accessed here

Over the past two years, SD-WAN has experienced one of the highest rates of adoption of any digital transformation technology as more organizations move their business-critical applications to the cloud. And as digital transformation and cloud adoption continue to accelerate, it is no surprise that SD-WAN adoption rates are expected to grow at a compound annual rate of 58% over the next six years. In addition to enterprises continuing to purchase SD-WAN solutions for their organizations, this next stage will also see a transition toward managed service providers offering a turnkey SD-WAN solution for customers. This specific category of managed services is forecasted to grow approximately 70% through 2025.

Managed service providers are now actively looking for SD-WAN vendors and solutions to partner with in order to meet this growing demand by their customers. However, not all SD-WAN solutions are created equal, and managed service providers must consider several factors when selecting an offering. By paying attention to specific criteria, however, they can create an effective strategy to growing their managed services business around SD-WAN by effectively helping their customers navigate their cloud transition strategy and re-think their network architectures. 

Managed Services vs. DIY SD-WAN

The majority of SD-WAN solutions available today provide a generic set of connectivity and traffic shaping tools. From an MSP perspective, however, few of them were developed with managed services in mind. They generally support narrow use cases, struggle to scale effectively, and do not provide any sort of tiered model for deployment or management. For customers, narrow use cases mean solutions don’t easily grow as business models evolve. And for MSPs, deploying these as a managed service requires a significant amount of back-end engineering, and even then, limits the scope of customers they can address.

Making things worse, few of these solutions were built with security in mind. Addressing this deployment gap can be challenging for most organizations, requiring the development of an elaborate security overlay that can result in a solution that is more expensive to build and maintain than initially thought. So instead of looking to construct and manage a complex SD-WAN security overlay on their own, many organizations simply want to transfer their SD-WAN deployment and management efforts to an MSP to keep their focus on business-critical objectives. But without an effective security strategy in place, MSPs face the same challenge – building a broad and nimble enough security overlay solution that can address the dynamic nature of SD-WAN deployments.

The Challenge with a DIY Approach to SD-WAN

Organizations face several challenges when trying to secure their SD-WAN solution post-deployment. Traditionally, traffic routed through an MPLS and WAN router configuration received security inspection and protection at the core network or data center edge. However, when branch offices connect directly to cloud and internet services to avoid backhauling traffic and applications through the core network, the benefits of the enterprise security stack are lost. And in the race to address the problem of connectivity – where increasing amounts of data were overwhelming core servers – many SD-WAN vendors disregarded the critical issue of security.  

Once an organization realizes that the basic VPN and firewall solution that comes packaged with their new SD-WAN device does not offer the protection they need, they are forced to build an overlay security solution. This is not only expensive to build and maintain, but because it is not integrated with the connectivity functions of the SD-WAN, it is also continually trying to catch up with dynamically changing connections, creating serious security gaps. While addressing this challenge creates an important opportunity for MSPs, they need to also consider that they will face these same challenges when attempting to develop a turnkey SD-WAN solution. However, by partnering with a vendor that has already addressed security, scalability, tiered management, and interoperability, service providers can quickly help customers address these challenges in a way that few SD-WAN solutions enable. 

The Emergence of Standards in the SD-WAN Space

Standards and certifications should also play a critical role in the development of any solution, but until recently, there were few guidelines to follow when it came to SD-WAN offerings. To address this gap, the Metro Ethernet Forum (MEF) – a development community with over 130 service providers worldwide that work to solve challenges for services being orchestrated across global networks – stepped in. The SD-WAN standards developed by MEF ensure that solutions not only meet the evolving needs of the digital marketplace but also interoperate using universal protocols to establish and maintain reliable and secure connections. As a result, MSPs should look to partner with SD-WAN vendors who have adopted – and participate in the development of – these industry standards. 

Ensure Cost-Effectiveness and Accelerated Onboarding for Customers

 “Time is money,” and MSPs need to start with an SD-WAN solution that can maximize profitability and reduce overhead spent on managing and optimizing solutions and onboarding new customers. This will ensure the solution can meet as many customer use cases as possible, as well as enable different systems to see and share information to accelerate and coordinate responses, as well as dynamically secure connections across the environment. 

MSPs want to ensure they adopt and deploy the most cost-effective solution able to meet the connectivity and security needs of the widest range of customers. To start, they should work their way through the following six steps to ensure they are providing a solution that addresses the challenges noted above:

  1. Choose vendors that abide by – or are involved in the creation of – the SD-WAN connectivity and security standards developed by MEF. Fortinet is a leading participant in the MEF forum, and has been recognized by MEF for the development of several critical security standards that have been adopted by the body.
  2. Look for SD-WAN solutions like Fortinet’ Secure SD-WAN that have already fully integrated security and connectivity management into a single console to reduce the overhead required to develop and manage a secure SD-WAN service.
  3. And when it comes to security, choose a solution like Fortinet Secure SD-WAN that features a full suite of integrated security solutions, including firewalls, IPS, antivirus, and web filtering, to provide customers with a unified security fabric that enables consistent and coordinated security analysis while also supporting an API-driven ecosystem. 
  4. Prioritize SD-WAN solutions that can recognize and guide connections to the appropriate cloud-based application to improve performance and customer experience. Fortinet’s Secure SD-WAN solution includes a built-in connector, rather than the usual configuration used by most vendors that place their connector in the cloud. This eliminates an extra hop between the device and the application, ensuring the fastest possible cloud on-ramp.
  5. While security is a critical factor, performance is another hurdle that must be addressed when it comes to SD-WAN. As a majority of SD-WAN traffic is likely to be encrypted, most traditional security solutions will either be too slow, too expensive, or too slow and too expensive to meet the requirements of SD-WAN deployment. Additionally, when relying on off-the-shelf CPUs that were not designed for the decryption and inspection tasks they are now being assigned, managed service providers are finding that most firewall solutions are not able to meet their performance standards. Fortinet’s Secure SD-WAN appliances feature custom-built hardware designed to accelerate both connection management and security processing to ensure the fastest application access and data protection services in the industry.
  6. Finally, look for solutions built around common standards and APIs that enable fast and seamless integration between the SD-WAN solution and the MSP services platform. This not only helps accelerate time to deployment, but also ensures that MSPs can continue to effectively leverage their existing investments.

Final Thoughts of Adopting Secure SD-WAN

When choosing an SD-WAN solution for their customers, managed service providers must consider a variety of factors, ranging from built-in security features to cost-effectiveness to easy integration into the MSP environment. By adopting a fully integrated and performance-enhanced solution like Fortinet’s Secure SD-WAN, MSPs and MSSPs can differentiate themselves with their customers while providing a solution that is built to last. 

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.

Read these customer case studies to see how De Heus and Burger King Brazil implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.

Current partners can visit the Partner Portal to find important updates from Fortinet and our partner program.