SD-WAN and Security: An Inevitable Integration


Predicting the future isn’t always as difficult as it may seem. It involves seeing and understanding the concept of inevitability. Inevitability curves exist when you can see a state that will inevitably occur, i.e., everyone at your company will have access to the power of digital transformation and then mapping the line connecting the present to that future. When a seemingly insurmountable challenge intersects with an inevitability curve, progress toward that future state is halted until that problem can be resolved. 

Fortunately, we humans tend to be really good at solving problems.

This is why most progress involves a series of stops and starts, rather than a single line of continuous progress, a concept described by Dr. Stephen Jay Gould as punctuated equilibrium. Digital transformation has been filled with them.

WAN Edge Transformation

The most recent example is the need to make business-critical applications and agile connectivity to cloud services available to everyone, from branch offices to campuses. What’s inevitable is that everyone in an organization, regardless of their location, will have access to the tools they need to be successful. However, issues like performance and security are becoming roadblocks to achieving a future of ubiquitous access.

Organizations have realized that a major roadblock to achieving true digital transformation was the static MPLS connections and legacy WAN routers that connected branch offices to business-critical applications, data, and services. Fortunately, (or as some would say, inevitably) SD-WAN arrived just in time to address that challenge. The Gartner report “Forecast Analysis: Enterprise Networking Connectivity Growth Trends, Worldwide,” states “by year-end 2023, 60% of enterprises will have implemented SD-WAN, up from less than 20% in 2019, to increase network agility and enhance support for cloud applications.”

SD-WAN Only Solves Half of the Branch Transformation Problem

Most of that growth to-date has been by early adopters who have been willing to do the hard work of planning, designing, implementing, and optimizing their SD-WAN solution on their own. And they have discovered the next challenge on this inevitability curve: nearly all SD-WAN solutions available only solve half of the problem. It turns out, the real goal is secure connectivity, and if our ability to effectively secure SD-WAN connections isn’t addressed, the inevitability curve for complete digital transformation will be disrupted by the high cost and low performance of most SD-WAN solutions available today.

But that challenge is also solvable, and I predict that in 2020 organizations will see and gravitate toward that more complete solution just as vendors start bringing this next generation of Secure SD-WAN solutions to market.

The challenge, in a nutshell, is that all classic branch connections flowed through the core network, where data and applications and workflows were protected by the powerful enterprise-class security solutions in place there. Moving those connections to the public network through SD-WAN, so users have direct and faster access to business-critical applications and resources took that all away. And the first generation of SD-WAN solutions failed to compensate for that loss of security by either not providing any security at all, or by only providing very basic tools like VPN and stripped-down firewall, which were woefully inadequate for the job.

The Twin Challenges of Performance and Interoperability

Organizations were forced to try and address this challenge by building their own security overlay solution. But that has been quickly identified as a development dead end. Adding security tools to an SD-WAN solution multiplies the costs, both in terms of capital investment in security devices, as well as in ongoing operational costs associated with managing a complex set of isolated solutions. And even when organizations are willing to accept those additional challenges, the security being deployed simply doesn’t solve the problems.

The first issue is performance. The 2019 Internet Trends report estimates that 87% of all web traffic is now encrypted, and that number is likely to climb as more data flows across public networks. And as anyone involved in security knows, inspecting encrypted data is like kryptonite to most next-gen firewalls, driving performance numbers to the floor. And this is completely unacceptable in an environment where performance is essential for business-critical applications like voice and video where bandwidth is essential. Until recently, the only other option was to buy a bigger firewall, but multiplying that by dozens or hundreds of branch offices is simply not viable.

The other issue is complexity, both in terms of security implementation as well as essential WAN functionality. Traditional WAN routers incur high operational costs since much of their functionality still needs to be managed and optimized manually. While this may have been acceptable when a static MPLS connection back to the core network was all that was required, today’s organizations require dynamic and constantly shifting access to business-critical applications and services across a variety of cloud and internet platforms. And the savings are significant when transitioning to an SD-WAN solution; the 2019 Gartner Magic Quadrant for WAN Edge Infrastructure states, “Gartner clients report operational savings as high as 90% when comparing the better WAN Edge solutions with traditional router-based deployments (administration time of five minutes/month versus one hour/month).”

2020 is the Year for the Secure SD-WAN Solution

Rather than trying to add security to an existing SD-WAN solution, Fortinet has taken the opposite approach. We have woven advanced SD-WAN connectivity features into our next-gen firewall that already contains a full stack of essential security tools. This allows us to address both of the challenges outlined above. Performance issues are addressed with new, purpose-built processors specifically designed to accelerate both networking and security functions. And because networking functionality has been built right into the core software, security and connectivity are now twin elements of a single solution – simplifying operations and building scalable zero touch deployments.

Inevitability is a powerful principle, often resulting in solutions emerging just at a time when they were most needed. This is true for a wide variety of critical inventions, including the automobile, the airplane, and even the firewall, with multiple people simultaneously inventing each of these things independently of each other. And in 2020, the Secure SD-WAN approach to branch connectivity will move the needle just a bit further in our goal towards global digital transformation.

Fortinet’s Secure SD-WAN solution includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering.

Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.  

This ad will auto-close in 10 seconds