The Inevitable Integration of SD-WAN and Security in 2020

12:11 | 10/03/2020 Information Technology

Organizations have realized that a major roadblock to achieving true digital transformation was the static MPLS connections and legacy WAN routers that connected branch offices to business-critical applications, data, and services.  

What’s inevitable is that everyone in an organization, regardless of their location, will have access to the tools they need to be successful. However, issues like performance and security are becoming roadblocks to achieving a future of ubiquitous access.

Fortunately, (or as some would say, inevitably) SD-WAN arrived just in time to address that challenge. The Gartner report “Forecast Analysis: Enterprise Networking Connectivity Growth Trends, Worldwide,” states “by year-end 2023, 60% of enterprises will have implemented SD-WAN, up from less than 20% in 2019, to increase network agility and enhance support for cloud applications.”

Most of that growth to-date has been by early adopters who have been willing to do the hard work of planning, designing, implementing, and optimizing their SD-WAN solution on their own. And they have discovered the next challenge on this inevitability curve: nearly all SD-WAN solutions available only solve half of the problem. It turns out, the real goal is secure connectivity, and if our ability to effectively secure SD-WAN connections isn’t addressed, the inevitability curve for complete digital transformation will be disrupted by the high cost and low performance of most SD-WAN solutions available today.

But that challenge is also solvable, and I predict that in 2020 organizations will see and gravitate toward that more complete solution just as vendors start bringing this next generation of Secure SD-WAN solutions to market.

The challenge, in a nutshell, is that all classic branch connections flowed through the core network, where data and applications and workflows were protected by the powerful enterprise-class security solutions in place there. Moving those connections to the public network through SD-WAN, so users have direct and faster access to business-critical applications and resources took that all away. And the first generation of SD-WAN solutions failed to compensate for that loss of security by either not providing any security at all, or by only providing very basic tools like VPN and stripped-down firewall, which were woefully inadequate for the job.

Organizations were forced to try and address this challenge by building their own security overlay solution. But that has been quickly identified as a development dead end. Adding security tools to an SD-WAN solution multiplies the costs, both in terms of capital investment in security devices, as well as in ongoing operational costs associated with managing a complex set of isolated solutions. And even when organizations are willing to accept those additional challenges, the security being deployed simply doesn’t solve the problems.

The first issue is performance. The 2019 Internet Trends report estimates that 87% of all web traffic is now encrypted, and that number is likely to climb as more data flows across public networks. And as anyone involved in security knows, inspecting encrypted data is like kryptonite to most next-gen firewalls, driving performance numbers to the floor. And this is completely unacceptable in an environment where performance is essential for business-critical applications like voice and video where bandwidth is essential. Until recently, the only other option was to buy a bigger firewall, but multiplying that by dozens or hundreds of branch offices is simply not viable.

The other issue is complexity, both in terms of security implementation as well as essential WAN functionality. Traditional WAN routers incur high operational costs since much of their functionality still needs to be managed and optimized manually. While this may have been acceptable when a static MPLS connection back to the core network was all that was required, today’s organizations require dynamic and constantly shifting access to business-critical applications and services across a variety of cloud and internet platforms. And the savings are significant when transitioning to an SD-WAN solution; the 2019 Gartner Magic Quadrant for WAN Edge Infrastructure states, “Gartner clients report operational savings as high as 90% when comparing the better WAN Edge solutions with traditional router-based deployments (administration time of five minutes/month versus one hour/month).”

Rather than trying to add security to an existing SD-WAN solution, Fortinet has taken the opposite approach. We have woven advanced SD-WAN connectivity features into our next-gen firewall that already contains a full stack of essential security tools. This allows us to address both of the challenges outlined above. Performance issues are addressed with new, purpose-built processors specifically designed to accelerate both networking and security functions. And because networking functionality has been built right into the core software, security and connectivity are now twin elements of a single solution – simplifying operations and building scalable zero touch deployments.

In 2020, the Secure SD-WAN approach to branch connectivity will move the needle just a bit further in our goal towards global digital transformation.

Fortinet’s Secure SD-WAN solution includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering.

John Maddison | - Fortinet