Digital transformation of traditional branch networks offers several advantages for distributed enterprises. Many organisations are switching from performance-inhibited wide area networks (WANs) to software-defined WAN (SD-WAN) architectures that offer faster connectivity, cost savings, and other benefits
By Rajesh Maurya
Traditionally, branch offices have been treated as a satellite to the core network, often receiving slower connections to the data centre and delayed access to information. As organisations undergo digital transformation, however, its advantages need to be extended to the entire workforce, including branch offices. Competing in today’s digital marketplace requires every worker to have real-time access to data, as well as the ability to use and manage business applications and workflows. Branch offices today have increased transactions, workflows, applications, and data requests that need to be just as fast as those being processed at the network core. Even more challenging, the number and types of end users and the increasing volume of voice and video traffic and business applications connected to the branch network have multiplied dramatically, including cloud-based networks (IaaS) and services (SaaS).
Because of these needs, traditional, static MPLS connections simply no longer work for many of today’s next-gen branch offices. As a result, organisations are adopting SD-WAN to make their branch offices faster, more efficient, much more flexible, and cost-effective.
Core SD-WAN benefits
Distributed enterprises with multiple offices are looking for effective adoption of critical SaaS applications and other multi-cloud services for improved operational efficiency and cost savings across their extended workforce. According to one recent report, 60 per cent of companies have already adopted at least some SaaS applications. And adoption rates are going to increase in velocity: the worldwide SaaS market is projected to continue growing at a compound annual growth rate (CAGR) of 21.2 per cent between 2018 and 2023. Because of the limits of MPLS connectivity and traffic backhauling, most traditional WAN infrastructures cannot effectively handle the added network strain that cloud-based services introduce. Problems include low bandwidth, limited visibility and control, poor user experience, and increased latency. SD-WAN’s ability to perform intelligent load sharing of traffic across multiple broadband connections for greater network efficiency, dynamic operation, and cost savings can alleviate these problems. SD-WAN delivers all the productivity benefits of cloud based applications to enterprise branches, but only if its connections are secure.
Securing SD-WAN
Organisations are experiencing a global shortage of trained and experienced cybersecurity professionals. The last thing that they need is to build, deploy, manage, and monitor yet another suite of security tools designed to protect their branch offices. Unfortunately, of the over 60 SD-WAN vendors on the market today, only a handful provide anything beyond the most basic security. Instead, they rely on organisations to figure out how to leverage their existing security solutions into their SD-WAN tools.
Unfortunately, the majority of security devices and solutions deployed on the main campus of an organisation were never designed to support the unique and highly dynamic requirements of today’s branch offices. They can’t see far enough, can’t track data that moves between network domains, and can’t share and correlate threat intelligence to identify and stop today’s advanced attacks. The best they can usually do is encrypt traffic and then apply a security filter at the edge of the network to shut down a connection if it detects malware or unusual behaviour.
Additionally, the project-oriented approach to network expansion that customers often take means that when they add new capabilities, they have also introduced new siloed point security products in order to protect them. This sort of expanding security complexity makes overall security maintenance and management increasingly difficult.
In order to properly secure their networks, customers need SD-WAN solutions that not only provide advanced networking capabilities and performance, but that also include integrated and automated threat tracking, analysis, and mitigation that can move at machine speeds, are designed to operate effectively within that SD-WAN environment, and at the same time can be seamlessly integrated with their core security infrastructure.
Rethinking SD-WAN standards
Fortinet is committed to providing businesses and organizations with the security capabilities needed to combat modern cyberthreats while allowing for efficient digital transformation efforts. Our SD-WAN solutions bring a comprehensive array of next-generation capabilities to your customers, including:
- Broad application awareness for better service levels: Our SD-WANs incorporate an application control database that stays current even as the modern threat landscape, and your customers’ digital networks, evolve. Receiving ongoing updates from our FortiGuard threat intelligence services, partners will be better equipped to help customers identify and classify new applications — including encrypted and cloud app traffic — thereby enabling more efficient routing as well as real-time threat protection
- Automated multi-path intelligence: Having the ability to collect granular WAN path data is critical to ensuring optimal business-critical traffic. With this in mind, our solutions make it easier for partners to define SD-WAN service-level agreements (SLAs), providing them with the optimal link for any given application by leveraging the advanced networking capabilities built into our FortiOS 6.0 operating system
- Zero-touch deployment: Our solutions allow partners to ship unconfigured products to customers across their business or organisation that need them most. When they are finally plugged in, FortiGate automatically connects to our FortiDeploy service, authenticates and connects the device to the FortiManager system within seconds, and receives remote configuration instructions for seamless self-deployment.
Differentiation for partners
Fortinet partners offering our Secure SD-WAN solutions have the ability to provide their customers with validated functionality and integrated end-to-end security that doesn’t compromise on network performance. Typically, competing products do not include true integration capabilities, and for those that do, the solutions they support either can’t provide the security posture needed for today’s threats, or compromise the performance of the network in doing so.
While SD-WANs are proven to improve both network performance and user experience across the network, failure to leverage a solution that offers integrated security leaves your customers’ networks vulnerable to attacks. Fortinet is the only vendor with an NSS “Recommended” designation for both SD-WAN and Next-Generation Firewall (NGFW) solutions, demonstrating that our advanced SD-WAN offerings also provide complete integration with threat protection toolsets such as industrial NGFWs, anti-virus, intrusion prevention (IPS), and high-throughput SSL inspection.
Fortinet’s SD-WAN solutions are the first in the market to provide complete integrated security by replacing disparate WAN routers and security devices with a single integrated solution that can support and secure remote sites and users. For your customers, this unique approach provides exceptional cybersecurity while allowing them to deploy increased bandwidth applications, securely share cloud-based data, and automatically adapt to the evolving threat landscape — capabilities critical to successful digital transformation efforts.
(The author is the Regional Vice President, India & SAARC at Fortinet)