Given today’s expanding networks, largely being driven by cloud transformation and similar digital transformation efforts, keeping everything connected in a single, easily manageable environment is a critical challenge. Extending things like cloud services to your mobile workers and branch offices will inevitably impact your network’s performance – especially if you are still trying to route traffic through your central network using things like WAN routers and MPLS connections in a hub and spoke design. Routing cloud-based applications through a WAN link to the central network can severely impact productivity and user experience while creating continually increasing bandwidth loads.
Increasingly, the solution to many of these challenges is to replace legacy WAN hardware with a software-defined wide-area network (SD-WAN) architecture. The global SD-WAN market is now set to reach $4.5 billion by 2022 due to its ability to ramp up connection speeds and reduce costs, while enabling Software-as-a-Service (SaaS) applications and business-critical services such as unified communications to perform at top levels. And with the right SD-WAN solution in place, organizations can easily scale these advantages across their entire remote infrastructure.
However, while SD-WAN addresses performance challenges and connectivity issues, especially for applications running across a public network, most SD-WAN solutions fail to address one of the most critical implications for distributed networks, and that’s security. The basic security tools provided by most SD-WAN solutions are simply inadequate, forcing organizations to build a new security overlay architecture on top of it. The result tends to be an expensive solution that not only adds significant management overhead to already burdened IT teams, but also a reduction in the very performance of the SD-WAN solution that it was implemented to address.
The Benefits of Secure SD-WAN and Security-Driven Networking
The introduction of Secure SD-WAN changes that. By integrating SD-WAN connectivity and traffic shaping capabilities to a fully functional next-generation firewall (NGFW), organizations can realize the full potential of an SD-WAN solution without compromising on security or burying IT teams in additional management overhead. IT teams can deploy a zero-touch solution to a remote location and then manage their entire Secure SD-WAN deployment from a centralized dashboard that unifies the management and orchestration of WAN and LAN functions, as well as advanced security controls, into a single integrated solution. This not only reduces overhead and enables SD-WAN performance without sacrificing security, but introduces a new powerful strategy known as security-driven networking.
This strategic approach ensures that networking and security functionality are tightly woven together into a single solution. Traditionally, security is forced to react to network changes. This wasn’t an issue for largely static deployments, such as using MPLS to connect a WAN router to the core network. But today’s branch connections are dynamic and in a state of constant flux. Connections over a public network are prone to degrade, and SD-WAN constantly monitors and adjusts connections rapidly to ensure that latency-sensitive applications can perform uninterrupted even as the underlying connections are continually being swapped out.
This may be fine for streaming data, but it introduces a serious risk for an overlay security deployment. When security is forced to constantly catch up to network changes, lags and gaps in protections are introduced. And determined cybercriminals are not only able to predict those gaps, but also force them to occur so they can exploit them. A security-driven networking approach, however, couples security and networking into a single system, so that gaps and lag times are completely eliminated.
Another security issue is providing that same security to the local LAN in the branch office. Inadequate protections there can cause a branch office to be the weakest link in a security architecture. SD-WAN addresses this challenge with its ability to extend the security of its NGFW deep into the local LAN. By adding security to local switching and wireless access points, and adding tools like access controls and NAC, an edge-based SD-WAN device can be easily upgraded to function as an SD-Branch solution.
Curious to see it in action? Here are several real-life success stories of Secure SD-WAN and SD-Branch deployments in three different industries: healthcare, banking, and residential and commercial services.
Restoring Control and Visibility at A Major Bank
A pioneering bank in the Middle East with over 100 branches and 150 ATMs sought to enable secure internet access and ensure a high degree of application performance across branches and cloud environments. After moving the majority of their workloads to the cloud to enable digital transformation, they realized that neither of the needs that spurred that move were being met.
Across their branch locations, the move to the cloud had left gaps in their security posture. Additionally, the growing number of applications at the WAN edge resulted in a reduction in the level of performance and amplified bandwidth constraints.
To meet both their connectivity and security concerns, the bank turned to the Secure SD-WAN solution from Fortinet. The SD-WAN functionality restored visibility and control over their application portfolio using single-pane-of-glass management, and its integrated NGFW and segmentation capabilities ensured that those connections were always secured, even when connections are replaced during active connections. These features enabled the organization to meet their branch and multi-cloud goals today and moving forward. The deployment now spans:
- 1 disaster recovery site
- 100 branches
- 2 datacenters
- 100+ ATMs
Securing Branch Networks for a Residential and Commercial Services Provider
A major provider of residential and commercial services in North America needed to securely interconnect their facilities. This distributed organization had an outdated WAN solution, which lacked the visibility and control required to enable a modern, data-informed decision-making process. Their problems included high circuit costs and a tangled mess of overlay security products that left gaps and vulnerabilities. As a result, managing security was anything but centralized and efficient.
Their goal was to implement a new Secure SD-Branch solution to enhance data correlation and spin some connecting tissue over their various security elements for better visibility and control.
By expanding Secure SD-WAN to the branch, and integrating it to a holistic security fabric strategy across their entire distributed network, the organization was able to address each of their articulated needs for a secure WAN edge solution across facilities. Security and networking are not only woven into the solution, but fully integrated for superior and secure coordination, correlation, management, and configuration. This allowed them to easily leverage their switching, wireless access, and network access control functions to extend SD-WAN functionality into the branch, while remotely managing both the WAN and LAN using the same dashboard.
Connecting Healthcare Clinics Across Cloud Networks
Like many organizations, healthcare professionals need access to data and resources as well as send time-sensitive information over the cloud – except in their case, this process may save lives. A health services agency in the Middle East that oversees nearly 150 branch offices connected to a private cloud by MPLS worked with Fortinet to ensure their providers had access to the technical support they need to best care for their patients.
As the government agency that ran the clinics expanded, their 50Mbps of connectivity was not enough, especially as they adopted new technologies over their CitrixXenApp installation. Unfortunately, upgrading their saturated links to 1Gbps was simply too expensive – especially when considering that each branch needed direct internet access, which would also require their own NGFW to ensure a secure connection. But at the same time, their increasing reliance upon SaaS meant high-speed connectivity was non-negotiable. The medical staff also uses Office365 regularly, and needed their experience with that application to be exceptionally fast.
At the same time, IT was concerned about security. The solution was to base their solution around a new FortiGate 100F SD-WAN chassis which combines cutting-edge features with unique, purpose-built processors to accelerate networking and security functions without increasing costs. End users and the IT department were very happy with the results. IT loved the integrated security solution because the integrated NGFW capabilities alleviated their concerns about product sprawl and direct-internet-access security requirements. And end users loved the Secure SD-WAN’s ASIC-enhanced connections to over 3,000 applications. They are now enjoying increased productivity and a vastly improved user experience with all their apps.
Final Thoughts
The challenge is clear. Cloud transformation depends on advanced connectivity and flexibility for remote users, without sacrificing security in the process. Traditional SD-WAN solutions only address half of the problem. By implementing the security-driven networking functionality of a Secure SD-WAN solution, it doesn’t have to.
Secure SD-WAN provides faster connectivity and enhanced application performance, combined with a full portfolio of advanced security. This makes it an ideal solution for organizations looking to provide flexible connectivity to their branch offices as well as extend critical security and access control benefits to their branch locations.
Take a security-driven approach to networking to improve user experience and simplify operations at the WAN Edge – and find out how Fortinet’s Secure SD-WAN solution allows you to do just that.
Read these customer case studies to see how Warrior Invictus Holding Co., Inc. and the District School Board of Niagara implemented Fortinet’s Secure SD-WAN to alleviate network complexity, increase bandwidth, and reduce security costs.