Building an Adaptive and Secure SD-WAN Framework to Support Digital Transformation

shutterstock 773213641

Organizations are facing new business and technological pressures, such as the rise in the number and variety of smart devices, and the growth of an increasingly mobile workforce. Demands for greater performance across a distributed network, better access to critical data, and the need to comply with new standards and regulations are forcing organizations to adopt new networking strategies and solutions.

To adapt to these new requirements, customers are building next-gen offices that utilize cloud-based applications, global collaboration through video and audio teleconferencing, and highly scalable bandwidth. At the same time, they need to protect the enterprise from new attacks targeting this expanding attack surface.

Many IT leaders are now wrestling with how to tie all of their new resources into a single cohesive network. And increasingly, software-defined wide area networking (SD-WAN) is the approach many organizations are looking at to support their digital transformation. That’s because SD-WAN solutions effectively and economically support WAN services, giving IT teams the ability to empower employees and optimize business processes, while end users can better engage customers and drive innovation.

As the potential attack surface grows, opportunities for breach, data loss, and compromised information come with every new device, application, and connection. Which is why SD-WAN experts and industry analysts have emphasized that an optimal enterprise SD-WAN solution needs to not only support WAN performance requirements, but also address security priorities. However, a critical SD-WAN challenge has been the ability to establish an effective and consistent security strategy that can dynamically span and adapt. Increased performance demands and distributed network resources can undermine the effectiveness of traditional cybersecurity tools, which struggle to keep up with new speed and bandwidth requirements.

Another problem is security complexity. Because of their project-oriented approach to network transformation, many organizations have inadvertently created a patchwork of isolated “point” products. This has led to a security architecture that’s not only hard to manage, but that also actually lacks integrated, end-to-end protection.

While most SD-WAN solutions provide effective network management tools, few provide an integrated security strategy. Instead, they rely on external legacy security systems that far limit visibility, restrict performance, and cannot adequately adapt to a constantly changing WAN architecture. So if SD-WAN effectiveness and data security and are both high priorities, it is essential that you take a security-first approach to selecting an SD-WAN solution that merges integrated and automated security tools with best-of-breed SD-WAN functionality.

What To Look For

Here is a short list of criteria to consider when evaluating SD-WAN solutions:

Breadth and Depth of Application Awareness

One of the main SD-WAN advantages is its ability improve the network user experience by dynamically selecting the most efficient WAN connections for routing applications. SD-WAN can map WAN resources directly to business function rather than focusing on traditional packet routing, making the network more efficient and responsive. However, this also means that organizations need to understand their application landscape, including how many applications are supported, the prioritization of applications based on business criticality, and the ability to look deep into individual applications to set separate policies for sub-applications. This level of granular insight helps enterprises better allocate resources, thereby increasing productivity and reducing business costs.

WAN Efficiency

SD-WAN solutions also require continual optimization. Unless you have IT resources to spare, you need simple configurations that allow you to set WAN policies based on application criticality, performance requirements, and security policies that can automatically adapt as network configurations and resources change.

Automated multipath intelligence, for example, tracks granular WAN path information such as latency, jitter, and packet loss in order to select the most efficient route for SaaS, Voice over IP (VoIP), and other business-critical traffic. Then, if the primary WAN path degrades below policy-based thresholds, the SD-WAN should automatically switch to the next best available link without impacting application performance. However, defining SLAs can be cumbersome, which means you also need a solution that simplifies SLA configuration.

Likewise, any efficient SD-WAN solution needs to be transport agnostic. This not only includes support for a variety of connectivity protocols (Ethernet, 3G/4G, VPN, etc.), but also allows you to use any two of these connections in an active-active mode while simultaneously load balancing traffic across both circuits.

Integrated Security

Relying on traditional network security solutions to protect elastic and adaptive network environments is problematic. Unfortunately, most SD-WAN solutions do not include integrated security solutions. And of those that do, the security solution is often woefully inadequate.

SD-WAN requires complete threat protection toolsets, such as industrial grade NGFW firewall, anti-virus, intrusion prevention (IPS), and application control solutions specifically designed for the dynamic nature of an SD-WAN environment. It also needs to include high-throughput SSL inspection, web filtering, high-performance on-demand VPN connections to protect traffic and data confidentiality, and advanced threat protection (ATP) to combat zero day threats. Finally, security effectiveness should be confirmed and certified using third-party validations to ensure you are getting the level of security your network requires.

Centralized Provisioning, Management, and Monitoring 

One of the distinct advantages of SD-WAN is remote deployment and management. But maintaining visibility and control across a distributed network can be challenging when WAN optimization and security functions are managed separately.

Since security and SD-WAN both monitor broad and complex applications, it is critical that they exist on the same pane of glass management to provide high-level monitoring and the ability to drill down into specific details. Centralized management, configuration, and monitoring tools for both WAN and security solutions built directly into your SD-WAN environment increase management efficiency and effectiveness while significantly reducing the cost of deployment and management.

You also need to consider things like zero-touch deployment for setting up and monitoring physical and logical network topologies, link utilization, and network and application behavior. And you should also be able to easily update and disseminate corporate WAN and security policies to all locations, as well as isolate and reconfigure individual devices for either performance or security issues.

Key Takeaways

SD-WAN solutions improve performance and user experience across a distributed network while keeping costs in check. But without a fully integrated security solution, your network is also exposed to unnecessary risk. A security-enabled SD-WAN solution allows you to confidently support more remote sites and users, deploy more bandwidth-sensitive applications, securely connect to and share data across new cloud services, and automatically adapt your security policies and protocols to meet your evolving network resource requirements.

It's clear that SD-WAN is an efficient way to support digital transformation initiatives. However, not any SD-WAN will do. Solutions vary greatly, and many lack critical features, such as security. Read more to learn about Fortinet’s critical capabilities for SD-WAN.

Copyright © 2018 IDG Communications, Inc.