Are Legacy WAN Routers Putting Your Cloud Transformation at Risk?

Cloud transformation requires solutions that simplify cloud on-ramp activities and deliver cloud connectivity that offers performance and protection.

Are Legacy WAN Routers Putting Your Cloud Transformation at Risk?
(Source: Pixabay)

Today’s rapid transition to the cloud is unprecedented in the history of technology. Not only has the move been rapid, but it’s also had a powerful impact on our entire modern society. Digital resources and critical data are available at the touch of a screen. Software-as-a-Service (SaaS) applications enable transactions that were unthinkable just a few years ago, and the cloud enables them to evolve at a rate that can keep pace with user and digital marketplace demands.

As a result, businesses have rushed to abandon their traditional networking hardware and strategies in exchange for the scalability and agility of cloud networks. Rather than upgrading their data centers, they’re building data center platforms in the cloud that are faster, cheaper, and require less maintenance. Likewise, by putting business-critical applications in the cloud, like unified communications and essential office tools, collaboration and productivity tools are now available to everyone, not just those few connected to a corporate backbone.

Traditional WAN Tools are a Barrier to Success

For this transformation to be truly effective, these new cloud resources need to be available equally to everyone. And the last holdout in the latest round of digital transformation is the branch office. While everyone else has immediate and scalable access to cloud-based resources, far too many branch offices are still stuck with a traditional WAN router and MPLS combination that forces all traffic to be backhauled through a central nexus point at the network core.

This hub and spoke model not only chokes off the performance of critical applications and reduces access to SaaS resources, but it also overwhelms data centers with increasing volumes of cloud traffic being forced through the core. As long as an organization relies on this centralized model, it prevents them from taking the final steps in their cloud transformation strategy

In addition to the severe limitations imposed by traditional branch connectivity models, WAN routers also introduce critical roadblocks that prevent branch users from fully embracing all that the cloud has to offer. For example, critical business applications run on layer 7, which means that traffic shaping, connection steering, and connectivity management all need to happen at that layer. But at its heart, a WAN router operates at layers 3 and 4, with any layer 7 functionality operating as an afterthought. This slows down functionality and provides suboptimal connectivity, even if the traffic wasn't being routed back to the core network through a static MPLS connection.

Since a WAN router isn’t natively application-aware, simply connecting to an application is slower, let alone its ability to respond to issues like latency, jitter, or actively replace degrading connections that can impact business-critical applications like voice and video. Router management is a similar issue, often requiring specialized IT members for ongoing configuration, optimization, and management. And compounding the problem further, chronic performance issues, like those detailed in the recent 2019 Gartner Magic Quadrant for WAN Edge Infrastructure, mean that branch offices will suffer further as they struggle to embrace the performance and functionality advantages of 5G.

The Advantages of an SD-WAN Solution

All of this helps explain why WAN routers are being replaced with SD-WAN solutions at a breakneck pace. Cloud on-ramp is a key issue for many organizations, and WAN router infrastructure is seen as a barrier to cloud transformation efforts. SD-WAN enables direct connections to SaaS and other cloud services, along with more flexible and cost-effective options for connections back to the central network. Meshed connectivity between multiple branch offices improves efficiency and productivity.

Similarly, advanced traffic monitoring and connection management help ensure that critical applications receive the bandwidth they require. SD-WAN actively monitors, manages, and replaces connections to ensure that services are never impacted by degrading links, all without impacting even the most latency-sensitive streaming applications. And they can identify an application in as little as a single packet and then steer that connection request to the right destination, accelerating access while improving the user experience.

Addressing the SD-WAN Security Challenge

Of course, not everything is roses. The biggest challenge for many SD-WAN solutions is security. The biggest advantage of a traditional WAN router and MPLS connection is that all traffic is inspected and secured by a full stack of industrial-grade security located at the core network. Replacing that with the VPN and basic firewall included with most SD-WAN solutions is simply inadequate. And as more and more critical data flows between cloud servers and branch endpoints, that lack of a complete security solution will become an even bigger issue.

Some organizations have tried to address this problem by building an overlay security solution on top of their SD-WAN implementation. However, this approach has several serious problems.

  • First, building a separate security overlay for your branch SD-WAN can not only be expensive and complex but also severely impact the very performance that SD-WAN was being adopted to provide. 

  • Second, unless organizations have a strict security architecture protocol in place, new security tools will limit visibility and control due to solution isolation and integration complexities resulting from vendor and solution sprawl.

  • Next, ongoing maintenance of these tools not only in terms of the acquisition of new security tools is a serious concern, especially for organizations already feeling the bite from the current cybersecurity skills gap.

  • And finally, because a security overlay solution is not fully integrated into the SD-WAN functionality, it is simply unable to adapt to network and connectivity changes in real-time. Instead, it is forced to react and catch up to changes, which can result in predictable security gaps and lags that can be exploited by cybercriminals.

The Advantage of Secure SD-WAN

These challenges have given rise to a new class of SD-WAN solution, called Secure SD-WAN. Built into a specially designed next-generation firewall, Secure SD-WAN provides all of the functionality of a traditional SD-WAN solution, combined with the full stack of security such connections require. And even better, security and connectivity functionality are woven together into a single management console so that connection and security changes occur simultaneously, ensuring a seamless, watertight connection in even the most dynamic environments.

Cloud transformation is a critical step in the evolution of today’s digital businesses. Fully embracing this change will require replacing traditional WAN routers with Secure SD-WAN solutions to ensure your organization can simplify its cloud on-ramp activities and enjoy the full range of benefits that cloud connectivity has to offer – without having to choose between performance and protection.

About the Author(s)

Nirav Shah, Vice President of Products and Solutions, Fortinet

Nirav Shah is vice president of products and solutions at Fortinet. He has more than 15 years of experience working in the enterprise networking and security industry. Nirav serves as the products and solutions lead for Fortinet’s Security-Driven Networking portfolio with a focus on SD-WAN, network firewall, SASE, segmentation, and NOC products. Prior positions include senior software developer and senior product manager for enterprise networking and security solutions at Cisco.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights