The Digital Transformation of the Enterprise Branch

The use of SaaS applications for critical business functions in enterprise branch offices is placing a strain on most traditional WAN infrastructures.

The Digital Transformation of the Enterprise Branch
(Image: Pixabay)

Highly distributed enterprises are looking to adopt critical SaaS applications (such as Microsoft Office 365) and similar multi-cloud services to improve operational efficiency, encourage collaboration, and realize cost savings across their extended workforce—especially to their branch offices. According to one recent report, 60% of companies have already adopted at least some SaaS applications. And forecasts project that adoption rates are going to increase in velocity, with the worldwide SaaS market expected to continue growing at a compound annual growth rate (CAGR) of over 21 percent through 2023.

To meet these requirements, however, organizations are having to extend their digital transformation efforts to their branch offices. Because of many of the limitations of MPLS connectivity, such as rigid connection placement and traffic backhauling based on a traditional hub and spoke network configuration, most traditional WAN infrastructures cannot effectively handle the added network strain that cloud-based services introduce.

Problems include low bandwidth for performance-hungry applications like VoIP and videoconferencing, limited visibility and control across complex layers of tunnels between branches and distributed resources, and poor user experience.

SD-WAN’s ability to perform intelligent load sharing of traffic across multiple broadband connections for greater network efficiency, dynamic operation, and cost savings has been designed to alleviate these problems directly.

Additional requirements for a secure SD-WAN

However, most default SD-WAN solutions don’t’ meet all of the requirements of today’s digital branch office. They also need to include the following things:

Integrated security: According to a Gartner survey released last November, “72% of the respondents said that security was their topmost concern when it comes to their WAN.” To that point, SD-WAN only delivers the productivity benefits of cloud-based applications to enterprise branches if its connections are secure. That’s why any SD-WAN solution also needs to provide a full range of advanced security features for protecting direct internet access. This includes NGFW, comprehensive intrusion prevention (IPS), web filtering, and antimalware and antivirus. It also needs to encompass threat detection, including high-performance inspection of SSL-encrypted traffic, and sandboxing integration.

Broad application awareness: Applications need to be identified and proper controls put in place as quickly as possible; ideally an SD-WAN solution should be able to intelligently identify applications on the very first packet of data traffic, and natively identify and differentiate between thousands of applications, with a process in place to identify and classify new applications, including those that are encrypted.

Advanced visibility and control: Visibility and control are critical considerations for SaaS adoption across an extended branch workforce. Individual employees can easily install cloud-based applications without the involvement or approval of IT management. Gartner studies, for example, have found that shadow IT now comprises 30 to 40 percent of IT spending in large enterprises. And only 8.1 percent of those applications meet data security and privacy requirements, resulting in malicious threats, security gaps, and compliance and regulatory violations.

Compliance tracking and reporting: Secure SD-WAN-enabled tracking and reporting helps ensure adherence to privacy laws, security standards, and industry regulations while reducing collateral risks of fines and legal costs in the event of a breach. Such features need to be able to track real-time threat activity, facilitate risk assessment, detect potential issues, and mitigate problems. And when SD-WAN and security controls are combined into a single management and orchestration interface, they can also monitor things like firewall policies and help automate compliance audits.

Once WAN edge devices are deployed, IT staff are often required to manage WAN optimization and security functions through two different interfaces, often creating gaps in their ability to see and respond to threats. Resolving this challenges requires an integrated single-pane-of-glass management console so remote administrators can manage physical and logical network topologies, ensure that security and networking policies support common objectives, and enable seamless integration and orchestration of policies and protocols—not just for the extended branch ecosystem, but across entire distributed network, so branch deployments are not treated as a separate and isolated network environment.


To better respond to the demands of today's digital marketplace, organizations are having to rethink their branch strategy. For many, new requirements mean transitioning away from the static MPLS networks of the past to provide fast and efficient interconnectivity between their branch offices and other critical resources. SD-WAN solutions hold the promise of providing the agility and flexibility today’s digital businesses require. However, far too many of them do not adequately address the issue of security, leaving far too many organizations exposed to increased risk—and just at a time when cybercriminals are increasingly targeting branch offices as one of the weakest links in an organization’s security strategy.

Enterprises that implement SD-WAN deployments without an aggressive security strategy put themselves at a higher risk for malicious attacks and data breaches. This is why built-in security combined with advanced WAN and LAN functionality is critical for any SD-WAN solution under consideration. Secure SD-WAN not only enables organizations to reduce complexity—such as easier management, monitoring, and lower TCO—but also ensures that their digital transformation efforts to blend their distributed branches into a single, meshed enterprise network don’t result in exposing themselves to new and unnecessary risks.

Read more about SD-WAN issues in these related Network Computing articles:

SD-WAN's Benefits Extend Beyond Cost Savings

Is SD-WAN the Silver Bullet for the Network in the Digital Era?

4 Trends Driving Accelerated SD-WAN Adoption

About the Author(s)

Nirav Shah, Vice President of Products and Solutions, Fortinet

Nirav Shah is vice president of products and solutions at Fortinet. He has more than 15 years of experience working in the enterprise networking and security industry. Nirav serves as the products and solutions lead for Fortinet’s Security-Driven Networking portfolio with a focus on SD-WAN, network firewall, SASE, segmentation, and NOC products. Prior positions include senior software developer and senior product manager for enterprise networking and security solutions at Cisco.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights