Getting the Most from Your Secure SD-WAN Deployment Requires Flexibility

Organizations need a truly flexible SD-WAN solution to meet current and evolving business needs and digital transformations demands.

Getting the Most from Your Secure SD-WAN Deployment Requires Flexibility
(Image: Pixabay)

The intention behind the development of SD-WAN was to create a less-expensive, more flexible way to connect any network edge, from branch offices to multi-cloud environments, to network and cloud resources. Thousands of organizations have now benefited from deploying a more robust and adaptable WAN strategy, exchanging expensive, static MPLS connections and edge routers with a system that can manage and maximize connections and application performance, improve user experience, simplify operations, and provide better ROI.

But often, the full potential of SD-WAN isn’t being fully realized. While SD-WAN provides a great deal of opportunity for organizations looking to take full advantage of their digital transformation efforts, not all solutions are created equal. And neither are the organizations deploying them. Vertical markets such as manufacturing, healthcare, financial, and retail all bring unique requirements to the SD-WAN equation. They make it clear that today’s organizations need a truly flexible SD-WAN solution, and determining whether a solution actually meets—and can continue to meet—evolving requirements demands examining some key criteria. 

Innovation to Support Scalability and Multi-Cloud

Environments vary in size, and, especially today, in an era of increased remote work, not every location is the same. This means you need a solution that can address key variables—namely, scalability and multicloud.

An SD-WAN solution needs to meet the demands of branch offices of all sizes and support thousands of distributed locations. But new factors, such as a hugely expanded remote workforce, mean that many super users could also benefit from the performance and functionality that traditional VPN connections can't provide. This reality—which is unlikely to change—makes it a good idea to look for an SD-WAN solution that comes in a variety of footprints, such as desktop form-factors that still include rich functionality such as wireless connectivity, LTE/5G failover, and a full suite of security solutions built-in. Details like this ensure that you can support everything from the largest branch offices to thousands of remote users’ desktops. And don’t overlook the need for ruggedized devices with LTE/5G to extend SD-WAN functionality to OT and Manufacturing environments.

These considerations are essential. While SD-WAN was originally created to support branch offices, they are now being deployed in many other places as well. For example, a virtual SD-WAN solution can provide reliable and secure connectivity between public clouds, between public and private clouds, and between any cloud and the data center. Taking full advantage of the power of SD-WAN requires looking for SD-WAN solutions that can run natively in any private or public cloud environment so they can be deployed anywhere flexible and reliable high-performance connectivity could be needed. And, just as importantly, all of these SD-WAN deployments need to be configured and orchestrated using a central management system that integrates all networking, connectivity, and security functionality into a single console.

Looking at the Security Posture  

Because most SD-WAN solutions don’t have integrated security, IT teams have to create an overlay security solution to compensate for losing the traditional security stack provided at the head end by eliminating the MPLS connection. And because it is not integrated with the SD-WAN's networking and connectivity functions, it simply cannot adapt to the rapid changes that many dynamic connections require. Security not only becomes a performance bottleneck but a barrier to flexibility, too.

Additionally, most branch offices have a LAN that needs to be protected, and the loss of its permanent connection to the head end means that they now have to rely on a local security platform of some kind. That means IT headaches for rollout, configuration, monitoring, and management. Organizations should look for an SD-WAN solution that includes integrated connectivity and application security and security functionality that can be easily extended into the branch LAN.

SD-Branch functions as an extension of Secure SD-WAN. In addition to providing secure and reliable connectivity, an SD-Branch solution—leveraging the same SD-WAN appliance—can also ensure secure access to branch networked resources with Network Access Control, provide secure wired and wireless controllers, monitor and protect all branch LAN traffic, and even extend security to endpoints, whether IoT or end-user devices.

Evaluate Ease of Use

Employees are busy, and IT teams are often understaffed and overworked. They don't need more complexity and more complications involving lots of manual tasks that must be done to keep their SD-WAN solution working. And the first step to providing advanced solutions without overwhelming IT staff is to ensure that any SD-WAN solution under consideration includes a centralized orchestrator to simplify management overhead and zero-touch provisioning (ZTP) to enable network edges—whether in the home, the branch office, or the cloud—in minutes instead of weeks or months.

Having a self-healing capability is another key consideration. If an SD-WAN solution must be reconfigured or requires manual intervention each time there’s an internet connectivity issue, many of the other SD-WAN benefits become negligible. Likewise, there should never be a lag in protection while security scrambles to reconfigure itself whenever a connection changes. Rather, enterprises need to insist on an SD-WAN solution that automatically bridges gaps in internet reliability to maintain exceptional application performance. 

Self-healing functionality should do things like switch to an alternative transport model when an outage or disruption affects connectivity or dynamically adjust security policies and configurations with each connectivity change—even when switching to another transport model.

Solutions should be seamless and largely hands-off. Deployment needs to be quick, and interconnections between SD-WAN systems need to be easily configured and managed. SLAs and other policies need to be universally applied, and a unified security policy needs to dynamically and automatically adapt to changes in traffic, connections, applications, and workflows.

An Effective Solution

For SD-WAN deployment to be effective, it must meet five goals. One: provide seamless, reliable access to any resource, from any device, in any location, regardless of the vertical environment where it is being employed. Two: ensure consistent user experience through continuously optimized connections and applications. Three: protect all applications, workflows, and transactions using enterprise-class security solutions designed to provide encryption and inspection at business speeds. Four: everything needs to be able to adapt to network changes, digital innovation requirements, and evolving cyber threats as a unified system. And Five: provide a complete SD-Branch solution so LAN and WAN functionality can be converged, enabling management and ZTP through a single console.

This is a tall order that necessitates the kind of flexibility not often seen in many SD-WAN solutions. Do your due diligence to find a solution that will allow your enterprise to expand and change in step with your business and network requirements.

Nirav Shah is senior director of products and solutions at Fortinet.

About the Author(s)

Nirav Shah, Vice President of Products and Solutions, Fortinet

Nirav Shah is vice president of products and solutions at Fortinet. He has more than 15 years of experience working in the enterprise networking and security industry. Nirav serves as the products and solutions lead for Fortinet’s Security-Driven Networking portfolio with a focus on SD-WAN, network firewall, SASE, segmentation, and NOC products. Prior positions include senior software developer and senior product manager for enterprise networking and security solutions at Cisco.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights