The new reality of secure SD-WAN
- 17 October, 2018 09:00
There was a time when IT departments focused on disaster recovery and business continuity whenever planning a key corporate function. But that time is becoming a distant dot in the enterprise rear-view mirror. Instead, the focus is moving towards resilience. And whereas the past was about buying two of everything "just in case", a new business model has emerged. The old "five nines" maxim, the idea that your availability is 99.999%, has been replaced by "always available". This means ensuring your network is always up.
This is the world where a secure software-defined wide area network, or SD-WAN, isn't just nice to have, it’s an essential element of your corporate infrastructure.
SD-WAN offers businesses two different, but closely related, key benefits: optimisation and continuity.
Many businesses deploy multiprotocol label switching (MPLS) networks that are expensive to operate. While these networks typically offer high levels of reliability, they’re not infallible. Older systems allowed multiple connections to be used but the failover from one to the other was complex and often relied on manual processes. In an SD-WAN-enabled environment, multiple networks can be connected and software automatically manages the transition between different connection types. So, if one connection fails or suffers from poor performance, traffic is automatically diverted to the more robust or better-performing link.
In addition to cloud-based infrastructure such as Software-as-a-Service and Platform-as-a-Service applications, many businesses rely on direct VPN connections to satellite offices, service providers and clients. An SD-WAN solution allows those connections to stay operational and continue without interruption even when traffic is rerouted from one link to another.
And rather than putting all your connectivity eggs in one basket, it's possible to provision two or more lower cost links that are managed through software. For businesses that need redundancy but don't have the funds to provision multiple high-speed connections, they can take advantage of low-cost commodity connections to only incur costs when the links are utilised.
The use of multiple connections also allows network traffic to be optimised dynamically. That optimisation doesn't purely have to be based on network speed. It may be the case that different network connections are charged depending on factors, such as time of use or volume limits, as well as performance. When configured appropriately, SD-WAN can direct traffic so that it is sent through the fastest or lowest cost link.
That optimisation doesn't purely have to be based on the relatively blunt tool of network availability. Not every business application is equal. While email may be an essential service, access to the corporate customer relationship management (CRM) may be inaccessible or sometimes operate at a slower performance level. Today's SD-WAN solutions are application-aware so they can be tuned to suit a business's specific operational requirements.
As businesses move from single connections to multiple optimised and redundant connections, there may be a perception that securing those becomes more complex. But a secure SD-WAN is achievable. A recent report by Gartner noted "90% of SD-WAN vendors are not traditional security vendors, and thus there are serious gaps with many of their solutions". In contrast, Fortinet's FortiGate solution brings SD-WAN into a security appliance rather than trying to bolt security on as an afterthought. That means the network connection has intrusion protection, DDoS and antivirus protection right out of the box.
As the next-generation firewall is already application-aware, it is able to identify and route traffic securely over the right link. Gartner said the future of SD-WAN lies in taking a balanced approach to security and WAN capabilities – which is what the FortiGate solution brings. In addition, FortiGate SD-WAN is a single appliance that takes the place of separate WAN routers, WAN optimization and security devices. This allows performance to be optimised and reduces administrative complexity so your operations teams can focus on ensuring operations are at their best, rather than integrating multiple solutions from multiple vendors.
There was an old project management maxim that said you could only ever have two out of the three of fast, good and inexpensive. But today's business world demands all three with near-zero downtime. That means finding a network solution that offers optimised performance and maximum redundancy. In order to achieve that, businesses can connect multiple commodity network connections rather than single, expensive MPLS networks, that aggregate bandwidth and are application-aware so core business systems keep running even when connectivity is constrained.
For further information on Fortinet SD-WAN solutions, please contact one of our team members here.