Many organisations are switching from performance-inhibited wide area networks (WANs) to software-defined WAN (SD-WAN) architectures that offer faster connectivity, cost savings, and a host of other benefits. Rajesh Maurya, regional vice president, India and SAARC, Fortinet, shares his expertise on the challenges and potential of SD-WAN…

What are the market drivers for SD-WAN?

Traditional WANs utilise private MPLS links, which carry a premium price for connectivity. But more important than cost, it is the productivity that needs to be considered as traditional WAN funnels branch network traffic back into the organisation’s main data centre for filtering and security checks, significantly slowing down network performance. Digital transformation has compounded branch traffic burdens as companies are expanding their use of software as a service applications as well other cloud-based tools like Voice over Internet Protocol and videoconferencing technologies. SD-WAN can help solve the problems of bandwidth costs and traffic latency, allowing organisations to move beyond MPLS to include public broadband connections. SD-WAN routes network traffic from branches to the cloud, headquarters, or other branches by enabling direct access to cloud applications and services. This makes SD-WAN a very popular choice for transforming enterprises.

What are the issues in moving to SD-WAN?

SD-WAN offers inherently faster and cheaper connectivity over traditional WANs, but despite its transformative capabilities for branch networks, several challenges must be addressed to fully articulate and actualise SD-WAN’s potential.

  • Lack of visibility: SD-WAN solutions typically lack application visibility at the branch level. This can lead to shadow IT problems, including SaaS applications with unauthorised applications introducing security or compliance risks, and branch users wasting bandwidth on nonessential applications.
  • Complexity: SD-WAN architectures can be difficult to troubleshoot and hard to manage across all the branches. Most solutions do not offer a single management interface for consolidated network control across all of the enterprise’s remote locations. This adds to the burden on limited IT staff and often creates defensive gaps for threats to exploit.
  • Security: Without the centralised protection provided by backhauling traffic through the data centre, moving from MPLS to direct broadband connections exposes organisations to new risks. Effective SD-WAN implementation requires additional security within the enterprise infrastructure to secure those connections and inspect high volumes of traffic, without inhibiting network performance.

Fortinet’s approach to effective SD-WAN implementation combines both networking and security functions in a unified solution.

What are the SD-WAN benefits for companies?

Using separate WAN and LAN infrastructures not only increases branch complexity as there are more devices to deploy and update with multiple management consoles, but it also reduces visibility and control of operations while increasing security gaps that hackers can exploit. A software-defined branch eliminates these challenges by unifying WAN and LAN operations within a single solution. We are seeing distributed enterprises with multiple offices looking for effective adoption of critical SaaS applications and other multi-cloud services for improved operational efficiency and cost savings across their extended workforce. Due to the many limitations of MPLS connectivity and traffic backhauling, most traditional WAN infrastructures cannot effectively handle the added network strain that cloud-based services introduce. SD-WAN’s intelligent load sharing ability across multiple broadband connections for greater network efficiency, dynamic operation and cost savings can alleviate these problems.

Is securing SD-WAN underestimated?

The project-oriented approach to network expansion that customers often take means that when they add new capabilities such as SD-WAN, they also introduce new siloed point security products to protect them. This sort of expanding security complexity makes overall security maintenance and management increasingly difficult. The problem gets compounded because the majority of security devices and solutions deployed by organisations were never designed to support the unique and highly dynamic requirements of today’s branch offices. The visibility is limited, and these solutions can’t track the data that moves between network domains, and can’t share and correlate threat intelligence to identify and stop advanced attacks. Customers need SD-WAN solutions that not only provide advanced networking capabilities and performance, but also include integrated and automated threat tracking, analysis and mitigation that can move at machine speeds, are designed to operate effectively within the SD-WAN environment, and can be seamlessly integrated with their core security infrastructure. Fortinet is committed to providing businesses and organisations the security capabilities needed to combat modern cyberthreats while enabling efficient digital transformation.