Connect with us

Hi, what are you looking for?


Network Security

SD-WAN Must Be Secure, Flexible, and Scale Across the Entire Enterprise

Secure SD-WAN is Far More Than Just a Branch Solution

Secure SD-WAN is Far More Than Just a Branch Solution

In today’s world of digital transformation, things can change rapidly as we have seen in recent weeks. To meet the demands of a dynamic business environment, many organizations are finding that SD-WAN is ideal for providing fast, scalable, and flexible connectivity between different network environments. 

However, connectivity alone, isn’t enough. For organizations that have managed to scale out SSL or IPSec VPN connections from remote workers to the core network, keeping business-critical applications running the way they need to be is an ongoing challenge. All of those connections between remote workers and the core network also need to be balanced and managed. And critical applications – whether on the local network or in the cloud – need to be prioritized, which is a exactly what SD-WAN was designed to address.

Unfortunately, the wrong SD-WAN solution can inhibit an organization’s ability to quickly adapt to changing business demands and open up new security headaches. Many SD-WAN solutions only support limited use cases and were exclusively designed for specific environments and limited numbers of users. For SD-WAN to be truly effective, however, organizations need to select an SD-WAN solution that is highly flexible, quickly scaling from home users and branch offices to high-performance data centers and distributed cloud environments. And for good measure, security needs to be able to scale right along with it.

SD-WAN is More Than Just a Branch Solution

With the proper SD-WAN solution in place, organizations can quickly support digital transformation objectives while ensuring business continuity across an expanding remote workforce with minimum IT staff and infrastructure resources. Centralized management and zero-touch deployments allow faster configuration rollouts at scale, often within minutes, to enable the best possible performance of collaboration applications such as voice/video conferencing and SaaS applications, even when being delivered to the most remote users.

But one of the most common misperceptions about SD-WAN is that it’s just for the branch. However, when deployed properly, it can be an essential technology for the entire end-to-end enterprise, supporting work-from-home, campus-to-cloud, and data center-to-cloud use cases. And it can even be used to effectively connect clouds to provide the best possible user experience while protecting critical applications and assets in a digital environment that is continuously in flux.

Advertisement. Scroll to continue reading.

And, of course, security plays a critical role in any SD-WAN deployment strategy. An overlay security solution will never be able to adapt to dynamic connectivity environments, especially ones that span multiple environments. What’s needed is a full stack of security embedded into each SD-WAN device, enabling the home user and the branch office and the data center to share a common set of security policies and enforcement strategies. This not only allows security to adapt to dynamic changes but provide consistent protections across the entire distributed environment.

To support these use cases, an effective SD-WAN solution needs to come in a wide range of form factors, ranging from solutions that cater to large data centers, down to appliances designed for branch offices, remote sites, and even small home offices. And it needs to include virtual versions for cloud deployments to create and support a consistent connectivity solution that can span your entire distributed network.

SD-WAN Use Cases

• Home Office: There is a critical advantage to extending SD-WAN functionality to individual teleworkers–especially to “super users” such as executives, tech support, and sales teams. It provides on-demand remote access as well as dynamically scalable performance regardless of local network availability. An SD-WAN desktop appliance with built-in LTE ensures consistent connectivity for those remote workers who require their applications to work without fail. It enables business-critical activities, such as delivering customer video demonstrations, even when other devices connected to the home network are consuming bandwidth. 

Because others in the organization rely on these individuals to do their jobs quickly and efficiently, SD-WAN functionality that combines routing, security, and wireless access in a single, integrated platform with a minimal footprint can make all the difference.

• Branch: SD-WAN is perhaps the most well-known for supporting complex branch deployments with advanced routing and cloud on-ramp capabilities. SD-WAN helps organizations reduce their reliance on point products such as legacy routers that were never designed to manage things like traffic congestion across public networks to improve the business application experience of branch users. However, it also needs to include a full stack of tightly integrated security to ensure that direct connections to cloud and internet applications and services receive the same protections that used to be provided when backhauling all traffic through the core network.

• Data Center: Everyone understands that traditional SD-WAN enables access to critical data center applications and resources. But in environments where data centers need to share information with the cloud, or where applications or workflows need to span multiple data centers, ultra-high performance SD-WAN solutions can ensure reliable and secure connectivity.

• Distributed Cloud: For organizations with applications deployed in multiple clouds, SD-WAN can enable the interconnecting of cloud environments for better user experience. Combining IPSec VPN with native application steering and fully programmable APIs, organizations can build an effective cloud integration framework to help users quickly access critical applications and resources across multiple cloud environments. 

The Need for an Integrated SD-WAN Orchestrator

Of course, as SD-WAN deployments expand, performance and scalability need to be enhanced with advanced management and orchestration tools designed to manage connections, cloud on-ramp, application access, and security all from a single integrated console. 

An integrated SD-WAN Orchestrator enables organizations to overcome the challenges of manually managing SD-WAN devices by significantly simplifying centralized deployment. Automation based on intuitive workflows not only help organizations save time, but also enable business-centric policies by ensuring that the right resources are available when they are needed.

Another critical element of any SD-WAN solution, especially in large scale deployments, is ensuring consistent visibility across all network and application performance (real-time and historical statistics.) This is why an SD-WAN Orchestrator also needs to include enhanced analytics and compliance tools. These are essential in helping organizations fine-tune their business and security policies to ensure and improve quality of experience for all users. 

Another challenge that an SD-WAN Orchestrator can manage is the implementation and maintenance of flexible deployment options for diverse branch office infrastructure at-scale. Not all traffic, devices, or users are the same, and organizations often need to create SD-WAN segments to support individual policies and rules for different networks, offices, applications, or users. A central orchestration tool can ensure that these unique segments, including their specific restrictions, are communicated across the entire network to ensure these policies are enforced end-to-end.

SD-WAN Plays a Critical Role in Today’s Dynamic Business Infrastructures

Smart businesses are learning that SD-WAN can play a critical role in quickly—and securely—rolling out new networking environments, and connecting resources and users to data and applications. It can shorten the time to deploy new environments and resources by securely connecting them to the distributed network, whether it’s a single remote worker, branch offices spanning the globe, or even the most high-performance data centers or distributed cloud environments. Secure SD-WAN is far more than just a branch solution.

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...