- Green Growth
- Your Consultant
|The inevitable integration of SD-WAN and security in 2020|
Predicting the future is not always as difficult as it may seem. It involves seeing and understanding the concept of inevitability. Inevitability curves exist when you can see a state that will inevitably occur: everyone at your company will have access to the power of digital transformation and then mapping the line connecting the present to that future. When a seemingly insurmountable challenge intersects with an inevitability curve, progress toward that future state is halted until that problem can be resolved.
Fortunately, we humans tend to be really good at solving problems. This is why most progress involves a series of stops and starts, rather than a single line of continuous progress, a concept described by Dr. Stephen Jay Gould as punctuated equilibrium. Digital transformation has been filled with them.
The most recent example is the need to make business-critical applications and agile connectivity to cloud services available to everyone, from branch offices to campuses. What is inevitable is that everyone in an organisation, regardless of their location, will have access to the tools they need to be successful. However, issues like performance and security are becoming roadblocks to achieving a future of ubiquitous access.
Organisations have realised that a major roadblock to achieving true digital transformation was the static MPLS connections and legacy WAN routers that connected branch offices to business-critical applications, data, and services. Fortunately, (or as some would say, inevitably) SD-WAN arrived just in time to address that challenge. The Gartner report “Forecast Analysis: Enterprise Networking Connectivity Growth Trends, Worldwide,” states that “by year-end 2023, 60 per cent of enterprises will have implemented SD-WAN, up from less than 20 per cent in 2019, to increase network agility and enhance support for cloud applications.”
To date, most of this growth has been by early adopters who have been willing to do the hard work of planning, designing, implementing, and optimising their SD-WAN solutions on their own. And they have discovered the next challenge on this inevitability curve: nearly all SD-WAN solutions available only solve half of the problem. It turns out, the real goal is secure connectivity, and if our ability to effectively secure SD-WAN connections is not addressed, the inevitability curve for complete digital transformation will be disrupted by the high cost and low performance of most SD-WAN solutions available today.
But that challenge is also solvable, and I predict that in 2020 organisations will see and gravitate toward that more complete solution just as vendors start bringing this next generation of Secure SD-WAN solutions to market.
The challenge, in a nutshell, is that all classic branch connections flowed through the core network, where data and applications and workflows were protected by the powerful enterprise-class security solutions in place there. Moving those connections to the public network through SD-WAN, so users have direct and faster access to business-critical applications and resources took that all away. The first generation of SD-WAN solutions failed to compensate for that loss of security by either not providing any security at all or by only providing very basic tools like VPN and stripped-down firewall, which were woefully inadequate for the job.
Organisations were forced to try and address this challenge by building their own security overlay solution. However, that has been quickly identified as a development dead end. Adding security tools to an SD-WAN solution multiplies the costs, both in terms of capital investment in security devices, as well as in ongoing operational costs associated with managing a complex set of isolated solutions. And even when organisations are willing to accept those additional challenges, the security being deployed simply does not solve the problems.
The first issue is performance. The 2019 Internet Trends report estimates that 87 per cent of all web traffic is now encrypted, and that number is likely to climb as more data flows across public networks, and as anyone involved in security knows, inspecting encrypted data is like kryptonite to most next-gen firewalls, driving performance numbers to the floor. And this is completely unacceptable in an environment where performance is essential for business-critical applications like voice and video where bandwidth is essential. Until recently, the only other option was to buy a bigger firewall, but multiplying that by dozens or hundreds of branch offices is simply not viable.
The other issue is complexity, both in terms of security implementation as well as essential WAN functionality. Traditional WAN routers incur high operational costs since much of their functionality still needs to be managed and optimised manually. While this may have been acceptable when a static MPLS connection back to the core network was all that was required, today’s organisations require dynamic and constantly shifting access to business-critical applications and services across a variety of cloud and internet platforms. The savings are significant when transitioning to an SD-WAN solution. The 2019 Gartner Magic Quadrant for WAN Edge Infrastructure states, “Gartner clients report operational savings as high as 90 per cent when comparing the better WAN Edge solutions with traditional router-based deployments (administration time of five minutes per month versus one hour per month).”
Rather than trying to add security to an existing SD-WAN solution, Fortinet has taken the opposite approach. The company has woven advanced SD-WAN connectivity features into its next-gen firewall that already contains a full stack of essential security tools. This allowed addressing both of the challenges outlined above. Performance issues are addressed with new, purpose-built processors specifically designed to accelerate both networking and security functions. And because networking functionality has been built right into the core software, security and connectivity are now twin elements of a single solution – simplifying operations and building scalable zero-touch deployments.
Inevitability is a powerful principle, often resulting in solutions emerging just at a time when they were most needed. This is true for a wide variety of critical inventions, including the automobile, the airplane, and even the firewall, with multiple people simultaneously inventing each of these things independently of each other. And in 2020, the Secure SD-WAN approach to branch connectivity will move the needle just a bit further in our goal towards global digital transformation.