What to ask your technology partner about SD-WAN

Replacing infrastructure? Rolling out new branches? Maybe you’re migrating an acquired business into your network. Chances are you’re one of the many enterprises considering SD-WAN for its streamlined management, speedy deployment, strong performance on available infrastructure and security benefits. In fact, Gartner is stating by 2023, 50% of new firewall purchases in distributed enterprises will utilize SD-WAN features.

However, there are still some security questions you need to ask your technology partner to secure your SD-WAN deployment.

Four Key Architectural Options for SD-WAN

Is security included in your SD-WAN?

Does the SD-WAN solution suggested by your technology partner include security features? Are separate or third party products required?

This is one of the most important questions to ask up front from a practical standpoint, as bolting-on components adds a layer of complexity to your technology evaluation and every step thereafter.

If ‘sold separately’ or added as an afterthought, does the proposed combined solution offer the same value and performance? Will you need more time to implement and do you have the in-house expertise to integrate them?

These also need to be interrogated in the context of how they’ll impact the way you work, and in particular, what level of automation they can provide.

Will they simplify or complicate your security management? Will you have a single-pane-of-glass to monitor, or a suite of interlocking features that require assistance talking to one another?

How does SD-WAN work with a hybrid network environment?

From the outset, it’s important to establish whether your solution requires a transition from legacy systems, if so, how will security be maintained?

Extending your network, via any means, inevitably expands the potential attack surface and presents a change in your security posture. This naturally needs to be considered from a whole-of-network context.

Let’s assume your core network is watertight, is your technology partner able to extend the same level of security to your SD-WAN implementation?

Not only does the security of your SD-WAN need to be of the same standard, it needs to extend seamlessly from your core network, without points of friction, inconsistency or vulnerability.

Herein lies the beauty of an end-to-end technology partner.

How deeply is security integrated into SD-WAN?

The power of SD-WAN comes from its flexibility - leveraging virtualised network functions (or NFV) that replicate the functionality of routers, gateways and other devices through software.

To maintain that flexibility, your security needs to deeply integrate into that ecosystem of connectivity.

Questions on integrated security can also reveal a technology partner’s overall approach to security and whether it is a serious focus.  Recent research from Gartner found that 90% of SD-WAN vendors lack a tradition of security, placing “serious gaps in many of their solutions”.

At Fortinet, we choose to integrate our award-winning Next Generation Firewall (NGFW) into the SD-WAN solution itself, consistent with our philosophy of providing an end-to-end approach.

Included in existing FortiGate subscriptions, SD-WAN security can be enabled with the flick of a switch.

This makes Fortinet the only NGFS vendor to provide native SD-WAN connectivity along with integrated advanced threat detection.

This unique capability recognised in Gartner’s 2018 Magic Quadrant for WAN Edge Infrastructure, where Fortinet was featured as a Challenger with the the most complete vision.

By integrating security at the device level, our partners (including managed security service providers) can be confident that their customers remain secure from that flick of the switch.