SD-WAN creates new security challenges

SD-WAN products have been available for the better part of five years. Early adopters of the technology focused primarily on transport-related issues such as replacing or augmenting MPLS with broadband. As any technology matures and moves out of the early adopter phase, the buying criteria changes — and SD-WAN is no different.

In 2018, a ZK Research survey asked respondents to rank SD-WAN buying criteria, and security came out as the top response, well ahead of technology innovation and price. (Note: I am employee of ZK Research.) To better understand this trend and what it means to network professionals, I sat down with Fortinet’s executive vice president of products and solutions, John Maddison, who sets the company’s product strategy, making him well versed in both SD-WAN and security.

Zeus Kerravala: What is the current state of SD-WAN?

John Maddison: As digital transformation took hold, it became clear that traditional links to branch offices could not support the complex connections required by today’s businesses. Something as simple as a split tunnel, where a branch office has a dedicated link back to the corporate headquarters, and a live connection to the internet could undermine the security of the entire organization.

SD-WAN provides things like support for advanced business applications, the ability to move latency-sensitive data such as voice or video over to reliable, high-speed links, and bonding multiple connections together — such as links to the core network, connections to multi-cloud networks and services, and live connections to the Internet and mobile devices — into a single, integrated package.

john maddison fortinetFortinet

John Maddison, executive vice president, Fortinet

The biggest challenge we see organizations facing is the result of trying to apply a consistent security framework to this new environment. It needs to not only secure the primary SD-WAN connection, but also be integrated into whatever security solutions that have been deployed elsewhere, such as in the cloud or at the remote network. This allows organizations to implement a single security strategy that includes application protection, web filtering, sandboxing, network access control, SSL inspection, and solutions such as NGFW, IPS, and VPN to protect applications, workflows, and data in motion.