The Secret to SASE is the Right SD-WAN

istock 1091853930

Evolving networking and connectivity issues are forcing IT teams to rethink their WAN and remote worker strategies. In the best of times, securing remote connections while ensuring scalability and maintaining user experience is challenging. But today, given the new realities of work from home (WFH) requirements, the expansion of cloud resources, a growing reliance on business applications, and the shifting threat landscape, many IT teams are falling behind. And cyber adversaries have been quick to take advantage of overworked and overburdened IT staff.

According to a recent threat report, 60% of organizations revealed an increase in cybersecurity breach attempts following their transition to a WFH model, while 34% reported actual breaches in their networks. This shift in attacks is due to cybercriminals adjusting their attack methods to target new areas of the network – including unsecured remote user devices and home networks, misconfigured cloud environments, and inadequately secured WAN connections from branch offices.

SASE and Security-Driven Networking

These challenges are part of why SASE is currently one of the most talked-about topics in the industry. SASE promises to marry security and connectivity into a single solution that enables distributed resources – branch offices, WFH users and networks, cloud-based resources, and core networks – to interconnect and interoperate as a single, integrated network.

From a security perspective, such an approach is known as security-driven networking. A security-driven networking strategy accelerates the convergence of networking and security across all edges and users. It enables organizations to effectively defend today’s highly dynamic environments while preserving an excellent user experience for employees and customers. It addresses several critical needs. These include the ability to manage external and internal risk for on-network users, provide flexible, cloud-native security for off-network users, and improve the overall user experience while reducing WAN costs.

It does this by integrating security and networking functionality into a single system. This allows security to continuously perform critical functions – such as inspecting encrypted traffic, detecting breaches, and removing malicious content, even while the network continually adapts and adjusts to changing connectivity parameters to ensure maximum performance for business-critical applications. With security at the core, networks can evolve, expand, and adapt to digital innovations with ease. And with the right kind of performance-enhanced security solutions in place, it can do so at the levels the next-generation of computing—including hyperscale, multi-cloud, 5G, and other fast-arriving trends—requires. Converging networking and security means protections that are always-on, flexible, and on task, whether users and devices are on- or off-premises.

SASE is an example of a security-driven networking solution – providing secure connectivity from any device, regardless of location, to any connected resource or application without delays or interruptions. The challenge is, without the right components in place, especially the right SD-WAN solution, organizations will struggle to make the promises of a SASE solution a reality.

SASE Security Starts with the Right SD-WAN

The core of any successful SASE deployment is the SD-WAN technology that has been selected. Not all SD-WAN solutions are alike, and many make adding any sort of security a complicated and expensive proposition. Most SD-WAN solutions only provide connectivity services – and even those can be limited to specific environments or scalability. Adding security to SD-WAN requires developing a security overlay solution that needs to be able to move and adapt as the underlying network functions shift and adapt to changing business and application requirements, as well as transport layer availability and bandwidth. 

Not only are IT teams left trying to tie security to SD-WAN functionality, but to also connect various security components into a single, adaptable system. And to make things worse, it all needs to interoperate with security deployed at the different edges of the network. The result is an incomplete security implementation that leaves exploitable security gaps, fragmented visibility across the attack surface, and limited ability to provide and enforce consistent controls.

On the other hand, a Secure SD-WAN solution is designed to fully support a security-driven networking approach. It begins by fully integrating SD-WAN functionality into a next-gen firewall platform. It should also be able to leverage cloud-native security as part of a robust SASE solution to ensure maximum flexibility and adaptability as netwkring and connectivity requirements evolve. A robust approach to SD-WAN also includes AI-powered predictive analytics, intuitive orchestration, and self-healing. This approach weaves a full stack of enterprise-class security functionality into an SD-WAN that can be deployed anywhere, from a small desktop appliance to a data center head-end solution to virtual cloud instances that can facilitate data moving across and between different cloud environments.

Ensuring SASE Provides the Protection and Coverage You Require

Because of the vast differences between SD-WAN solutions, a SASE solution and a complete security-driven networking strategy are not always the same, and the security of critical resources can be compromised. In addition to the essential cloud-based protections described in SASE’s popular definition, a robust SASE solution also needs to support a full stack of integrated security interwoven into the SD-WAN solution so that security can adapt to and follow workflows, applications, and transaction. And it should be able to be seamlessly integrated into a larger network and security framework to provide consistent protection that a purely cloud-based solution can’t address without shuttling traffic out to the cloud for inspection.

Only then, by building on a foundation of a powerful, flexible, and adaptive SD-WAN solution, can SASE become an essential component of a holistic, security-driven networking strategy—one that can quickly expand and adapt to changing networking and business requirements and still deliver the kind of security and performance required at every point across today’s distributed organization.

Take a security-driven approach to networking to improve user experience and simplify operations at the WAN edge with Fortinet’s Secure SD-WAN solution.


Copyright © 2020 IDG Communications, Inc.