The next wave of SD-WAN users have fewer resources to apply to their SD-WAN deployments and are looking to managed security providers to take up the slack.

June 30, 2020

6 Min Read
Building a Secure Hybrid WAN With SD-WAN

The explosion of SD-WAN has been in the headlines for more than a year. Organizations are adopting SD-WAN at a breakneck pace, not only to provide more flexible connectivity and application performance to their branch offices but across the entire network. Remote "super users" rely on SD-WAN, provided through small desktop appliances that combined security, connectivity, and wireless access in a single solution, to provide robust and secure access to critical applications and resources. These devices also include LTE-based redundancy to maintain bandwidth-hungry activities, such as streaming video and screen sharing, even when other connected devices are consuming home network resources. At the other end of the performance spectrum, data centers are using ultra-high performance SD-WAN solutions to create secure connections to cloud resources as well as other data centers. And virtual SD-WAN is also being used to connect distributed cloud environments.

At this point, however, most of the early adopters willing to do the heavy lifting of building out, managing, and attempting to secure their SD-WAN deployments now have a solution in place. The next wave of users have fewer resources to apply to such an undertaking and are looking to managed security providers to take up the slack. And with the amount of pent up interest currently in the market, the opportunity for MSPs is massive. According to Gartner, managed SD-WAN services are expected to grow at an astounding 76% CAGR through 2023.

And contrary to what you might have been hearing in the market, the transition to SD-WAN does not mean that MPLS is dead. Organizations are just ripping out their MPLS so they can move to broadband connectivity. Instead, they are making adjustments to ensure clean, reliable, and flexible connectivity. Welcome to the hybrid WAN world, where while some organizations may slowly phase out MPLS as they roll out direct internet connectivity, many others will continue to rely on MPLS as part of their transport layer mix to ensure and maintain reliable connectivity. As a result, it is critical that SD-WAN solutions support the delivery of overlay services irrespective of the underlying transport modes – whether LTE, DSL, Broadband, or MPLS.

Enhancing Hybrid SD-WAN Transport Services with Flexible Security

To make this transition to SD-WAN work, service providers need to find a vendor that can provide the broadest range of solutions and services that can be easily integrated into their unique environment. One of the most essential components of such a solution is integrated security.

And in addition to building a managed service around an SD-WAN solution that already includes a full stack of integrated enterprise-class security, they will also need a unified management interface to control connectivity and security simultaneously. Moreover, that management system will need to be able to scale across multiple devices and provide tiered support for clients who want a hybrid management solution right out of the box.

Security: The Achilles Heel of Most SD-WAN Solutions

However, there are a number of serious challenges related to SD-WAN security. The first is that most SD-WAN solutions only come with a basic VPN and a stripped-down firewall. And it quickly becomes apparent that they are simply not going to provide adequate protection for critical data and resources. As a result, organizations are forced to build an overlay security solution that approximates the protections that traditional WAN router connections enjoyed previously. And that full stack of security is expensive to purchase, complicated to deploy in a way that integrates with dynamically changing connections, and costly to manage and maintain. Those smart enough to see that challenge coming are increasingly turning to managed services partners to solve their problem for them.

These challenges don’t just affect organizations trying to deploy their own SD-WAN solution. In a recent survey conducted by MEF, security was the number one value-add service that managed service providers wanted. However, they face the same challenges that enterprises face when trying to implement security as an overlay. The fundamental SD-WAN functions that need to be protected are too dynamic for most security solutions. As a result, security is forced to operate in a perpetual state of trying to catch up. Managed service providers must consider this challenge when looking to develop their own turnkey Secure SD-WAN solution.

The other challenge is that even if they try to build an overlay security solution, most security devices operate as independent siloes, making it very difficult to integrate them into an MSP environment. And worse, they are slow. MSPs and their customers need security solutions that can scale, protect high bandwidth traffic without becoming an application bottleneck, and interoperate with their other offerings. Unfortunately, most network security devices designed using traditional hardware cannot keep up with the demands of today's applications.

Securing Direct Internet Connections without Sacrificing Performance

So, precisely what sort of security functions should an MSP be looking for?

Rather than trying to build their own security overlay, security vendors will find more success when leveraging a Secure SD-WAN solution that already includes a full stack of security solutions that have been fully integrated into its networking and connectivity functions. That way, rather than playing catch-up, security is automatically included in any dynamic changes to connections or configurations.

In addition to including a full stack of integrated security solutions, an ideal Secure SD-WAN should be able to leverage open APIs to seamlessly connect to similar security solutions available in the backbone provider's marketplace. This sort of peer-to-peer interoperability enables point-to-point connections that are not only fast and reliable but also secure. Similarly, securing direct cloud connections enables organizations to address the challenges of unauthorized Shadow IT and data loss by coupling their SD-WAN solution to a CASB (cloud access security broker) solution. This ensures deep visibility into and control over application access, traffic, and usage across a multi-cloud environment, all while maintaining optimal performance.

And of course, any effective SD-WAN solution for SPs needs to provide full multi-tenancy services to securely isolate customers while scaling services across a large and dynamic customer base.

And security is just the start. For example, a vendor that understands the challenges of the next-gen branch office can enable MSPs to provide additional value-add services such as wireless and access control to support organizations moving beyond secure connectivity to managing a complete branch solution.

The Best MSP VAS Solutions Start with the Right Partners

As professionals in this space already know, the key to launching a successful managed service is to start with a solution that already includes all of the elements their customers need. It also needs to be easily integrated into their existing managed services environment to reduce the ratio of engineers to customers. And it needs to provide reliability, functionality, and performance so that SLAs can be guaranteed in a hybrid transport mode world. And perhaps most importantly, it has been designed by a vendor that already understands how to sustain and support an MSP partner.

This content is sponsored by Fortinet.

Fortinet Inc.

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like