Guest Column | July 2, 2020

SD-WAN Must Securely Accelerate Cloud Connectivity To Enable The Cloud-Scale Edge

By Satish Madiraju, Fortinet


One of the biggest promises of SD-WAN is its ability to deliver the best possible application experience for branch offices and remote workers. In the simplest terms, that boils down to connecting a remote or branch user to an application – irrespective of where either is located – in the fastest and most reliable way possible. But just as importantly, it means consistently maintaining and securing that connection for ongoing optimal user experience.

One critical element for fulfilling that promise is SD-WAN’s ability to accelerate the delivery of cloud-based resources across multi-cloud environments. This is true whether assets are deployed in a public or private cloud environment, or whether users need to access business-critical SaaS applications such as Microsoft Office 365, Salesforce, streaming video, or others. Providing reliable access to these cloud-based resources requires granular controls, such as SLA-based application steering, dynamic failover, and application availability – even during blackout or brownout conditions.

Cloud On-Ramp For Multi-Cloud Environments

But even with those tools in place, the bigger challenge is that the internet was not designed for performance. And worse, most traditional methods used for steering traffic through the public network, such as BGP (border gateway protocol), don’t reroute traffic to avoid congestion. What’s needed is a cloud on-ramp solution that links colocation sites to a cloud-based application accelerator, such as Equinix, for accelerated cloud connectivity. At the same time, it is important to focus on middle-mile optimization using sensors embedded in backbone networks by providers like Teridion. By combining SD-WAN acceleration with backbone-based route optimization and protocol acceleration, service providers can eliminate the inherent performance problems associated with traditional internet routing.

The next challenge is that most SD-WAN solutions also require a middle hop through a vendor-specific cloud connector – which manages things like internet access and which path is the most appropriate for a specific application – before it can connect to an application acceleration point. This adds unnecessary distance and delay to a system already highly averse to things like latency, jitter, and packet loss.

A much better strategy is to leverage an SD-WAN solution with a built-in connector. This enables intelligent connection flexibility without having to backhaul application traffic through the SD-WAN vendor’s remote cloud connector.

Securing Direct Connections Without Sacrificing Performance

SD-WAN solutions that include built-in security functionality should also be able to leverage open APIs to connect to identical virtual security solutions available in the backbone provider's marketplace – enabling point-to-point connections that are not only fast and reliable but also secure. Direct cloud connection capabilities also better enable organizations to address the challenges of unauthorized Shadow IT and data loss by coupling their SD-WAN solution to a CASB (cloud access security broker) solution. This ensures deep visibility into and control over application access, traffic, and usage across a multi-cloud environment, all while maintaining optimal performance.

Performance Remains A Serious Challenge For Most SD-WAN Solutions

The challenge for many SD-WAN devices in providing this range of functions – flexible direct connectivity, advanced application steering, robust connection management, and full-stack security – is that they don't have the inherent horsepower necessary to scale to that level. Part of the reason why vendors deploy their connectors in the cloud, and why security is relegated to the customer to develop and deploy as an overlay solution, is that their SD-WAN devices have been built using conventional, off-the-shelf processors that can't deliver the power and performance that a device like this requires.

Nearly every other technology-dependent solution from leading vendors – from smartphones to cloud platforms – all rely on custom CPUs to accelerate and scale solutions to meet the unique demands of the applications and environments in which they are used. For SD-WAN to fulfill its promise of flexible, scalable, reliable, and secure connectivity, its manufacturers need to do the same. Otherwise, they are merely offloading performance responsibilities to others – service providers, cloud providers, and even their customers – resulting in mediocre results and increased overhead.

Selecting The Optimal SD-WAN Solution

Organizations are adopting new applications located in SaaS and multi-cloud environments every day, so establishing a secure posture around that access model is critical in today’s world – especially for applications deployed on the cloud. Organizations need an SD-WAN solution that is not only going to dynamically select the best path to SaaS applications in the cloud and optimize those connections but one that also can provide full Layer-7 security and advanced security capabilities. And they need one that can do all of that without impacting scalability and performance. They are out there. You just need to know what you are looking for.

About The Author

Satish Madiraju is director, products, and solutions, at Fortinet. With more than a decade of experience in the cybersecurity space, Satish leads innovative enterprise security and WAN Edge solutions at Fortinet addressing advanced threats and digital transformation challenges for global enterprise customers. Before Fortinet, he held strategic product management roles launching successful products and solutions at Cisco and engineering roles at security companies including IronPort and Infoblox.