Flexible connectivity lets branch offices get baked-in security.

July 31, 2019

6 Min Read
Office Router

The majority of organizations are adopting cloud infrastructures and services, which means that compute resources are being transitioned from traditional data centers to virtualized environments. This has created challenges for the channel community as traditional revenue streams are affected by digital transformation efforts.

As a result, many channel providers have had to retool their portfolios and retrain their sales teams to identify new opportunities, such as extending licenses into the cloud, providing solutions and support for new edge computing technologies and retooling traditional architectures to compete more effectively in the digital marketplace.

Security and Digital Transformation

One of the most effective and profitable areas of focus for the channel has been security. Each new networked environment and device extends the potential attack surface, increasing risk and exposure. And increasingly, the teams tasked with building out these new ecosystems, such as DevOps teams for the cloud, have little security experience. Far too often, left to their own devices, they stand up one-off security solutions for each new project that actually create more security problems than they solve due to things like vendor and product sprawl, and solutions that can’t talk to each other, resulting in limited visibility and control.

With guidance from a trusted channel adviser, however, organizations can create holistic security architectures that span new networked environments and can scale to accommodate requirements such as elasticity and the use of highly distributed, and often temporary, digital resources. Finding these opportunities, however, requires understanding some of the most recent digital transformation trends organizations are migrating toward.

Extending Secure SD-WAN to the Branch

One of the latest opportunities is SD-WAN, which replaces traditional fixed connections to branch offices and retail locations with flexible connectivity that supports things such as interconnectivity between remote offices, critical software-as-a-service applications such as Office 365 and Salesforce, and latency-sensitive applications such as unified communications. There’s also a critical need for support in selecting and truly integrating security into these connections. Otherwise, organizations tend to reproduce the challenges they have elsewhere by trying to install security as an overlay after an SD-WAN solution with inadequate security has already been implemented.

What many organizations are realizing, however, is that replacing the connection to the branch office isn’t enough. That’s because the branch network behind that connection is also undergoing rapid change. This includes things like the rapid adoption of connected Internet of Things devices, such as sensors, monitors and security devices, and BYOD devices such as smartphones and tablets. In addition, due to the growing volume of traffic, data and applications, organizations can no longer afford to backhaul all branch traffic back to the central data center. Instead, connected devices also require direct links to the internet and cloud apps to access some data and applications, while other applications and workflows need the performance and security of an SD-WAN connection.

Defining the SD-Branch

Channel partners have a unique opportunity to extend the functionality and security of secure SD-WAN solutions into what is being called the SD-Branch. This approach enables branch offices and retail locations to embrace the power and productivity of digital transformation without exposing themselves to additional risks or by creating a weak-link network endpoint that can be exploited to launch an attack at the central network.

To effectively establish an SD-Branch, the following critical elements need to be …

… implemented:

  •  Protecting the branch edge: The first component is a next-generation firewall to extend security from the edge of the SD-WAN connection to wired and wireless access controllers to ensure that all inbound and outbound traffic, including direct internet and cloud links, is inspected and secured at digital speeds – even when encrypted. However, not all next-generation firewall (NGFW) solutions are alike. An NGFW designed for SD-Branch needs to provide consolidated security, network access controls and unified management in a single solution.

  • Protecting access: Secure access points are another critical element for protecting the SD-Branch. Wi-Fi access points need to provide adequate capacity and throughput to keep up with expanding bandwidth needs, switches need to support higher speeds, and they should also offer adequate Power over Ethernet (PoE) to run even the most power-hungry IoT devices.

  •  Protecting devices: Per-device security is another critical component of the SD-Branch. The proliferation of IoT devices at branch and retail locations represents a significant threat to organizations. The same is true for the expansion of end-user devices. Any devices seeking network access need to be properly identified and segmented, which requires a network access control solution. NAC solutions for the SD-Branch need to provide automatic device discovery and classification, and intent-based segmentation to secure chronically insecure IoT devices. SD-Branch NAC solutions also need to work with the NGFW to continuously monitor devices for anomalous behavior via traffic scanning to not only detect bad device behavior, but respond by dynamically quarantining those devices for remediation.

  • Zero-touch provisioning: Because branch offices and retail locations rarely have on-site IT staff, zero-touch deployment is another table-stakes requirement. True zero-touch deployment means that once an SD-Branch security device is connected to a power supply it can automatically connect through the SD-WAN to a central or cloud-based management solution, immediately update components, auto-discover the branch network and connected devices, initiate device onboarding, establish and secure access points and implement security policies such as segmentation – all without human intervention.

  • Centralized management: Integrated management via a single-pane-of-glass console simplifies enterprise branch deployments by centralizing and automating network and security functions such as configuration checking and updates, patching, remote management and analysis, policy updates and orchestrated threat response.

Key Takeaways

When properly positioned, SD-Branch can significantly expand your selling opportunities:

  • First, what many organizations looking to update their branch connectivity with SD-WAN actually want to do is extend digital business capabilities to their remote users and devices. SD-WAN alone only provides part of that solution. As a result, these organizations still end up having to update the capabilities of the branch network itself. By adding SD-Branch to an SD-WAN opportunity up front, organizations can realize the value and capabilities they’re looking for, while doubling or tripling the size of a simple SD-WAN opportunity.

  • Second, with more than 60 SD-WAN vendors in the market today, competition can be fierce. By explaining the advantages of an SD-Branch solution, and then helping the customer reframe requirements to extend advanced networking and security functionality into the branch itself, you automatically narrow the field of competition.

There are currently millions of branch office and retail locations that could directly benefit from an SD-Branch upgrade. SD-WAN deployments are an excellent starting place for discussing the advantages of an SD-Branch solution. Or, SD-WAN and SD-Branch can be positioned as a single solution, with the advantage of tying together connectivity and security issues right from the start. By joining these solutions, you help organizations achieve their branch transformation goals and reduce deployment time and complications while also lowering TCO. And at the same time, channel partners increase their profitability, making it a win-win opportunity.

Jon Bove is the vice president of Americas channels at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the U.S. as the company seeks to help them build successful — and profitable — security practices. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like