SD-WAN, SD-Branch Considerations for MSSPs and Partners


Through the adoption of cloud-first strategies, large enterprises and SMBs (small and mid-sized businesses) alike are seeing their networks evolve with increased traffic, multiplying endpoints, and the demands of applications.

In many cases, these networks expand slowly and surreptitiously, without centralized control or secure oversight. In other cases, networks blossom overnight, a virtual explosion driven by new strategies such as bring-your-own-device (BYOD), the Internet of Things (IoT), and software-as-a-service (SaaS), all of which are enabled or enhanced by the cloud. These “overnight sensations” suffer from even less centralized control or secure oversight.

New technologies can potentially be entering your customers’ networks every week as employees seek the tools and services they need to stay competitive in the new digital economy. The increase in network traffic can be profound, and many legacy architectures simply cannot handle the new standards for bandwidth. Today’s applications are latency-sensitive and traditional strategies for handling traffic – like multiprotocol label switching (MPLS) – simply cannot deliver the performance that today’s on-the-go work environments demand. Never mind the fact that digital transformation is placing additional demands on the network for consistent connectivity with redundancy and rapid cloud access with secure direct internet connectivity.

Support Network Evolution with SD-WAN and SD-Branch

As your customers watch their networks expand, the role of software-defined wide-area networking (SD-WAN) and SD-Branch solutions should not be underestimated. Upgrading traditional MPLS systems is too expensive and does little to simplify operations. And relying on legacy routers, with their lack of embedded security features, just isn’t an option. Ultimately, companies want a cost-effective way to update their growing distributed networks while also streamlining operations. This is where SD-WAN comes in.

With SD-WAN, partners and MSSPs have the opportunity to help customers improve their networks and direct traffic to remote locations and branch offices. Network monitoring takes place from a centralized space, providing networking teams with a more efficient way to manage their WAN architecture. Similarly, with SD-Branch solutions, businesses can simplify remote office infrastructure and also extend security to the access edge.

Knowing that not all SD-WAN solutions are created equal, it is up to partners and MSSPs to expand their offerings to meet their customers’ growing needs. Consider this fact: 80% of organizations surveyed said their SD-WAN solution was difficult to manage. Not only that, but they also stated it was time-consuming and, not unrelated, consisted of multiple pieces.

For businesses looking to facilitate the adoption of cutting-edge technologies, SD-WAN as a service can be a fundamental starting point to the kind of network evolution they require. As an MSSP, you can offer a consolidated networking solution as a value-added service to help your customers elevate their networks and, therefore, their businesses.

What to Consider When Delivering SD-WAN and SD-Branch Solutions

More than half of organizations have reported seeking out managed security service providers to help them implement and manage their networks. Here is a checklist of what to consider when offering managed services to your customers:

  • Tighter Security. Infrastructures that are not centrally managed have security gaps that leave organizations open to cyberattacks. SD-WAN solutions should be integrated within a next-generation firewall (NGFW) to mitigate risk while also reducing Capital Expenditures (CapEx) and Operating Expenses (OpEx).
  • Lower Capital Expenditures. The SD-WAN solution should be delivered via a single appliance, thereby eliminating the need to acquire multiple devices and appliances such as network firewalls, anti-malware, WAN optimizers, and intrusion prevention (IPS).
  • Lower Operating Costs. The SD-WAN solution should offer a consolidated way to manage network traffic, thereby simplifying operations. When teams have multiple, nonintegrated solutions to learn, deploy, configure, and manage, time and resource get eaten up fast. An integrated solution lowers OpEx.
  • Visibility (app awareness). That growing body of devices causing the explosion of traffic on the network needs to be logged, cataloged, and prioritized according to bandwidth usage. IT teams have service level agreements (SLAs) to consider and reliability to worry about – intelligent app awareness, including built-in SSL decryption, allows them to detect even encrypted apps and helps them do their job as efficiently as possible.
  • The SD-WAN solution needs to scale along with the customer’s business while still providing encryption inspection without sacrificing performance. However, the best solution is not to purchase more SD-WAN firewalls or additional encryption inspection equipment. Rather, your solution should come with built-in capabilities, or powerful processors, that can handle the job and scale with the business.
  • Security at the Edge. When hoping to secure the access edge, organizations often turn to SD-Branch solutions to get the job done. Your solution should combine IPS, network access controls, NGFW, and other capabilities – all in one device.
  • Your SD-Branch solution should offer end-to-end visibility from one remote office to another, in addition to the core business location. It should encompass IoT devices and all the potential high-risk devices that employees can bring to branch locations.
  • The managed SD-Branch solution you offer your customers should be centralized and automated so that it reduces the burden on human-powered resources. Logging, auditing, and reporting should be automated to save on resources and assist with compliance.

Final Thoughts

MSSPs or partners who reach out to their customers and offer managed SD-WAN services can help them leverage the technology they need the most, in all the places they need it. Whether they are serving an on-the-go workforce, remote branch locations, or both, you can provide the unique, customized solution they need. When this happens, everyone wins: users get a high-quality experience, security teams get peace of mind, and network managers get a break.

Blog courtesy of Fortinet. Read more Fortinet blogs here.