One of the biggest security challenges faced by your customers
is the pace of change. As threats evolve, point solutions creep in, with the inevitable result of a
fragmented environment leaving gaps through which malicious actors creep in.
The answer and a top priority for cybersecurity according to Gartner Group, is a Cybersecurity Mesh
Architecture providing an integrated set of security tools and APIs combined with centralised management,
analytics, and threat intelligence.
Gartner announced the Cybersecurity Mesh Architecture (CSMA) as part of its top strategic technology
trends for 2021. It has since reiterated the mesh as a top trend for 2022, advising organisations to
approach security and deployment plans with CSMA in mind. With this push, there is a growing interest in
the details of the mesh concept from customers and partners, particularly as to how it relates to the
Security Fabric.
Gartner’s mesh concept parallels the Fortinet Security Fabric narrative and is a validation of what
Fortinet has been driving and promoting over the last 10 years.
Fortinet Security Fabric is a complete security solution capable of integrating, consolidating, and
unifying all security infrastructure and services. No more gaps. No more threats.
What’s more, Gartner has named Fortinet Security Fabric the highest performing solution of its kind in the
industry. That’s because Fortinet Security Fabric covers every aspect of data security, from start to
finish (Please see graphic). Why would you choose anything else?
It’s simple. Fortinet Security Fabric is the highest performing Cybersecurity Mesh Platform – and it’s available to your customers today. Get the full story about Cybersecurity Mesh Architecture and Fortinet Security Fabric.
For more information, please contact:
Gerrard Kennedy — gerrard.kennedy@ingrammicro.com
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
The one common drawback to most SD-WAN solutions
is that they address your WAN connectivity needs as
if
they exist in isolation. This isn't unique. One of the biggest challenges facing organisations undergoing
rapid digital transformation is that each new network element tends to be designed and implemented in
isolation. While this
approach
has several significant flaws, none is more serious than the impact it has on security.
One of the most critical functions required by security is expansive visibility across the entire
distributed network. Deploying separate security solutions in different parts of the network isolates
resources and makes it impossible to
see, correlate, and respond to systemic threats.
While traditional hub-and-spoke WAN connection models certainly have their shortcomings, they do enable
all traffic to be scanned and secured by the centrally deployed security. Once you replace static MPLS
connections with flexible
connectivity that leverages a public network and begin to support direct links to the internet and SaaS
applications, you shift the burden of security to the SD-WAN device.
The problem is, most SD-WAN devices offer little more than
extremely basic firewall functionality. Which means that your critical data is no longer being protected
by your full stack of
security
services, such as IPS, web filtering, anti-virus and anti-malware, and sandboxing. If
you want those services, you have to add them as an overlay.
This
can add significant overhead to your IT team due to the heavy lifting of designing and deploying a
solution, additional maintenance, and the use of separate management consoles. And if not done properly,
it can also isolate your WAN
security from the rest of your security architecture, both at your core and out in your multi-cloud
presence.
But that’s only part of the challenge.
Managing an SD-WAN connection over a platform as unreliable as
the public internet requires a significant amount of delicate connection management. Redundant systems
need to be in place for
immediate failover. Links with deteriorating reliability need to be hot-swapped out, even during live
connections. And traffic management tools need to be constantly aware of application bandwidth
requirements and prioritisation of
different connections to continually make micro-adjustments to support latency-sensitive applications like
unified communications.
SD-WAN connections require end-to-end security that goes beyond simply encrypting data. Communications
between a branch office and a cloud-based application require data inspection at both ends of the
connection. To avoid gaps in policy
implementation and enforcement, security solutions in the cloud need to be fully compatible with those
running at the branch. Applications not only need to be identified and managed to optimise their
performance, but security also needs
to
see and understand those applications so appropriate levels of security can be applied. In addition, a cloud-based
security broker (CASB)
solution should be positioned between the user and the cloud to secure access to cloud applications
and resources and provide ubiquitous visibility and control. Finally, cloud security solutions need to also be positioned in the internet itself to
provide real-time scalability for
applications.
But perhaps the most essential element required is the deep
integration between SD-WAN network functionality and security. Unfortunately, when security is deployed as
an overlay, the best it
can
do is react to changes in network connections. This might be good enough for basic connections to the core
data centre, but securing things like SaaS applications or accessing sensitive data is another matter. The
lag time between a
network
change and the remapping of security to match that new configuration can create security gaps – which can
be predicted and exploited. This problem is significantly compounded when such changes can happen on a
second-by-second
basis.
Rather than deploying security as an overlay, it instead needs to be fully integrated into the networking
functionality of the SD-WAN solution itself. When new connections are created, security policies are built
and deployed as part of
the
process. When network connectivity changes, security adapts automatically as part of the protocol. And,
should a new connection or adjustment potentially compromise security policy, the integrated security
element can prevent that
change
before it is even made.
This deep interoperability between security and network
functions is the hallmark of the next generation of security known as Security-Driven Networking. By
weaving these traditionally
separate
systems into a single solution, organisations can achieve the visibility and control necessary to truly
secure their entire infrastructure. And as machine learning and AI become part of the solution, we will
finally realise the sort of
self-defending, self-healing network we have been waiting for.
New Secure SD-WAN solutions
are the perfect place for this to begin. Deep integration between connectivity and security allow for the
seamless and
straightforward
deployment of a complete solution, while networking and security functions can be managed simultaneously
using a single pane of glass management system, reducing overhead, increasing performance and protection,
and paving the way for
the
next generation of security.
Take a security-driven approach to networking to improve user experience and simplify operations at
the WAN edge with Fortinet’s
Secure SD-WAN
solution.
Digital transformation at the branch office, including remote retail
locations, school campuses, and healthcare and financial offices, is fundamental if today’s distributed
workforce is going to be able to keep up with evolving business and consumer demands. Conducting digital
business today requires
access
to critical services and applications located in the cloud. And many of these business-critical
applications, such as unified communications, are highly sensitive to bandwidth limitations or things like
jitter or lag times that often
result
from unreliable connections, which becomes an obstacle for efficient operations.
Historically, these remote locations were all connected to business applications and services through a
single connection back to the core network. An MPLS connection and WAN router provided reliable, yet
static connectivity for
millions of
offices. However, because this hub-and-spoke model means that all applications and access to online
resources need to be backhauled through the core network, local servers are being overwhelmed with huge
volumes of traffic, along with
the
capacity of the fixed MPLS and router combination at the branch office. As a result, productivity and user
experience are severely impacted.
While SD-WAN solutions address this challenge with a more flexible and dynamic connectivity strategy, early-to-market solutions failed to consider the security needs of these connections. The one thing that the traditional model had going for it was that all traffic was at least inspected and secured using the full stack of enterprise-grade security solutions deployed at the core. Direct access to cloud and internet services from the branch means that protection is no longer available. Unfortunately, the vast majority of SD-WAN solutions on the market provide little more than a VPN and a stripped down firewall to protect this critical link in today’s distributed networks, which leaves organisations poorly protected and highly vulnerable.
Fortinet believes that our focus on Secure SD-WAN
innovation contributed to our placement of highest ability to
execute
and highest completeness of vision in the Challengers Quadrant of the November 2019 Gartner
Magic Quadrant for WAN Edge Infrastructure. Unlike many
SD-WAN solutions, we think Fortinet Secure SD-WAN is one of the few solutions on the market that addresses the
FULL range of challenges being faced by
organisations, combining advanced connectivity and traffic and application management functionality with a
full suite of integrated security solutions, including NGFW, IPS, antivirus/anti-malware, web filtering, a full range of VPN options, and advanced threat protection solutions
such
as sandboxing.
In fact, in the November 2019 Gartner analyst research report, “Critical Capabilities for WAN Edge
Infrastructure,” Fortinet received the highest score in the “Security-Sensitive WAN” use case, and ranked
within the five highest for all
remaining WAN Edge use cases. Gartner went on to recommend that “users consider the set of critical
capabilities as some of the most important criteria for [WAN Edge infrastructure] acquisition decisions.”
The marketplace is taking notice. For example, Fortinet’s
Secure SD-WAN just received CRN’s
2019 Tech Innovator award in the “Networking — SD-WAN” category, as well as CRN’s
2019 Product of the Year in the
Security-Network — Technology subcategory. These awards are just a small reflection of the impact
that Fortinet’s Secure SD-WAN solution is having on transforming the market.
We have also been recognised for our work with MEF, the group responsible for defining SD-WAN
certifications and standards. In addition to winning two MEF 3.0 Proof of Concept awards –
one
for developing security standards for secure connections between separate SD-WAN devices, and the other
for ensuring application security for SD-WAN services — we also lead a key Initiative in the MEF
Applications Committee on
Application Security for SD-WAN Services (MEF88).
Additionally, Fortinet’s secure SD-WAN solution has received two consecutive NSS Labs “Recommended”
ratings and showcased the lowest total cost of ownership (TCO), resilient high availability for
better user experience, and high WAN performance for cloud applications.
With over 21,000 Fortinet Secure SD-WAN customers and counting, organisations
are quickly learning that digital
transformation
without security is a dead end. Instead, manufacturers and businesses alike need to take an aggressive
security-first approach that ensures that all innovation includes security-driven networking to ensure
that flexibility and
adaptability
don’t leave organisations exposed to today’s increasingly aggressive — and successful —
cybercriminals.
Take a security-driven approach to networking to improve user experience and simplify operations at
the WAN edge with Fortinet’s
Secure SD-WAN solution.
Read more about Fortinet's recent customer momentum to learn why global service providers such as Orange Business Services, SoftBank Corp, and Ooredoo Kuwait choose Fortinet Secure SD-WAN.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does
not advise technology users to select only those vendors with the highest ratings or other designation.
Gartner research
publications
consist of the opinions of Gartner’s research organisation and should not be construed as statements of
fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any
warranties of
merchantability
or fitness for a particular purpose.
The Fortinet Network Security Academy (FNSA) program is designed to provide industry-recognised Fortinet training and certification opportunities to students around the world.
Cloud services are not new. Many of the technologies, such as remote access to applications, ready-to-use infrastructure and pre-configured environments have been around for many years. What has changed is the scope of different services and the scale they can offer. The idea of having to size a system before deploying it is disappearing as new cloud platforms offer almost infinite scalability.
Recent research suggests that businesses will be spending more on the cloud than ever before with a recent Forbes report finding more than half of the global expenditure on IT to be cloud-based this year and that 60–70% of all software, services and technology spending will be cloud-based within two years.
And a report conducted by Intel recently found that 80% of all IT budgets will be committed to cloud apps and solutions in the coming year with "cloud first" being a common buzzword in corporate boardrooms.
But that opportunity also brings new challenges, particularly when it comes to security. Different types of cloud services provide a wide range of different protection for your applications and data.
For example, when you subscribe to an online accounting or customer relationship system service, you are trusting that the service provider will handle your data appropriately, protecting it when it's at rest and in-flight, as well ensuring it's backed up. In order to ensure those activities are carried out to a level you're satisfied it may be worth adding your own security processes to those of the service provider.
“All public cloud providers provide some level of security, but they also are careful to point out that BYO Security is welcome and encouraged. After all, the data you store whether your own or your clients, is your responsibility, and with great emphasis on accountability and breach reporting, it pays to understand what Security is baked into the public cloud provider’s offering and what gaps do you need to fill yourself," says Swapneil Diwaan, Business Manager, Fortinet at Ingram Micro, the largest Fortinet distributor and Authorised Training Centre.
But platform providers, sometimes called Platform as a Service (PaaS), that offer environments with operating systems, databases and other foundational software provide different service levels, as do businesses that simply provide hardware for you to install everything to. These are Infrastructure as a Service, or IaaS, providers.
A few years ago, public cloud providers were still new to the market and hadn't yet built trust with potential customers, especially the lucrative enterprise and public sectors. Part of building that trust comes through proving compliance with important laws, regulations and standards. This is why the likes of Amazon Web Services and Microsoft Azure have invested heavily in not just building physical infrastructure but ensuring compliance with regulations and standards with hybrid clouds provided by local MSPs filling the gap to secure those services.
However, while hybrid cloud providers have improved their systems, the onus remains on customers to ensure they remain compliant. It is possible to deploy a system on a cloud provider's infrastructure but not ensure compliance or security. That's where trusted partners, like your MSP, Fortinet and Ingram Micro can help as they offer specialty services and systems to ensure your security and compliance go beyond the usual cloud provider checkboxes and differentiate them from competitors that might be using similar service providers.
Compliance is an important element of any business' security planning. And with new regulations such as the recently introduced National Data Breach (NDB) notification scheme in Australia and the General Data Protection Regulation (GDPR) in the European Union taking effect in May 2018, it's important to ensure businesses have their infrastructure and processes in order.
These changes in regulatory systems and the rapid change in how applications are designed, deployed and used have resulted in some significant challenges for companies. Scale is no longer a limiting factor with service providers offering services such as FortiVM that let you quickly deploy virtualised appliances such as firewalls and purpose-specific servers.
There is now a global skills shortage in information security and compliance that has resulted in both a scarcity in the number of qualified and experienced people that can be hired and an increase in their salaries as a result of that supply and demand. Managed service providers are able to assist as they can hire people with the skills needed. And, as one cloud provider can host thousands of environments, one security team can look after all those systems so the costs are shared.
Cloud service providers live and die by their reputations. That makes security one of their highest priorities right through the entire design of the services they deliver. The cloud environments they create are designed to be shared. So the protection of data that ensures one client doesn't see another's data and that unauthorised access is blocked is built into the design of the environment. Security by design is a core service - not something that's added later.
Service providers need to provide services that can meet the needs of many different clients. As a result, they have built their systems so that they can be rapidly updated to take advantage of the latest security features because that's part of their market advantage. That includes ensuring their systems support compliance with international standards such as GDPR.
Getting that right, for new aspiring hybrid cloud service providers seeking to offer more than the players already in the market, means finding the right partners, such as Ingram Micro and Fortinet, can help them build differentiated services that meet the needs of businesses making the move to cloud services.
The expertise that service providers bring to this goes beyond the technical. The right service provider for your business won't just provide a room filled with server hardware and applications. A trusted partner, like Fortinet, will support you so the deployment of your systems is done with the utmost attention to security and compliance.
As cloud service continue to become the first option for businesses, finding the right partner that can offer services, systems and support that deliver the best options to support your business are vital. That means finding someone that can work with you to choose the right cloud solutions, with training and support for your business so that it remains secure and compliant.
For more information on how to build and configure your hybrid cloud offering, contact Ingram Micro's Solution Architects:
Andy Hill — andy.hill@ingrammicro.com