With the rise of SASE, networking and security are finally merging – with big consequences for digital transformation.
Every organization today is going through some type of transformation to leverage digital technology. But what does this digital transformation look like when it comes to applications and network design in a post-COVID world?
There are now many distributed enterprises that have multiple branches and remote workers. Apps are moving from on-prem to cloud-delivered software-as-a-service (SaaS), so they can be accessed from anywhere, anytime.
These shifts call for a new approach: the combination of two leading technologies into a single – or at least intertwined – sector. Let’s take a look.
Networking and Security are Finally Converging
The shift to remote work requires network and security convergence in the cloud, which is provided by a technology called secure access service edge (SASE). SASE is the next level of enterprise networking, and encompasses five key components:
- Remote access.
- Zero Trust Network (ZTN) access.
- Software-defined wide area networking (SD-WAN).
- Secure Internet Gateway (SIG).
- Performance and monitoring.
The merging of networking and security is something that’s been predicted for the better part of a decade, yet many companies – large enterprises in particular – did not embrace this shift. Network and security engineers worked in silos, which is inefficient, error prone and can lead to breaches. But the pandemic forced a change: the complexity created by COVID and remote work acted as a catalyst and the industry shift is well underway. Networking and security are now more often seen as intertwined sectors.
In my latest ZKast, Nirmal Jandhyala, Director of Product Management at Cisco, explained what SASE is, and why enterprises are adopting the technology. Highlights of the ZKast interview, done in conjunction with eWEEK eSPEAKS, are below.
- Even before COVID, digital transformation trends were gaining adoption. Yet the pandemic accelerated the transition for organizations – many of which are now truly strategizing digital-first. Examples of verticals that have undergone a rapid digital transformation in the past two years are financial services, automotive, and education.
- The digital transformation journey looks different for every organization. Younger companies tend to adopt cloud solutions from the start, while companies that have been around for a long time take longer to move to the cloud due to legacy systems and processes. Now with SASE, there is another big shift in security tech moving to the cloud.
- Larger companies are adopting SASE faster because they have the manpower and the resources to deploy the technology. Smaller companies want a turnkey SASE solution because they can’t deal with multiple vendors and point products to build out a SASE framework. Therefore, adoption among smaller companies has been slower.
- When users access apps directly in the public cloud, traffic doesn’t go to the data center, so a single security policy cannot cover all the apps a user is accessing. That’s where cloud security plays a crucial role. Without solid cloud security, a policy can’t be applied to traffic that’s going from the user to the app or from the branch to the app.
- Users accessing apps from anywhere create a distributed surface area for potential cyberattacks. Additionally, users in different geographies take different paths to apps, which means the enforcement point is distributed for cloud security. Managing many distributed enforcement points plus on-prem security is a challenge for IT admins.
- While legacy on-prem security is highly inefficient, there is a single way to deploy it. In contrast, SASE has multiple components and there are several ways to deploy it, which adds complexity. The technologies that SASE embodies aren’t new. What’s new, however, is how SASE brings them together into an agile, cloud-delivered stack.
- Organizations have many of these technologies already in place – typically from different vendors – and they want to get the most out of their investments. The challenge is migrating to a framework that’s completely cloud-native and potentially delivered by one or two vendors.
- Without SASE, it’s difficult to secure a highly distributed enterprise. The good news is that distributed enterprises likely have already deployed a SD-WAN for interconnecting branch locations. SD-WAN adopters have a deeper understanding of SASE because SASE combines elements of SD-WAN and network security into a single cloud-based service.
- Gartner predicts that by 2023, 20 to 40 percent of enterprises will be adopting SASE. Cisco believes enterprises are on track to meet that goal. There are only a handful of vendors that have a full stack of SASE solutions and Cisco is one of them. Many organizations are deploying 70 to 80 percent of the SASE stack from Cisco with a few products from other vendors.
- Organizations that already have a SD-WAN need to deploy a cloud security stack to protect user-to-app access when traffic goes directly to the Internet. They would need a solution like Cisco’s Umbrella, which is a SIG platform that unifies multiple security capabilities in the cloud.
Three Ways to Deliver SASE
There will always be some apps that remain on-prem, whether it’s for compliance reasons or performance reasons. Those apps will continue to require some type of VPN tunnel to the enterprise network. For apps that live in the cloud, Cisco envisions SASE being delivered in three ways:
- DIY: Enterprises will leverage best-of-breed point products rather than taking a unified approach. Different teams will manage different components.
- Cisco+ Secure Connect: a simplified, turnkey SASE solution designed for remote workers to securely access apps and connect to networks hosted anywhere in private data centers or across multiple public and private clouds.
- Cisco+ Secure Connect Choice: a cloud-delivered SaaS solution that provides flexibility and scalability in deploying different SASE components as needed.