Business leaders are building resilient enterprises to keep their operations running smoothly and their staff engaged, whether in the office, on the field, or at home. The key to their success lies in keeping their infrastructure fluid, agile, and secure.
From an operations perspective, think of any business around you, say a bank or a retail organization. Their customers transact with them online as well as inside brick and mortar stores and branches. When online, they look for a seamless digital experience that allows them to get what they want with just a few clicks. On the field, expectations are increasingly leaning towards contactless and seamless experiences.
Behind the scenes, employees must be kept engaged; they work tirelessly to keep things ticking, around the clock and a great number of them are working from home and are hoping to go back to the office soon. They believe their organizations will embrace a new, ‘hybrid’ way of working that will strike a balance between going to the office and working from home based on the needs of the function, team, and role.
While the narrative of the future is easy to talk about, bringing it to life involves several critical layers – security being the most important of all. After all, connected and intelligent workspaces, smart buildings with a multitude of IoT powered devices inside them, and working remotely using any device on any network, poses several cyber risks from a number of attack vectors across today’s modern threat landscape.
This is where Secure Access Service Edge, or SASE (pronounced “sassy”), comes in. SASE is a network architecture that combines software-defined WAN capabilities and cloud-native network security services including zero-trust network access, secure web gateways, cloud access security brokers, and firewalls as a service – and is delivered as a cloud-based service.
In the case of ‘secure remote workers’, users, wherever they might be, whatever network they might use, and whichever device they may choose, are connected securely to cloud, data center, SaaS, IaaS and co-located facilities with a single unified policy. The strain and limits of traditional remote access VPN concentrators, bandwidth constraints, lack of network segmentation, weakness in endpoint security solutions, and so on – can be overcome using SASE.
As a result, the organization is able to ensure that there is excellent control over users and their devices using the zero-trust principle and that all outbound traffic to internet and SaaS applications is secured.
In the above diagram, Duo and Umbrella play a key role in delivering SASE. Thanks to Cisco Secure Access by Duo, customers are able to establish control at the user and device level to verify user identity and device health. Duo establishes user and device trust and provides continuous visibility to extend trust on a per-session basis.
In essence, thanks to Duo, businesses are able to deploy zero-trust security measures both inside and outside the corporate network, and enforce consistent user and device-based access policy to reduce the risk of data breaches and meet compliance requirements.
Umbrella, on the other hand, provides secure connectivity with a single push, leveraging a single policy, all part of the most comprehensive cybersecurity platform in the industry.
When you think of the ‘secure edge’, the architecture is a tad more complex but provides a lot more flexibility to organizations that require it.
Our ‘secure edge’ use case essentially takes into account the SD-WAN component that most branch networks rely on. We automate the deployment of cloud security across our customer’s SD-WAN fabric so that thousands of branches can be instantly protected against cyber threats.
Cisco SD-WAN delivers automated tunneling through one-click, full-mesh VPN between all branch locations so our customers can scale up or down with ease. Further, it also offers end-to-end security segmentation which honors enterprise intent and provides branches with secure connectivity to everything they need: from on-premises and co-located facilities to integrated cloud services.
Go the telco route for SASE
Organizations with a relatively mature digital infrastructure can leverage SASE right out of the box and use its automation capabilities to further enhance their threat intelligence and defense mechanisms. This is literally the most cutting-edge security option out there today.
While I believe in the SASE solution that Cisco’s teams deploy in our client environments, I understand that some organizations have architectural challenges that make it difficult for them to gain access to this level of security.
More specifically, organizations that have legacy issues in their infrastructure or those that have overly complicated architectures, find that they need to take a few extra steps before they can benefit from any kind of serious security tool, including SASE. Fortunately, there’s a solution to that: Some customers find that working with a telco who can bundle the security into their offering and bill it to them as a service is an easier option and requires minimal effort on their end.
The way this works is simple. The ‘internet’ provided by the telco uses policies defined by the client organization and keeps apps and devices secure. When users need to work remotely, they log into the company’s network by using a VPN – supported by the telco. In turn, the telco takes care of monitoring and analyzing traffic and ensures the full benefits of the SASE solution are realized by the client.
Given the complexity of the business environment today and the digital demands of their customers, those working with a telco partner find that delegating the security component of their infrastructure is a better bet than trying to secure their systems, haphazardly, while fragments of their infrastructure and applications are being migrated to advanced digital topologies.
If you’re a business operating in the new normal, it goes without saying that a focus on security is non-negotiable. SASE provides you with the best security; as a customer, you have the power to decide how you want to implement it – whether it makes sense to adapt SASE on your own or consume it as a service with a telco partner.
What’s more important is that we put you in the driver’s seat with your IT, ensuring you are able to choose who you want to partner with to invest in the building blocks required to build your secure, agile network; No matter how you see it, what your position on technology, and where you are in your digital resiliency journey, you need to wake up to the benefits of leveraging SASE.
The next time you think about security, you must think about SASE.