How SASE converges networking and cloud security to support superior digital experiences

The user experience has clearly become the most important key performance indicator (KPI) in today’s digital economy. But providing a seamless experience is hard when people, places, and things are highly distributed. This is due to:

  • The shift to cloud and software-as-a-service (SaaS), continues to gain pace as organizations look to be more agile and resilient in the face of disruption
  • The growth in hybrid work, which gives people the flexibility to work from any location, using any device

IT teams have long been under pressure to control costs, maintain service levels, and keep their organization safe. However, securing huge numbers of data flows and connections while managing the ever-expanding attack surface and emerging threat vectors has seen the complexity of network security surpass human capacity:

  • 51% of organizations are struggling to connect users to corporate resources[1]
  • 50% of organizations say they are lacking sufficient resources to detect and remediate application vulnerabilities quickly[2]
  • 41% of organizations see securing user access to cloud-based applications, mobile devices, or cloud-based solutions as their top networking obstacle[3]

The old ways of achieving secure connectivity are no longer enough. IT teams are struggling to remain resilient. And when the IT experience suffers, the end user experience suffers.

Secure access service edge (SASE) converges software-defined networking and security in the cloud. It provides a more consistent architecture that is simpler to manage and more agile and secure than previous models.

SASE allows IT teams to:

  • Deliver secure and seamless connectivity anywhere users and applications reside
  • Deploy cloud security anywhere in minutes to protect against threats instantly
  • Support any choice of applications in any cloud environment

SASE is a nascent market today, but analysts predict huge growth over the next 5 years as organizations get to grips with the many challenges they face.

Secure connectivity in the world of hybrid work is hard

Hybrid work has resulted in a hyper-mobile workforce, where people are using more devices and more applications that are distributed across private, public, and hybrid clouds. This means there is an ever-expanding attack surface for IT teams to protect against. They need a smarter way to control and manage applications and workloads at scale in multi-cloud environments.

Ensuring all endpoints are secure is a major challenge because people are using both employer-owned and personal devices. They are also consuming applications from within and outside of the corporate network. This means more security is needed at the network edge.

In most cases, the security applied for remote workers is different from what is used on-premises, which causes friction for both IT teams and end users. The typical security stack is now much harder to manage, having grown over time into a patchwork of point solutions from many vendors (tool/vendor sprawl). There is more risk for human error, while IT teams lack visibility into network activity due to the growing volume of encrypted traffic.

Operating costs are also on the rise. Security teams need to update policies regularly, while network traffic patterns have changed. The backhaul of traffic to corporate data centers and then forcing it through security appliances before forwarding it on no longer makes sense.

When the IT challenges expand, the user experience suffers

Moving technology and systems out of on-premises data centers and into the cloud paves the way to more agility and resilience but also opens the door to new cyber threats. And as competitive pressure drives technology adoption faster than IT’s ability to manage it effectively, there is a complexity curve that widens the gap between success and failure.

Many organizations fear they are losing control of their apps and data because they are using third-party services. For cloud-native companies, end-point vulnerabilities and a lack of network controls are being exposed during internal and compliance audits.

IT teams say remote workers are harder to secure and are struggling to connect them to company resources. As the number of network connections and end points grows, network admins are compelled to update security policies regularly. This process is labor-intensive and can lead to errors that cause service disruptions, which mean a poor user experience and higher operating costs.

Multicloud and hybrid cloud add more complexity. The cost of dedicated MPLS circuits rises where branch-office traffic is forced through data centers for inspection when users access cloud-based resources. At the same time, the performance of SaaS applications suffers from low-quality Internet and insufficient MPLS bandwidth (due to the cost of upgrades).

IT teams cannot assure network performance and a good user experience when they have only limited visibility across the service delivery chain. And recent events show that VPNs crumble under a high volume of remote workers. Network outages and unwieldy security measures result in a poor application experience and frustration for both IT teams and end users.

SASE at Cisco Live Amsterdam
Figure 1. Sessions at Cisco Live Amsterdam 2023

Put experiences first

Cisco research shows that CIOs and IT leaders recognize the need to enhance their hybrid work experiences and achieve more consistency:

  • 86% say it is important to empower a distributed workforce with seamless access to apps and high-quality collaborative experiences
  • 86% see a consistent operating model that goes across on-premises, private cloud, public cloud, and SaaS as important
  • Two-thirds say they would prefer to work with fewer vendors who offer a well-integrated SASE solution

You need a way to make your IT team’s experience with today’s fragmented infrastructure less complex. This is where Cisco, as the proven and trusted leader in networking and security, is uniquely positioned to help.

Our vision is to simplify IT, so that your organization can connect users securely, seamlessly, and with control to any application or device, over any network, anytime and anywhere they work with a superior experience assured.

Since every journey to SASE is unique, our approach is to meet you where you are today and move you forward to a more unified solution in the future.

Here are the steps you will take:

  • Deploy SD-WAN, a cloud-delivered overlay with built-in application optimization, full security stack, and network intelligence that’s easier to manage and delivers the insights you need to assure the best user experiences in multi-cloud environments.
  • Adopt Zero Trust to close gaps and secure your data at source. Zero trust network access (ZTNA) verifies users’ identities and establishes device trust before granting access to authorized applications.
  • Deploy cloud-native security using a single cloud-delivered service that integrates security capabilities such as secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), and DNS-layer security and delivers top-rated security efficacy to protect against cyber threats.
  • Eliminate blind spots in the digital service delivery chain with end-to-end network path and metrics, isolate application performance issues fast, and correlate network and app issues with Internet routing, internal network devices, and global outage events.
  • Prefer flexible consumption and deployment – enterprise agreements and managed services can reduce your operating costs substantially and allow you to scale up and down, while solutions supporting open standards and APIs assure modularity and speed time to market.

Define your priorities

Your SASE journey begins with your priorities. Starting with what matters most in the context of your digital transformation means you can chart your path forward based on where you are today and what you require.

If cost reduction via network transformation is your priority, then SD-WAN is the best place to begin. It gives you carrier independence, Direct Internet Access (DIA) capabilities, and allows you to centralize policy and gain control of all traffic.

If security is your number one concern, decide if adopting cloud-native security can relieve some pressing challenges. Do you need to secure your roaming workers, your remote sites, or both? Are you experiencing capacity bottlenecks at on-premises security appliances? Are you considering enabling more direct-to-Internet traffic and need to ensure it is secure?

Crucially, it is the convergence of networking and security under a SASE architecture that enables you to achieve superior user experiences – both for your IT team, and your end users. With Cisco SASE, you get:

  • Agile connectivity that is fast and flexible
  • Secure access you can trust across every point of service
  • Seamless management that is simpler and predictive

Refresh and renewal cycles provide the best starting point if you want to achieve a more consistent IT environment by reducing the number of tools and vendors in your footprint.

With standardized policies, shared telemetry, and coordinated alerts across all security and networking components, SASE enables NetOps and SecOps teams to improve IT efficiency, visibility, and protection:

  • More than 40% reduction in opex1
  • Up to 50%performance increase with key apps2 and a 73% Improvement in latency and traffic consistency3
  • 85% of Cisco customers able to cut malware infections by half4

Converging networking and security functions enables you to begin consolidating management consoles, while flexible consumption models mean you only pay for what you use. Here, you will need to decide whether you want to take a single- or multi-vendor approach.

Cisco supports both approaches with the most comprehensive SASE portfolio available from a single vendor. We enable both cloud and on-premises deployments and help your organization to transition to a SASE architecture, your way, at your pace. We do this via modular, customizable, and extensible products, solutions, and services.

What’s more, we are the world’s number one in SD-WAN market share, a leader in Gartner Wan Edge Magic Quadrant, and the industry leader for security efficacy. As the largest cloud-managed security and SD-WAN platform in the industry, we secure all the Fortune 100 and are backed by the world’s largest commercial threat intelligence team (Talos).

 

References:
[1] Future of Technology, Cisco
[2] Future of Technology, Cisco
[3] 2022 Application Security Report, Cybersecurity Insiders, Cisco

Share:

Like this post? Please share to your friends:
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: