Interest and investment in Secure Access Service Edge (SASE) is booming right now. As more organisations look to move to a SASE model, we explain what SASE is, why it’s being adopted and how Cisco’s portfolio enables a SASE approach for organisations.
What is SASE?
SASE is a network architecture that combines VPN and SD-WAN capabilities with cloud-native security functions, such as secure web gateways, cloud access security brokers, firewalls and zero-trust network access. These functions are delivered from the cloud and provided as a service.
Gartner coined the term SASE in 2019 to define a new approach to networking and security, prompted by the rise of remote workers and the growing shift of company data and infrastructure into the cloud.
SASE offers an alternative to traditional data center-oriented security. It unifies networking and security services into a cloud-delivered service to provide access and security from edge to edge — including the data center, remote offices, roaming users, and beyond.
What’s the opportunity?
There’s a lot of momentum in the market. Gartner predicts that global spending on SASE will grow at a 36% CAGR between 2020 and 2025, far outpacing global spending on information security and risk management1. It’s easy to see where this growth will come from with 76% of organisations looking for multifunction cloud security services2.
Why the need for a new approach?
In short, network traffic has changed dramatically. Ten years ago, the majority of applications were at the data center or the headquarters of an organisation. Most of the traffic back and forth on the network was from branches or mobile users (say 80%), with relatively light internet traffic (say 20%). Networking and security infrastructure was set up to reflect that pattern. Effectively, there was a perimeter to protect the internal environment. Over the past seven years, cloud adoption has accelerated and data has grown significantly. There’s now far more traffic to the internet, with organisations using IaaS and SaaS, and hosting more applications in the cloud. The type of traffic has also changed, with more video, collaboration applications and conferences - all of which are sensitive to performance issues. Routing internet-bound traffic through the data center to apply security was no longer effective. Networking and security had to evolve to enable direct internet access and apply security at the cloud edge.
Evolving to SASE with Cisco
There are a few elements to unpack within SASE to fully understand what’s involved. Here’s an excellent explanation, courtesy of Cisco’s Jeff Reed, SVP of Product, Security Business Group.
“The goal of SASE is to provide secure access to applications and data from the data center or cloud platforms like Azure, AWS, Google Cloud and SaaS providers based on identities—specific individuals, groups of people at certain office locations, devices, IoT, even services. Service edge refers to global point of presence (PoP), IaaS, or colocation facilities where local traffic from branches and endpoints is secured and forwarded to the appropriate destination without first travelling to data center focal points. By delivering security and networking services together from the cloud, organizations will be able to securely connect any user or device to any application with the best experience.”
The advantages for organisations
The SASE model consolidates multiple networking and security functions into a single, integrated cloud service, reducing costs and complexity. IT and security teams can take advantage of centralised orchestration and real-time application optimisation. It becomes easier to enable secure, seamless access for users anywhere, with security policies applied consistently across the network.
How Cisco delivers SASE
There are three components of the SASE model.
- SD-WAN
- Cloud security
- Zero trust network access
Cisco SD-WAN is a cloud-delivered, overlay WAN architecture that provides the building blocks for cloud transformation at enterprises. It helps ensure a predictable user experience for applications and provides a seamless multicloud architecture while integrating robust, best-in-class security.
Cloud security is a set of technologies and applications that are delivered from the cloud to defend against threats and enforce user, data, and application policies. It improves security management by extending controls to devices, remote users and distributed locations anywhere in minutes.
Zero trust network access verifies users' identities and establishes device trust before granting them access to authorised applications. It helps organisations prevent unauthorised access, contain breaches, and limit an attacker's lateral movement on your network.
These are foundational capabilities that Cisco has been developing extensively for many years. Today, more than 20,000 organisations have begun the journey to SASE by deploying Cisco SD-WAN and more than 22,000 have deployed Cisco Umbrella’s cloud security services.
A journey needs a roadmap
Figuring out the best approach for network security can be tricky for organisations. Which technology should they adopt? Will it fulfil its promise to reduce complexity and improve speed and agility? Will it close gaps in security and ultimately provide better protection for the network? This is where the opportunity lies for partners working with Cisco and Ingram Micro. You can become a trusted advisor to customers, helping them define their roadmap to SASE and guiding them through implementation. We make this simple by giving you access to pre-sales, solution architects and the Cisco team to support you in creating the solution your customers need. For more information about SASE opportunities with Cisco, please get in touch.
Sources:
1 https://venturebeat.com/security/2022-cybersecurity-forecasts-predict-growth-emphasizing-resilience
2 https://umbrella.cisco.com/secure-access-service-edge-sase