Blog by Robert Tang, courtesy of Cisco.
These are times of unprecedented change for organizations. Employees are working anywhere, whether that be remotely at home, on the go, at the branch or campus offices. The provisioning of remote workforce and branch connectivity at scale creates significant complexity across IT, security, and networking teams. This expanded access requirement also magnifies security threat vectors. The fact that employees now require secure access everywhere compel security services to be everywhere too.
SASE is a network architecture that combines SD-WAN capabilities with cloud-native security functions. SASE helps organizations to simplify and scale secure connectivity for a distributed workforce. Yet, transitioning an existing network into a SASE architecture is a journey, where organizations must take into consideration overall business goals, architecture prerequisites, and licensing requirements.
At Cisco we have taken an integrated approach, the three C’s, to help organizations navigate their SASE journey.
First, the requirement for connectivity, linking users to the applications and data they need to access. Second, control is required for protecting employees from threats wherever they are and ensuring the right access to applications and data. Finally, providing the ability to converge networking and security together for secure connectivity, as a service, in an integrated manner.
Now, let’s take a closer look to connectivity. SASE, like any network architecture, faces the same basic networking connectivity challenges that we have always faced. For instance, how do you deliver mission-critical applications to the right users? How do you manage your traffic in the most frictionless way possible with the highest availability? Moreover, how to you ensure seamless access to multi-cloud applications and IaaS?
Cisco SD-WAN powered by Viptela or Meraki is 100% cloud-managed. Installation, provisioning, and management are entirely automated that scale easily from small to tens of thousands of deployments. Micro-segmentation and policy-based routing dynamically select the best route, thereby ensuring consistent, predictable performance. Multi-cloud integration provides secure access to any cloud applications and the world’s leading cloud providers, including Microsoft Azure, AWS, and Google Cloud. Full-stack security capabilities secure your connectivity either on the premise or via the cloud.
The control imperative revolves around cloud-delivered security and policy enforcements across network and users. A cloud-delivered service is critical as it provides the flexibility and agility for complex distributed deployments.
The cloud-delivered Cisco Umbrella simplifies the delivery of protection to users anywhere they access network and cloud applications. Powered by a global network and Cisco Talos threat intelligence, Cisco Umbrella integrates multiple security functions that flexibly addresses different security requirements. For organizations with a large footprint of remote employees, zero trust network access (ZTNA) prevents unauthorized access, contains breaches, and limits an attacker’s lateral movement on your network. For other organizations, this means DNS-layer security giving a first line of defense against threats before they reach network endpoints. While for others, they start with DNS and expand to the secure web gateway (SWG) or cloud-delivered firewall (FWaaS) for deeper inspection and control of web and non-web application traffic. Cloud access security broker (CASB) protects against account compromises, breaches, and other major risks for those organizations leveraging cloud application ecosystem.
And last, our third ‘C’ is converge, where we bring together networking and security that meets multi-cloud demands at scale.
Cisco is taking a platform approach to SASE by seamlessly integrating Cisco SD-WAN powered by Viptela and Meraki and with Cisco Umbrella. This helps organizations to eliminate complexity while leveraging the cloud for a seamless secure connection experience. An organization can easily scale up and out, while protecting existing investments with a simple licensing model.
With the breadth and depth of networking and security portfolio, Cisco can help you accelerate your journey to a SASE architecture where and when it’s needed, in a secure and agile manner.