Posts Tagged ‘SASE’

Looking for the Best SASE Recipe?

miniature shopping cart on green background with SASE ingredients card attached

When you’re cooking up a new recipe, chances are you’re going to head off to the shop for the ingredients. If you’re lucky, the planets will align and your local supermarket will stock them all. On the other hand, you’ve probably experienced the frustration of realizing that you’ll need to make multiple stops to get everything you need.

Infographic SASE recipe recap

Don’t compromise

Cooking analogies aside, it’s important to note the significance of a Secure Access Service Edge (SASE) solution provided by a single vendor. Consolidation of networking and security is a central principle of SASE that simplifies the delivery of consistent security and quality of experience (QoE), and delivers valuable other benefits, such as:

  • Reduction in complexity and costs
  • End-to-end observability from a device all the way to the application server it’s accessing and everywhere in between—including the internet
  • Agility to adopt new digital business models

Compromising on consolidation will reduce the technical effectiveness of a SASE solution as well as diminish its overall impact. It stands to reason that an effective SASE solution that is truly consolidated can only be provided by a single vendor.

As I discussed in my previous blog post, a complete SASE solution is technically not available yet. However, there is a “supermarket” where all the ingredients are readily available today, and they are all of the highest, market-leading quality—Cisco. This didn’t happen by chance. For the past 36 years, Cisco has worked with hundreds of thousands of companies to build the network that powers their business. Over the years, we’ve also worked closely with those same companies to bring products and solutions to market that will help them succeed tomorrow, and the acquisition of Meraki is an example of Cisco’s forward-looking technology planning.

The art of consolidation

Cisco Meraki plays a pivotal role in the Cisco SASE solution. Meraki has already converged SD-WAN, networking, security, (and even IoT) onto one platform. Not just any platform though—one that has been at the vanguard of the industry since day one, built on a foundation of over a decade’s worth of experience, meticulously building and honing the industry’s most trusted cloud platform.

Compared to the market at large, the Meraki platform enables the most complete and best-in-class SASE solution available:

SASE infographic

Start your SASE journey today—with Meraki

Wherever your starting point may be, the Meraki platform takes complexity out of every step of your SASE journey with open APIs for seamless integration across Cisco technologies and third-party systems. Experience SASE first-hand with a free trial of the Meraki MX Security & SD-WAN appliances. Boasting a powerful punch, highlights of the MX appliances include:

  • SD-WAN with advanced analytics that monitor and allow QoE remediation at-a-glance
  • Integration with best-in-class cloud security stack with Cisco Umbrella
  • Integrated on-premises unified threat management (UTM)
  • True zero-touch provisioning and management through a web interface or API

Our vision is to deliver best-in-class security and experience for any workload, from anywhere, in the simplest way imaginable. Sounds… quite SASE.

Tags:
Posted in Company Blog | Comments Off on Looking for the Best SASE Recipe?

A Candid Guide to SASE

Man in tie and glasses looking at smart phone

Everyone is seemingly talking about it. Some aspire to be it. Some even claim they are it. Some are already fed up with it. A lot, however, are confused by what it is and what to think about it. Let’s take a straightforward and pragmatic look at SASE.

The core functional elements of SASE are not new. As I covered in my previous blog post, the market transitions making a SASE architecture an increasingly compelling proposition have actually been playing out for the better part of a decade.

A recap of what it is

SASE, short for secure access service edge and pronounced “sassy,” is a label for a consolidated architectural solution that provides effective and homogenous levels of security and experience for users from anywhere (i.e. the office, home, coffee shop, etc.) on any device.

Even more simply put, if SASE had a mission statement, it would be to deliver consistent security and quality of experience (QoE) for end users, no matter their location. 

In order to accomplish this, SASE describes an architecture which converges networking and network security functions and shifts them towards an as-a-service (aaS) cloud edge model:

  • Networking for QoE
    The most widely cited technology here is SD-WAN, but of course the LAN also plays a role in QoE too
  • Security for… security
    Security is a complex beast and not a singular entity but instead a stack of security technologies such as firewall, secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), etc.
  • As-a-service cloud edge model for consistency

Infographic, network, security, and PoP

What is an as-a-service cloud edge model?

To deliver consistency, SASE proposes a consumption of its core technologies as-a-service by leveraging a global network of cloud points of presence (PoP). In this way, no matter where in the world end users are, they can connect to their nearest (and least latent) local PoP, and seamlessly have consistent networking and security functions applied as a service, en-route to their multi-cloud or on-premises workloads. 

We’re sold. We’ll have one SASE please.

Here’s where things get a little grey. Currently a complete SASE solution is like a fully autonomous car as-service; a lot of the individual technologies are available but have yet to be fully integrated so you can summon the nearest available self-driving vehicle to your doorstep. Consolidating the technologies within SASE to leverage a shared network of global PoPs and deliver them aaS will arguably be the biggest transformation for most enterprises and vendors. Consequently, moving SASE capabilities to an aaS cloud edge will be a multifaceted journey for enterprises and technology vendors.

The enterprise organization journey

Assuming, as an organization, you see value in the SASE architecture, implementation will most certainly be a journey that will evolve over time. There are multiple factors that will influence how much of the SASE architecture enterprises choose to implement and when:

  • Existing infrastructure and any related managed service contracts
  • Geography—as with other cloud technologies, there are regional limitations that can impact availability
  • Size of organization—the larger the organization, the more likely it is to have a complex existing IT infrastructure and change process
  • Industry, especially regulated ones with compliance requirements such as HIPAA, FIPS, etc.
  • Corporate IT investment strategy—does your organization believe in SASE and are they willing to invest in it
  • SASE technology maturation and availability

The technology journey

This will vary for technology vendors based on their starting point and the number of SASE puzzle pieces they’re missing: 

  • Networking
  • Security
  • Consolidation of the two technologies
  • An as-a-service cloud edge model

This might seem straightforward, but just consolidating the two powerhouses of networking and security, and doing it well, cannot be underestimated. For almost all vendors, the journey will involve either in-house development, acquisition, partnership with another vendor, or perhaps even a combination of all three. 

If only there was a vendor that is an outright leader in SD-WAN and networking and also has a best-in-class suite of as-a-service cloud security technologies… 

More on that next time. Until then, stay SASE.

A Prequel to SASE

Woman with glasses looking at large computer display

For the past year or more, the transition to hybrid work has been forcibly turbo-charged, and it has brought into sharp focus the challenges enterprises face around how to achieve this goal while maintaining consistent security and performance. 

The transition to multi-cloud

Over the past few years, organizations have been shifting workloads and apps from their data centers to multi-cloud environments. For many organizations, most of their critical traffic is now internet-based, but their continued reliance on data centers—at the heart of traditional backhauled architectures—creates an unnecessary intermediary from a performance perspective. For end users at branch and remote locations, the result is poor quality of experience (QoE) for critical cloud-based workloads and apps that are forced to take a longer route. 

Naturally, a solution to improve QoE would be to allow internet-based traffic to bypass the data center altogether with direct internet access (DIA). But what about security? It’s precisely for this reason that many organizations stuck with (and some still do) the traditional hub-and-spoke architecture because of the enterprise security measures in place at the data center. 

In parallel but still related, IT professionals have continued to deploy technologies to upgrade infrastructure and/or support new digital initiatives. There are many, often complicated, reasons why but ultimately, most IT organizations run an infrastructure made up of multiple vendors’ technologies. With each added vendor, an IT team’s maintenance, management, and security workload increases. Multi-vendor environments are inevitably siloed with often-complex integrations that yield limited visibility at best. Generally, the only real way to identify a user experiencing poor performance is via each user’s helpdesk ticket.

Fundamentally, this type of complex environment is brittle and slow when challenged to change quickly. 

The pandemic amplified everything

The gradual transition to a hybrid workforce happened overnight. IT teams suddenly found themselves supporting users spread across as many locations as there were users. 

In addition to simply getting employees connected to the resources they needed, there was the gargantuan challenge of replicating data center or branch security measures outside of those locations. Followed closely after security is QoE—how can IT maximize the performance of critical employee workloads and apps outside the office’s SD-WAN environment? 

According to a study by Freeform Dynamics, demand for a streamlined, singular QoE will become paramount, and it looks like this need won’t end with remote work set to continue in some form. A Gartner survey found that 90% of respondents expect to continue allowing remote work, at least part-time, even after most people have been vaccinated against COVID-19. 

SASE

The journey from here

The ultimate problem that IT organizations are being asked to solve for over the long-term is achieving consistency for security and QoE regardless of an end-user’s location. 

This is where SASE comes in, since it looks to deliver exactly this. 

SASE, short for Secure Access Service Edge, and pronounced “sassy,” is a label for a consolidated architectural solution that provides effective and homogenous levels of security and experience for users from anywhere (i.e. the office, home, coffee shop, etc.) on any device. In order to achieve this, SASE proposes the convergence of networking and network security functions and their shift toward an as-a-service cloud edge model.

This architecture will be a true journey for enterprises, partners, and vendors that will evolve over time. There are multiple factors that will influence how much of the SASE architecture enterprises choose to implement and when.

Listen on demand as Imran discusses what’s next for SASE on the Meraki Unboxed Podcast, available March 10th.