SecureTrust Cybersecurity

A CXO's Guide To Secure Access Service Edge (SASE)

To support the business, today and into the future, your network must be built and ready for whatever’s next.

Can Your Network Support
The Digital Business?

The business environment is changing dramatically. Clichés like “the only constant is change” ring true when we think about the challenges facing today’s business leaders.

Here are just a few of the challenges: 

  • Getting products to market quickly. Making early acquisitions.
  • Opening up new locations and regions to seize opportunities.
  • Pushing the right data into the hands of the right people, at the right time and place.
  • Maintaining optimal service for employees, partners, and customers.
  • Responding to emerging threats and reducing risk. 
  • Maintaining privacy and regulatory compliance for 24×7 customers.

By now, we are all aware that technology, processes and people have fuzzied the way, and that creates the foundation for a new kind of digital business. By leveraging emerging technologies like cloud and mobility, a digital business is more dynamic, agile, competitive.

A CXO's Guide To Secure Access Service Edge (SASE)​

Put simply, now more than ever, the business is moving fast about how digital it is. There are many technology pillars that support the digital business. Public cloud services host your data and applications in data centers to represent the cloud. Security solutions detect and prevent cyber threats.

Contents

The Network For The Digital Business

In this document, we will discuss the pillar that connects it all – the network. Specifically, the network’s ability to power and protect the digital business. 

Historically, the network had one main goal: provide availability. Vendors and telcos provided solutions that measured the uptime they provided (the service level agreement or SLA). 

The network focused on the service and security level agreements, measuring the uptime they provided. The cost to business was huge: the network was expensive, rigid and slow to adapt to changing technical and business requirements. 

While uptime remains a critical goal, the lack of adaptability, agility and speed represents an existential threat to the digital business. There is a better way.

Single Vendor SASE Recognized By Gartner

Gartner has recognized the need to transform networking and security for the digital business with the introduction of the Secure Access Service Edge (SASE).

SASE is a blueprint of a new architecture that converges networking, access, and security capabilities into a single global cloud service.

SASE eliminates the complexity, rigidity, and costs associated with the procurement, deployment, and management and numerous point solutions that comprise the enterprise network and security infrastructure.

SASE focus on “convergence” creates an agile, scalable, and elastic platform that can support the business today and in the future. We couldn’t agree more.

How does SASE, and SecureTrust’s implementation it, deliver value to the business?

We provide a short summary below for each stakeholder.

SASE Guide For CEOs

As a CEO, you want to ensure the business delivers the maximum value to customers, employees, and shareholders. How does a great network support this goal?

An affordable, agile, secure and boundless network will allow your business to operate securely and effectively to deliver the value your customers expect.

Jump to benefits:

The network is the glue that securely connects all stake holders to deliver the value your customers expect and to create the growth and profitability outcomes you are working towards.

An affordable, agile, secure and boundless network – will allow your business to operate securely and effectively to deliver the value your customers expect.

Support Growth

When you open up a new region, business location, or a manufacturing facility, you need to quickly and securely connect it to the fabric of the organization to ensure optimal employee productivity and smooth service delivery.

Tip: Get connected “fast” before getting connected “right”.

The ability to connect a new location using any Internet transport, wired or 4G, without waiting for a legacy telco to deploy services (like MPLS) is a way to improve agility and accelerate time-to-impact.

Streamline Productivity

For your sales team to close business or for customer service to support the customers, they need optimal and secure access to many business applications.

As applications move to the cloud, this new critical path must be addressed.

Tip: Optimal cloud access for both offices and mobile users is a key capability.

The cloud is a new entity for many businesses. It changes traffic flows, and security models, and requires new skills. Many legacy technology providers were not built to support the cloud. They often attempt to retrofit their products for the cloud or acquire born-for-the-cloud companies.

Yet, company DNA is hard to change. Consider newer companies, not just for their innovation, but for their ability to create new architectures and business models, specifically built for the cloud era. SASE is the proof, that such innovation is not only essential but is sorely needed.

Reduce Risk​

As your business becomes more distributed, your “attack surface” is expanding. Employees should be protected against threats wherever business is conducted – in the office and on the road.

Tip: Get security that can protect everyone and everywhere.

The inspection of all traffic for threats and data loss is key to reducing risk.

Cloud-based security architectures are better designed to extend security everywhere than branch or datacenter appliances built to protect physical locations.

Remove Constraints

The old network is expensive and bandwidth constrainted. You can no longer afford to have an infrastructure that is an inhibitor to growth, and you also can’t pay the “old prices” to remove these constraints.

Tip: Internet-based connectivity can replace legacy MPLS connectivity for most geographical regions.

MPLS budgets can fund multiple Internet links, at a higher capacity, and a new management technology, SD-WAN, to deliver better-than-MPLS capacity and resiliency.

SASE Guide For CFOs

As a CFO, you want to ensure that the business operates efficiently and securely.

The CFO guides the business to optimal and efficient execution, while mitigating the risks that could derail it. An agile, and boundless network securely connects all stake holders and adapts to changing business conditions.

Jump to benefits:

How does a great network support these goals?

The network is the technical foundation that connects your sales, service, and operations teams together.

As a critical business enabler, companies had been spending a fortune on their networks, with the promise from carriers and vendors of uninterrupted operation.

But is that enough?

Get More Value for Your Network Spend

Old networking technologies, such as MPLS, rely on a provider SLA to ensure predictable performance, uptime, and time-to-fix.

The premium to ensure this SLA is sky high, depriving the business of resources needed to operate optimally.

For example, the high cost of MPLS per megabit, forces organization to procure as little capacity as possible at a time bandwidth demands are rising. And, with all the time-to- fix promises, it is better to have two redundant links than one link (and a “fix” promise).

Tip: You don’t have to stay with your telco for uptime.

Consider two high-capacity Internet links, a 4G backup link, and smart software to deliver a network with higher capacity and better resiliency than MPLS at a much lower cost per megabit.

The redundancy and capacity of this new model will reduce the dependency on human intervention for restoring service to near zero. The new network can work around issues while repairs are being made.

Smoother Business Expansion

When an acquisition is announced, there is a pressing need to merge the acquired company into the company’s business platform.

Working with legacy providers means that the acquired company needs to be retrofitted into their operating model – their connectivity, their security, their processes. This takes a long time, when what you need and want is to move quickly.

Even if you run your own infrastructure, there’s an immediate conflict between the technology stack you use and the one used by the acquired company.

To align, you need to spend heavily in creating infrastructure compatibility. This situation is exacerbated for global mergers, that may extend a regional organization into a global footprint.

Additional technologies are needed to grow a regional network to support a global business.

Tip: Plug the acquisition into the right network architecture.

A SASE service, that is global and cloud-native, allows you to “plug” the acquired company resources –applications, branches, and people, into a common platform that enforces your policies on anyone connecting to your applications and data.

There is no need to change the architecture of the acquired company as it can easily connect to the SASE service.

Mitigate Cyber Risks

The biggest cyber risk for most organizations is skills and resources.

There’s too much data to analyze and too little expertise to apply, so many organizations are finding it difficult to maintain a strong security posture over time.

The results are well publicized breaches and ransomware attacks. Complexity makes the situation worse as it creates multiple opportunities for mistakes, misconfigurations, and other human errors.

Hackers need to find only one.

Tip: Leverage converged prevention and detection as a service.

Cloud-based security offloads significant grunt work from your team so they don’t need to spend time on generic infrastructure maintenance.

Converging multiple security pillars reduces the chance of human error that can be exploited and strengthen prevention. Leveraging detection experts via a managed service addresses the skills shortage challenge.

SASE Guide For CIOs

As a CIO, your main goal is to deliver a cost-effective technology platform that can enable the business to operate optimally, pursue new opportunities, and mitigate risks through strong security posture.

The CIO is a partner of, not just a service provider to, the business. An affordable, agile, secure and boundless network creates the foundation for safe and unrestricted business growth.

Jump to benefits:

Networking and network security spend represents a big part of the overall IT budget. Boosting the network’s ability to support business requirements while optimizing costs will be a huge win.

With that, security, availability and resiliency must be sustained.

How can you advance towards these goals with budget, resources and skills constraints?

Better Network For Less Money

Networking technologies like MPLS include a provider SLA to ensure predictable performance, uptime, and time-to-fix.

The premium to get this SLA is very high, depriving the IT team of significant budget that could be used more efficiently. For example, the high cost of MPLS per megabit, forces IT to procure as little capacity as possible.

This is a critical challenge at a time bandwidth demands are rising due to cloud migration and adoption of cloud-based services.

Tip: You don’t have to stay with MPLS for the SLA.

Consider two high capacity Internet links, a 4G backup link and SD-WAN to deliver network capacity and resiliency that exceeds that of MPLS at a much lower cost per megabit.

The new network model will reduce the dependency on human intervention through provider’s technicians to near zero. The new network can work around issues while repairs are being made.

In addition, WAN optimization appliances, used to maximize precious MPLS bandwidth, are no longer needed further reducing cost and complexity.

Better Agility to Support the Business

IT is often perceived as an inhibitor to the business because adapting IT infrastructure to new requirements takes too long.

For example, acquiring a company requires a complex (and slow) alignment of two incompatible technology architectures. 

Opening up a new location requires a lengthy process of deploying networking services and network security infrastructure from specific providers.

Getting into a new geographical region requires the extension of networking services to support both business locations and users in that region.

Tip: Future-proof your network and security infrastructure with an agile SASE

architecture. You know that in the end you need to deliver network, security, cloud and mobility capabilities at a global scale with the highest levels of performance and resiliency.

This is the driving force behind SASE that advocates the convergence of all these elements into a single cloud service.

If you can “plug” any edge: location, cloud, or mobile user, into a global, network and security platform, you can rapidly adapt to virtually any business requirement.

Strengthen Security In The Face of Skills And Resource Shortage

The biggest cyber risk for most organizations is skills and resources.

There’s too much data to analyze and too little expertise to apply, so many organizations are finding it difficult to maintain a strong security posture over time.

The results are well publicized breaches and ransomware attacks. Complexity makes the situation worse as it creates multiple opportunities for mistakes, misconfigurations, and other human errors.

Hackers need to find only one.

Tip: Leverage converged prevention and detection as a service.

Cloud-based security offloads significant grunt work from your team so they don’t need to spend time on generic infrastructure maintenance.

Converging multiple security pillars reduces the chance of human error that can be exploited and strengthen prevention. Leveraging detection experts via a managed service addresses the skills shortage challenge.

SASE Guide For CISOs

As a CISO, your main goal is to enable the business to securely conduct current business and pursue new opportunities.

The CISO guides the organization so business can be conducted securely without affecting velocity or overloading IT resources and budget. The right network and security architecture can go a long way to achieving that goal.

Jump to benefits:

More often than not, security is perceived as a drag to the business. This is because, the infrastructure, people, and skills needed to deliver on security’s policies and guidance, is difficult to adapt to new business requirements.

How can you guide IT not only with risk mitigation best practices, but the technology characteristics that could enable them?

Enterprise-Grade Security Everywhere

A high risk of exposure exists at the weakest link. A remote branch or a mobile user may not benefit from the same level of protection as a major office or a datacenter.

Legacy security solutions are capacity constrained – a small location may not get the same protection as a big location because the funding may not be available.

Yet, from a risk standpoint, remote locations are even more exposed than bigger ones.

Tip: Use a global security platform, like SASE, to extend maximum protection to all connected users globally.

SASE consolidates the protection engines into the cloud and then deploys them globally enforcing the same policy on all users and locations.

This is a radical shift from the appliance-centric model. Pay close attention to the capabilities and visibility of cloud platforms as some see only part of the traffic (i.e., Internet vs. WAN vs. mobile).

Skills Augmentation Through Managed Services

One of the areas that are most vulnerable for many enterprises is threat detection and response.

The reason is the need to apply ongoing resources to analyze, correlate, and act on the numerous indicators of compromise that are generated by the prevention engines.

Managed detection and response services (MDR) are a good way to address it, but it could come at a significant effort to implement the infrastructure needed to collect and aggregate security information for the service to work.

Tip: Consider a Managed Detection and Response service that is embedded in the prevention layer.

A managed detection and response service leverages skilled security analysts to continuously look at your security events, identify anomalies, verify malware infection, and assist in remediation.

What is less common is MDR service that requires no installation of agents and network appliances to collect the data for analysis.

This is inherently available with a SASE service architecture that serves as the data plane for all WAN and Internet traffic.

Automation To Replace Grunt Work

Poor maintenance of security infrastructure weakens security posture and creates the exposure that allows adversaries to gain a foothold in your network.

Yet, an avalanche of critical vulnerabilities forces your team through a patching drill to close these security gaps.

Often, it’s easier said than done. The need to test and deploy new code builds for a distributed security infrastructure creates significant operational risk and is often avoided as long as possible.

Tip: Leverage security as a service to eliminate maintenance overhead.

Cloud-based security benefits from a global footprint (assuming the service is deployed globally), but also from the provider responsibility to maintain adequate security posture at all time.

Simply put, you don’t need to maintain your security infrastructure, it’s maintained for you. Your team owns the configuration of business-specific policies and troubleshooting, while the provider maintains the platform.

The Way Forward

Networking and security infrastructure is the technology bedrock of any organization. Business leaders often overlook the impact IT architecture has on their ability to drive the business to be more competitive, operate more effectively, and mitigate risks.

This, in a nutshell, is the promise of SASE.

SASE evolved from the realization that enterprises no longer need the “next big security feature”, or the “next big improvement in performance”.

Rather, it is how technology is delivered to serve the business, that will determine the ultimate value it provides to the business. In today’s fast-moving markets, the networking and security architecture must be global, agile, boundless, optimized, and inherently secure.

And, it must be highly autotmated, because resources and skills will remain scarce for the foreseeable future. It’s the business and IT leadership responsibility to make sure that short- term thinking and change aversion don’t deprive the organization of the opportunity to evolve.

To support the business, today and into the future, the network must be built and ready for whatever’s next.

Subscribe to SecureTrust newsletter

Get the week’s best
cybersecurity content.
Sign Up >

Ready To Get Secure?

Reach your security goals with affordable turnkey solutions