November 23, 2021

Data#3 and Cisco Present Ask the Expert: Cisco SASE

To provide secure, consistent access wherever users and applications reside, the enterprise needs to now treat each user as an “individual branch,” without the additional IT spend and workforce that’s needed for that mammoth task.

Cue Cisco SASE; a simpler, more scalable method bringing network and security functions closer to users and devices, so users can connect securely and efficiently.

Join our panel of security experts from Cisco and Data#3 in this interactive Q&A as they discuss:

  • Perimeter-based security shifting to identity-based security
  • Cisco end-to-end SASE architecture and security integrations
  • The future of Cisco SASE

Questions from the Webinar

“Why are we talking about SASE?”

As many industries experience disruptions and move to the cloud, and users become more decentralised, organisations are put under more pressure to be able to deliver the same sort of networking capabilities in a more efficient way. This was, quite obviously, accelerated by the COVID-19 pandemic, when many businesses were forced to move to remote working frameworks.

“What are the problems that SASE is attempting to solve?”

  • Connecting users from anywhere to their applications
  • Protecting against evolving threat vectors and attack surfaces
  • Delivering continued high quality user experience in smarter ways

“What is Secure Access Service Edge (SASE)?”

At its most basic level, SASE is simply about the control and security of users. This applies to remote sites, branch offices and for some customers their head offices as well. SASE is less of a solution and more of an architecture or journey. It is a suite of products as well as a method of approaching problems in a way that works for your organisation.

“What components make up SASE?”

  • Secure web gateway
  • CASB
  • FWaaS (Firewall as a Service)
  • SD-WAN
  • Zero Trust Network Access
  • Observability

“What impact does SASE have?”

  • Market Impact – It’s estimated that 60% of organisations will have a SASE strategy implemented by 2025.
  • User Impact – With SASE, users are given a much more streamlined experience without the use of tedious security strategies such as VPNs.
  • Operational Impact – Touch points are reduced for users with SASE, making operational management easier.
  • Financial Impact – SASE provides one solution under the same umbrella, reducing the number of vendors and licensing agreements.

“Are VPNs and other legacy technologies being made obsolete by SASE?”

No. Some legacy technologies may be re-prioritised, but they will not disappear, and many that are currently deployed will continue to serve their intended purpose. SASE’s goal is to change the way a lot of these technologies are delivered, as opposed to replacing them entirely. On the user front, it’s expected that a convergence of zero trust network access and VPNs will occur with the aim of making the user experience more simplified and secure. The technologies won’t go away but will change and evolve depending on each organisation’s needs.

“How does SASE improve security without sacrificing network traffic and latency?”

SASE is not designed to weaken the security posture of customers, but instead change the way it’s deployed to make it more manageable for security teams. Its main goal is to not remove any existing functionality, and instead improve on traditional frameworks.

“How do firewalls function within SASE?”

Some form of firewall functionality is still required in any security solution. SASE solutions may elect to put the firewall on-premises or in the cloud, and the only difference between the two options from a security standpoint is their focus. For example, a user-based firewall at an organisation’s head office would be focused on the user experience and ensuring all staff have secure access to the internet. It’s not the functionality of firewalls that is changing with SASE, but the manageability of firewall policy.

“Can SASE protect any user, device or location, and does it support any app?”

Yes. Many pre-existing technologies that protected users in browsers and applications have been brought forward into new SASE solutions. The only functionalities that have potentially been removed are ones that were not providing a useful solution for organisations in the past; the rest have been retained or improved. SASE is an architecture and can absolutely accommodate all use cases no matter the users, devices, apps or locations.

“How many security defences are cloud native versus hosted in the cloud, and does it matter?”

Cloud native traditionally means that a product is run as an as-a-service type offering; it’s not necessarily something that’s installed on a server or in the cloud. Some SASE solutions are cloud native, and some aren’t. One option is not necessarily better than the other. Ultimately, it’s more important that the solution meets the performance, availability and security requirements of the organisation, and these will be different for every user case. Cloud native does have advantages in that it provides greater scalability but the decision of how to deploy the SASE security solutions is up to each organisation.

“How does licensing work for SASE?”

The SASE licensing is component based (see above for full component list). Any of the SASE solutions can be pieced together under the one operational licensing model, which is a bonus of SASE. There are other bundling and enterprise licensing options as well.

“Should SASE be top of mind for CIOs and CISOs?”

All businesses are digital these days in some way. Organisations need to look at both security and connectivity, and SASE is the foundational architecture for that. It has many benefits that make it a critical security solution framework moving forward.

Free Demo

Has this interactive Q&A sparked your interest in the Cisco SASE solution? Speak to a Data#3 Security Specialist!