Cisco takes aim at supporting SASE

Cisco is embracing the secure-access service edge (SASE) architecture put forth by Gartner with plans to upgrade some of its existing products to reach the goal of delivering access control, security and networking to cloud services.

The enterprise shift to SASE will be gradual as they figure out the best way to connect their increasingly remote workforce to distributed resources delivered from corporate data centers and as cloud services, Cisco says.

“Flexibility will be fundamental as IT chooses among multiple security and networking capabilities that best fit their operations, regulatory requirements, and types of applications,” said Jeff Reed, senior vice president of product, Cisco’s Security Business Group in a blog post. “Security services can be predominantly delivered from the cloud to provide consistent access policies across all types of endpoints. However, globally distributed organizations may need to apply security and routing services differently according to regional requirements.”   

Reed stated that secure access and optimal performance are a must. “The rapid adoption of SD-WAN for connecting to multi-cloud applications provides enterprises with the opportunity to rethink how access and security are managed from campus to cloud to edge,” he stated. “With 60% of organizations expecting the majority of applications to be in the cloud by 2021 and over 50% of the workforce to be operating remotely, new networking and security models such SASE offer a new way to manage the new normal.”

According to Reed, the goal of SASE is to provide secure access to applications and data from on-premises data centers or cloud platforms, with access determined by identities that are defined by combinations of characteristics including individuals, groups, locations, devices, and services.

Service edge refers to global points of presence (PoP), IaaS, or colocation facilities where local traffic from branches and endpoints is secured and forwarded to the appropriate destination without first traveling through corporate data centers. By delivering security and networking services together from the cloud, organizations will be able to securely connect any user or device to any application and optimize user experience, Reed stated.

To support this framework, Cisco said it will increasingly enhance and integrate a number of networking and security products including its SD-WAN software for networking, Umbrella for security and Zero Trust for identity and access. 

Reed wrote:

• “SD-WAN is a cloud-delivered overlay WAN architecture with application optimization to deliver predictable application performance in multi-cloud environments. A full security stack is built in, and offers firewall, IPS/IDS, AMP and URL Filtering. Analytics and Assurance deliver the visibility and insights over any type of connectivity to deliver the best experience.
• “Umbrella unifies secure web gateway, DNS-layer security, firewall, and cloud access security broker features in a single integrated cloud-native platform. Built as a micro-services-based architecture with dozens of points of presence around the world, Umbrella provides the scale and reliability needed to secure today’s remote workforce, all driven by threat intelligence from Cisco Talos.
• “To verify identity and protect access to resources, Cisco’s Duo and Software-Defined Access (SD-Access) enable a zero trust network architecture to be extended anywhere people work. Duo provides workforce protection, while SD-Access protects the workplace. Ultimately, IT is less concerned about where the security functions are implemented and can focus more on the policies that they need to enable throughout the enterprise, Reed stated.”

The disparate ways that security and network services are sold will make it difficult to buy them for the purposes of SASE, he wrote. “Today these technologies typically have separate buying cycles, which may slow SASE adoption. Secondly, licensing structures are different for networking, which are typically throughput-based, versus security services, which are based on protecting a wide variety of users and endpoints.”

Experts agreed that SASE is a process that is only beginning. 

“SASE is definitely a journey not a product, and it won’t be sorted out quickly,” said Lee Doyle principal analyst at Doyle Research and Network World contributor.  “Cisco has embraced the SASE terminology, and the company is uniquely positioned in that it has the strengths in network and security technologies needed to build it out,” Doyle said. 

“They don’t have everything to meet all of the SASE criteria, and they aren’t saying they do but they are well-positioned,” Doyle said. “Putting everything Cisco has together in an integrated, easily consumable fashion for customers will be the next steps.”

Cisco certainly won’t be alone in its SASE quests as VMware, Palo Alto, Fortinet, ZScaler, Cato Networks and others are all marching down the same competitive path.