This post was originally published on this site
This blog was written in collaboration with James Mobley
There’s a growing challenge that many organizations face today: How can network and security teams provide consistent, secure access to applications for an increasingly distributed workforce — without taking on more complexity? This drives the need to rethink the traditional network architecture, and the concept of a secure access service edge (SASE) emerged as a result. Simply put, SASE converges networking and security functions in the cloud.
The concept of SASE is not new for Cisco. For the past three and a half decades, we’ve helped companies around the world build the network that powers their businesses. And we’ve helped those same companies defend against a growing number of cyber threats. Along the way, we’ve innovated to deliver a simpler, more reliable experience. We’re innovating again to bring you a secure network as a service, starting with the cloud edge.
Our vision for SASE
It’s not just about using security and networking products that are delivered from or managed in the cloud — there are thousands of different products that offer this today. Moving to the cloud alone doesn’t solve your complexity problem; it simply shifts your complexity to the cloud. Instead, these networking and security functions need to be completely integrated in a single service.
Cisco’s vision is to deliver seamless, secure access to any application, over any network or cloud, anywhere users work. We do that by combining our best-in-class networking, client connectivity, security, and observability capabilities into a single subscription service. It will be straightforward to procure, easy to set up, and simple to use — all brought together through a single cloud dashboard.
Here are the outcomes you’ll be able to achieve with Cisco:
- Converge networking and security in the cloud with end-to-end observability from the user all the way to applications, over any network and cloud
- Connect and secure access to applications, data, and the internet for remote workers, fixed locations, workloads, and IoT or internet-facing devices
- Optimize performance by ensuring the fastest, most reliable, and secure path to the cloud
- Adopt zero trust network access by verifying the identity of users and the health of their devices to secure access to applications, on a per-session basis
- Quickly pinpoint application and network performance issues to ensure seamless service delivery and the best application experience for users
- Enjoy instant global coverage, with the ability to provision thousands of locations in minutes and scale up and down your level of service, features that you use, and the number of connections in your subscription
- Gain more simplicity, predictability, and intelligence through an as-a-service model
- Make your business more agile by leveraging the cloud to remove complexity from your infrastructure and provide immediate scalability
How we bring our vision to life today
Cisco provides all of the core building blocks of a secure access service edge architecture today, including SD-WAN, remote access, cloud security, zero trust network access, and observability.
Cisco’s SASE architecture secures and optimizes your connectivity so you can deliver the best application experiences. We view observability as a key element to deliver that experience. With the increased reliance on the internet and cloud services, more networks are outside your ownership or direct control. Organizations need to maintain the performance and integrity of the underlying transport, even when they don’t own the infrastructure or control how service providers route traffic. With ThousandEyes, Cisco gives complete visibility from the user to the application over any network and cloud and actionable insight into performance issues so you can quickly identify, remediate, or escalate issues to maintain a good digital experience.
We also continue to rapidly deliver new functionality across our SASE architecture including:
- Data loss prevention: With the addition of data loss prevention in Cisco Umbrella, organizations can see and block sensitive data from being transmitted to unwanted destinations and support compliance mandates. This functionality will be in Limited Availability this quarter.
- Remote browser isolation: Now in Limited Availability in Umbrella, remote browser isolation adds a layer of defense against browser-based attacks without compromising end user experience or burdening IT staff. It isolates web content in a remote surrogate browser in the cloud, so only safe content is rendered to the user.
- Cloud malware detection: This new feature of Umbrella, in Limited Availability, detects and removes malware from cloud-based file storage applications to maintain a malware-free environment. As more organizations move business-critical data to cloud-based applications, they need to ensure that users can access them from unmanaged devices and that those cloud applications are safe.
- New SD-WAN and cloud security integration: Previously, we highlighted integration between Umbrella and SD-WAN powered by Viptela. Now, we’re expanding support to Cisco Meraki MX. This integration speeds the deployment of cloud-native security across distributed locations with simplified Internet Protocol Security (IPSec) tunnel connectivity. For more details on this and other new Umbrella features, check out this blog.
- Expanding Cisco SD-WAN Cloud OnRamp: The release of SD-WAN 17.5 powered by Viptela expands Cisco SD-WAN Cloud OnRamp for predictable and secure application experiences. Cisco already provides more integrations across the major IaaS and SaaS providers than any other vendor and now adds more cloud services including Google Cloud, Megaport and AWS. In addition, Meraki MX further extends SD-WAN connectivity from branch sites to resources in public cloud environments such as AWS, Azure and Alibaba Cloud.
- Passwordless authentication: Duo will soon enable organizations to authenticate without passwords. Available for public preview this summer, passwordless authentication is a key building block to enable zero trust security for the workforce. The technology verifies user trust, in a more user-friendly, simplified and secure way. Check out this blog to learn more.
- New Cisco DevNet SASE Developer Center: Our SASE architecture has APIs that allow developers and partners to automate DevOps and IT Ops workflows and build customized integrations and applications for your business. The new DevNet SASE Developer Center has resources to help your teams get hands-on with Cisco APIs through DevNet sandboxes, learning content, and automation use cases with sample code.
New, expanded Cisco SASE offer
We now make it easier than ever to begin your journey with our new SASE offer. This offer, which will be orderable in May 2021, allows you to purchase and start using the core SASE components (cloud security, zero trust network access, SD-WAN, and observability) immediately, with the ability to transition to a single subscription service in the future. It’s designed with promotional pricing and gives you investment protection if you choose to transition to the full as-a-service model in the future.
We recognize you need flexibility when determining how a SASE architecture fits into your environment. There are many investments you’ve already made in your existing infrastructure, and you have different architectures and business goals that need to be considered. Cisco can help bridge your journey to SASE from wherever you are.
Join these Cisco Live sessions to learn more
We’ll be talking more about Cisco’s SASE architecture this week at Cisco Live, so be sure to check out these sessions to learn more:
Innovation Talk: SASE, Network as a Service, and Your Onramp to the Cloud – DLBINT-40
Solution overview: How Cisco Enables Secure, High Performance Networking with a Unique SASE Approach – PSOSEC-1015
Technical session (All-Access pass required): The Future of Network Security is in the Cloud with Cisco SASE! – BRKSEC-2415