HITS

Gartner’s “The Future of Network Security Is in the Cloud” report spells out the potential for the transformation of networking and security in the cloud, built upon a new networking and security model called Secure Access Service Edge (SASE), a term coined by the research firm’s security analysts.

The SASE architecture improves cloud security, reduces costs and increases network performance.

Speaking during the SASE & Hybrid Cloud Optimization breakout panel presentation “Gettin’ Sassy about SASE!” May 12 at the annual Hollywood Innovation and Transformation Summit (HITS) Spring event, moderator Adam Slohn, CEO of Dark Fiber Production Technology, noted that SASE is a “combination of sort of meet-in-the-cloud network and security infrastructure with a set of managed services layered on top of it.”

And, “at a really high level, it allows all of your users to access all of your apps… wherever the users are – they can be at home, they can be in a production office, they can be on set, they can be within your own network,” he said during the presentation, which was part of the HITS Advisory Services/Cornax Cloud Alliance series of online events.

The apps “can be anywhere also,” he said, noting “they can be running editorial in the cloud, they can be a website, they can be a SASE app, they can be something you’re hosting in your infrastructure – your private data center.”

Regardless, the “concept around SASE is that it makes it all sort of fluid, seamless and that you’re getting a consistent experience and maximizing both a security and the network throughput around it all – and really having every user have the same experience, no matter what app it is,” he explained.

As an added positive, there is no “buzzkill” of the need to log into a virtual private network (VPN) and not being able to get it to work, requiring one to turn to an alternative like Cloud Access Manager, he said. “It’s stressful enough for the IT people to handle that but, from an end user perspective, it’s kind of a nightmare,” he noted.

On the IT side, SASE requires “a whole lot less work if everything is sort of meeting in the middle because you’re not fighting all the firewalls,” he explained.

SASE can be used to secure and reduce the engineering setup time for work from home or work from anywhere.

There is now no need to grant a “remote user credentials to access a physical firewall that then grants them network-level access on the other side of that firewall – so no Zero Trust, explained Mark Peay, channel director, West Region – SASE (Converged SD-WAN + Security-as-a-Service) evangelist at Tel Aviv, Israel-based Cato Networks.

“In some cases, the user is in Dallas and the firewall is in Seattle and the application they need is in New Jersey [and] that hairpinning causes all kinds of performance degradation and nightmares,” Peay pointed out.

“So if we can localize that experience and deliver that access to the… resources that that user needs from the cloud using a Zero Trust network platform that has behavioral correlation and other AI- or machine learning-based automation behind it so that we’re truly defending that transmission but also optimizing the pathway between the user and the application they need to go to using a hyperloop in the middle, which is a global backbone core, it changes the game for how remote access functions for a lot of these users,” Peay explained.

In the process, instead of granting the user network-level access, the user is being given “very granular, application-level access,” Peay said, noting that is a “new term called software-defined perimeter.”

Today, “most security tools unfortunately don’t benefit users – they’re designed to protect corporate assets, which we want to do obviously [also]; we need to secure and encrypt all those transmissions,” Peay pointed out. “But if we can optimize the experience for the user too, then we get better adoption,” he added.

In some case, users “can’t turn off the VPN if they wanted to with their corporate device, but if you use a bring-your-own device scenario, sometimes they can turn it off – and sometimes when these folks turn the VPN off and they get a better experience… that’s very bad for security obviously,” Peay said. “So if we can make that experience more consistent, more agreeable [and] beneficial… then they have a tendency to want to keep it on, even if it’s their own device,” he noted.

The idea behind SASE is “this notion that, if you deliver an optimized and secured experience at the same time” with multiple features including unified threat management, “you’re able to create a more democratic feel for most users – whether they’re in Singapore, whether they’re in South Africa or Europe or North America – they all are able to participate in the same single instance, with a single policy,” Peay explained. “It’s a very different way of approaching a lot of network optimization and security challenges that a lot of different types of companies have, especially in the media and entertainment space,” he said.

Peay “put the hammer right on the head of the nail,” according to David Nuti, head of channel and alliances at Open Systems. “It’s about putting unified policy and rule set around performance and security without compromise in the path of every user – no matter where they are – to any type of application destination that they’re using,” Nuti said.

There are now platforms that “deliver desired outcomes immediately to enterprise customers rather than the customer having to face their own construction, duct-taping Frankensteining project of 30, 40, 50 point solutions,” Nuti pointed out. “SAS E unifies that security and network intelligence and performance sprawl into a single footprint that, being cloud native, gives you the ultimate in agility to make sure that you can accommodate not only the diversity of remote users but what happens when that user base shifts dramatically and all of a sudden you have 90 percent of workforce working from living rooms, in the driver seat of their car or in a Starbucks,” Nuti said.

It is, after all, “not only about delivering what the users expect in terms of security and performance, but also eliminating… single points of failure, Michael McGrory, senior solutions engineer at Cloudflare, explained. It is about taking “services that used to be in a data center [where] you’re highly reliant on a single VPN to connect to that data center and connect out of that corporate office, [and] shifting that to the cloud [which] makes it a lot more fault tolerant and a lot more highly available,” he said.

“Just because a user is working from home doesn’t mean they have to struggle and fight with all the issues that the legacy solutions offer there,” McGrory added.

To view the entire presentation, click here.

HITS Spring was presented by IBM Security with sponsorship by Genpact, Irdeto, Tata Consultancy Services, Convergent Risks, Equinix, MicroStrategy, Microsoft Azure, Richey May Technology Solutions, Tamr, Whip Media, Eluvio, 5th Kind, LucidLink, Salesforce, Signiant, Zendesk, EIDR, PacketFabric and the Trusted Partner Network.