Why does Solutel recommend implementing the SASE model in cloud security?

Why does Solutel recommend implementing the SASE model in cloud security?

Why does Solutel recommend implementing the SASE model in cloud security?

We all know that the pandemic has forced millions of people to work from home.Thanks to home broadband Internet access, corporate VPNs, and collaboration tools, we have been able to continue many of our businesses. Users have been able to carry out their work effectively from home. This situation has not been easy for many of the IT departments. IT has had to deploy and support users to enable remote work and the level of difficulty has depended on the network architecture model and services that the organizations had defined at that time. This is where the SASE concept benefits companies.

 

SASE concept

First we define “Secure Access Service Edge” (SASE). It’s a concept outlined by Gartner in a 2019 report that promises to be the pillars of cybersecurity. It is basically a combination of security services that are delivered through the cloud.

SASE is about bringing the security perimeter built around our company to the cloud. What do we get out of this? Bring security to everything and everyone. Give security to all users, give security to all applications and that it can be managed from anywhere.

With this approach, it allows companies to enforce secure access policies no matter where their users, applications or devices are located.

The SASE architecture is a cloud-native platform, providing the enterprise with security processing that was previously done on corporate premises. With this architecture, each location runs an SD-WAN device that carries traffic to the SASE cloud. This traffic is then sent to a local point of presence (POP), where it is analyzed and processed until it is so secure that it can now be forwarded to its final destination. The SASE architecture thus blocks possible attacks with malicious software and lateral attacks, making life more complicated for cybercriminals who seek to insert malicious code into corporate networks.

The benefits of this model are many, the main one being end-to-end security. From the server to the end user, the entire infrastructure is protected against threats that become increasingly plural and diversified. This also facilitates the identification and correction of eventual specific gaps in the infrastructure, something that cannot be done in a service without this degree of flexibility.

 

CISCO SASE Products

Umbrella’s secure Internet gateway (GIS) where all security services are integrated into a single cloud-native software stack. These services include:
1) Cisco SD-WAN for routing and other networking functions used by Umbrella. As previously indicated, the POPs in this case are the nodes at the edge of the network where the SASE services are processed. Cisco has scaled the POPs configured for Umbrella to more effectively manage traffic to the GIS and to firewalls.
2) Domain Name System (DNS) security: Umbrella’s DNS security element provides companies with all the visibility they need on cloud applications and their employees’ use of them.
3) A full proxy secure web gateway (SWG): Scans and neutralizes malware in all files that are uploaded and downloaded to and from the cloud.
4) A firewall that runs in the cloud: It allows visibility of the traffic that passes through both the corporate network and the Internet through all ports and protocols at layer 3 and layer 4.
5) DUO and Zero Trust Access: Zero Trust is a security approach that considers all traffic and all traffic sources as suspicious items by default. Cisco Umbrella is integrated with Duo Security’s Zero Trust technology.

How does CISCO’s SASE security model help businesses?

  • By reducing costs and complexity, using a single platform reduces IT costs and resources and minimizes the number of security products.
  • Providing centralized orchestration and optimization of applications in real time. Increasing the effectiveness of security personnel and the network.
  • Helping to ensure perfect access for users.
  • Enabling more secure mobile and remote access.
  • Restricting access based on the identity of the user, device and application. 
  • Improving security by applying a consistent policy.

Other advantages offered by the SASE model:

  • Flexibility: You can offer security services such as threat prevention, web filtering, DNS security, credential theft prevention, data loss prevention, next-generation firewall policies, and more.
  • Higher performance – easily connect to wherever your resources are.
  • Zero Trust – Complete session protection, regardless of whether a user is on or off the corporate network.
  • Threat Prevention – Full content inspection built in.
  • Data protection: prevent unauthorized access and abuse of confidential data.

In short, SASE helps simplify network cybersecurity management by offering highly customizable policy-based control. It can be tailored to user identity, session context, and application needs for performance and security, and is delivered from the cloud.

Finally, comment that moving to a SASE model will be a gradual process as IT reconsiders how to connect a remote workforce to the distributed information resources they need. There is also likely to be a growing demand for “as a service” procurement models that offer more flexibility. This implies a tactical change and rethinking how to implement IT in a different way that allows a user to have correct security wherever they are.

 

Related news:

What security solutions does Solutel recommend to SMBE?

 

Cisco SecureX unifies the visibility of all your security products

 

Share this post