Avatar

Introduction

Moscow on the Hudson. There’s one scene in that movie that sticks in my mind: Robin Williams in the grocery store buying coffee. Complete paralysis.

So many options. What brand? What flavor? What size? What container? What product? It was all just too overwhelming. And this scene from over 30 years ago still acts as a powerful metaphor.

How many of you feel the same way when it comes to selecting your organization’s way forward in the implementation of Secure Access Service Edge (SASE)? We’re here to help. The purpose of this blog is to provide you with a view into Cisco’s realization of Gartner’s cutting-edge framework that combines WAN capabilities with network security services so you can successfully map your organization’s path to the SASE future you desire.

 

SASE. Described.

Factors such as applications migrating to the cloud and the growth of the remote workforce, are primary drivers of the development of new networking and security models. One such early entrant, SASE, is Gartner’s vision of that new model. Note that SASE isn’t a product, it’s an architectural concept that considers the merger of SD-WAN with Cloud Security.

Gartner’s concept encompasses the granular identification of network users, devices, systems, and location within a Wide Area Network; intelligent secure direct WAN access to applications hosted anywhere (branch/corporate/datacenter), by anyone (corporate/AWS/SaaS); with an unrelenting focus on security. Quoting from Gartner themselves:

“[SASE] is an emerging offering combining comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS and ZTNA) to support the dynamic secure access needs of digital enterprises.”

Source: Gartner, The Future of Network Security Is in the Cloud, Neil MacDonald, Lawrence Orans, et al., 30 August 2019.

It is important to understand that Gartner considers SASE to be a vision of a future secure networking model for enterprises to strive for—it’s not currently a reality from any vendor.

 

Simplifying with a single vendor for SASE

 

Let’s cut to the chase; what differentiates Cisco from virtually any other SASE vendor is this: Inevitably over time, the look, the feel, and the operation of a network supplied by any other vendor will present as a bolt-on, cobbled together mix and match of networking and security models.

Cisco is uniquely positioned to help you avoid that fate because Cisco has acquired, or developed, and then integrated all of the disparate SASE piece-parts into a single whole.

But don’t take our word for it. In addition to the accolades listed in the image to the left, the Cisco SASE offering won the CRN 2020 Tech Innovators Award for Networking and SD-WAN while Cisco Umbrella received the CRN 2020 Tech Innovators Award for best cloud security solution award for reducing complexity, silos and risk. And Gartner itself recognized Cisco as a leader in the SD-WAN Edge segment with a special callout of Cisco Umbrella integration as core strength. Not surprisingly, Cisco SD-WAN is trusted by thousands of companies, and field-proven by over 30,000 enterprises across the Meraki and Viptela products globally.

 

Cisco on SASE

Now insofar as SASE is to be considered a vision of a future secure networking model, don’t think of it as an entirely new solution, but as a seamless, holistic integration of many existing networking and security solutions! Any customer can choose their path to SASE in their own unique journey.

We see SASE as 3 Cs:

  1. Connect: Any user, to any device with any application – in a simple and automated manner. This is Cisco SD-WAN.
  2. Control: By unifying multiple security functions in the cloud and extending control from data center to any cloud. This is Cisco Umbrella.
  3. Converge: Bringing together networking and security functions to deliver faster, secure connections in a flexible consumption model that scales rapidly up or down. This is the integration of Cisco SD-WAN and Cisco Umbrella.

The fourth unofficial C in SASE is Cisco. Cisco provides the secret sauce needed to deliver Gartner’s SASE requirements wherever you are today in your journey. Imagine a network that:

  • features on-demand consumption of networking and security delivered as a service with flexibility on the edge to connect and secure wide variety of users, devices and networks,
  • enables delegation and automation of infrastructure management, and
  • delivers operational efficiencies by simplifying deployment, management, and policy enforcement across all environments via a common, highly reliable, cloud-native platform.

Most importantly, Cisco SASE accomplishes this all using a single subscription SKU: Cisco DNA Premier for SD-WAN and Routing. This is how one consumes Cisco SASE.

 

Single SASE SKU: Cisco DNA Premier for SD-WAN and Routing

The combination of Cisco SD-WAN and Cisco Umbrella in a Cisco DNA Premier subscription for SD-WAN and Routing is the path to Cisco’s SASE solution. The Cisco DNA Premier for SD-WAN and Routing license includes Cisco Umbrella SIG Essentials, a cloud-native solution that unifies multiple security functions in a single cloud service to secure internet access and control cloud app usage across networks, branch offices, and roaming users. Unlike disparate tools, Umbrella unifies:

  • DNS-layer security to block requests before a connection is even established
  • Secure web gateway functionality to log and inspect all web traffic for superior protection and control
  • Cloud access security broker functionality to detect and control cloud app usage reducing risk
  • Cloud-delivered firewall functionality to log and block unwanted outbound traffic using IP, port, protocol and application rules
  • Interactive threat intelligence via console and API for real-time context on threats enabling faster incident investigation and response
  • Cisco SecureX is a cloud-native, built-in platform experience that unifies Cisco’s security portfolio with your existing security infrastructure in a single dashboard enabling automation, and strengthening security across networks, endpoints, and cloud — without replacing current infrastructure.

Rapid deployment of security at scale across your global environments is now possible with just a few clicks on the SD-WAN dashboard. Actual examples include a multi-national organization deploying DNS-layer security to over 100,000 users in just a few hours. Or a financial services organization deploying the full functionality available in Cisco Umbrella in days to hundreds of offices in dozens of regions.

 

Conclusion

The reason that Robin was so paralyzed at the sight of shelves upon shelves and rows upon rows of coffee in the grocery store was simply a lack of context and not knowing whose assistance to enlist to develop that context. Choosing the right global cloud architecture, security and networking service today is key. Trust Cisco to provide you with the SASE context you need and to assist you in streamlining your networking and security operations in the cloud at your own pace. There’s no time like the present, contact your Cisco representative today to begin your journey to SASE.

 

Check out our Intent-Based Networking video channel

 

Subscribe to the Networking blog