Part 4 of the six-part series – The 2023 Global Networking Trends Report series
The next generation of enterprise architecture has arrived. Organizations are moving away from a complex patchwork of best-of-breed point solutions to a single-vendor strategy for a more consistent, secure networking platform that allows their distributed workforce to access hybrid cloud and multicloud applications more efficiently, reliably, and securely.
In recent years, the software-defined WAN (SD-WAN) has been favored for its ability to enhance network performance, optimize connectivity, and provide centralized policy control and management. Thanks to advanced traffic management and optimization techniques, SD-WAN enables IT teams to provide users with a more seamless and predictable experience anywhere they work.
As for securing those experiences, 59% of respondents to our 2023 Global Networking Trends Report said their top cloud-access networking priority over the next two years is to centralize security in the cloud to provide a consistent policy across users and devices located anywhere. That requires security service edge (SSE), an overlay of protective services for the web, cloud services, and private applications.
Gartner predicts that by 2026, 85% of organizations looking for a cloud access security broker (CASB), secure web gateway (SWG), or zero trust network access (ZTNA) will obtain these from a converged solution rather than from separate vendors. Here is a look at why cloud-enforced and converged security with an SSE platform is so effective, along with a look at the different types of SSE offerings companies can deploy today.
Complexity is the enemy of great experiences
Once, organizations had workforces in one office location or a headquarters with maybe a few satellite locations. Secure access to business-critical applications was easily monitored, managed, and enforced.
Two decades into the 21st century and one pandemic later, that ship has sailed. Exceptional experiences, anywhere, anytime, on any device, are expected. Providing security from application to endpoint, however, has proven to be extremely challenging as workers, applications, networks, clouds, and security solutions extend far beyond traditional office walls and data centers.
Security policies used for remote workers, for example, SD-WAN and a secure access service edge (SASE) model with SSE, are underway. You can see how organizations regard this transition in our 2023 Global Networking Trends Report, as shown in Figure 1 with a two-year trend showing an evolution in providing secure access.
Figure 1. How organizations are planning to support user access to cloud-based applications over the next two years
Finding your way to SSE and SASE
SASE is designed specifically to support the types of hybrid working models we are seeing today, where people, places, and things (such as Internet of Things and operational technology initiatives) are now highly distributed. SASE includes a set of services that describe network and security requirements for quality of experience—including access policies, performance and availability metrics associated with a network, and interaction with edge endpoints. SD-WAN plus SSE equals a SASE framework (see Figure 2).
Figure 2. A cloud-enforced SSE is one half of a comprehensive SASE architecture
Today, SASE architectures come in two major varieties: modular and unified. IT departments with separate NetOps and SecOps teams may want to go the modular route, which offers a converged cloud security SSE solution with a single dashboard (unified policies, single agent, and single SLAs), integrated with an SD-WAN solution with its own dashboard. In a modular approach, these SSE and SD-WAN solutions are single- or multi-vendor solutions. However, single-vendor solutions are advised to allow for simpler integration and management and less security risk.
Taking the single-vendor route a step further, another option is a unified SASE solution with fully converged SSE and SD-WAN managed through a unified dashboard for common policy services and controls.
According to a recent article in Forbes, Gartner predicts that by 2026, 65% of organizations will have consolidated individual components of SASE into a solution delivered by one or two vendors. In the same article, Gartner also predicts 50% of new SD-WAN purchases will be based on a single-vendor solution.
How organizations are approaching SSE and SASE today
Here are the top options I’m seeing customers pursuing:
Organizations are adding SSE to their SD-WANs—evolving from centralized, point security solutions to cloud-enforced security.
We are seeing this especially among our customers with branch offices, adding SSE to their SD-WANs to enhance their security postures. Some organizations may have some of the components of SSE already, like next-generation firewalls. But a full SSE―especially where all pieces are integrated into a single vendor offering―delivers benefits like the zero-trust model in ZTNA to protect against internal and external threats, gain end-to-end visibility, and improve user and IT experience.
Organizations are adding SSE to move from VPN logins to a ZTNA environment.
ZTNA within SSE provides a security model where users and devices are granted access to the specific applications and resources they need to avoid over-privilege and the risks from lateral movement. Cisco provides a modern approach to ZTNA that enables least-privileged access to all application types in a “no-friction” format that delivers a more seamless user experience and simplified IT management. Innovative support for both new and traditional protocols, as well as continuous posture checking and user experience insights, help to mitigate risk while improving end-user productivity.
Organizations are adding SSE to shrink the architectures and WAN backbones of their branches and single offices.
A small office in a strip mall has different needs than a manufacturing plant. Small offices do not need expensive Multiprotocol Label Switching (MPLS) WAN backbones. They can use internet fiber, 5G, or broadband—plus SSE for security, including ZTNA. Branch locations, on the other hand, are more likely to need an MPLS backbone to ensure the organization’s WAN has the bandwidth to support a wide range of data transport technologies.
Cloud-enforced security in action
One of the largest universities in Australia, Deakin University, has up to 100,000 devices and users connecting to its network each day. By moving to a cloud-enforced security environment, Deakin consolidated cloud, endpoint, email, and firewall security into an integrated platform with end-to-end visibility. The new security posture reduced investigation and response times from weeks to minutes.
Marine Credit Union, which serves 90,000 member employees of Mercury Marine, a Wisconsin-based manufacturer of outboard motors, shows the benefits that can be achieved with an enterprise-wide, cloud-based security solution. The small IT team deployed cloud-enforced, integrated security features to provide cloud security, endpoint security, firewall, malware analytics, and detection and response. Marine Credit Union said this approach has made management much easier and contributed to consistently great, secure experiences for member users.
Secure and seamless user experiences are possible—with anywhere access and tight security controls—thanks to a cloud-enforced SSE. How do you choose one? Start by considering the benefits of SSE with tightly integrated solutions from a single, leading vendor. Partnering with the right vendor enables you to create a more consistent and efficient secure networking platform over time, and to protect your people, places, and things, wherever they are.
Watch the Global Networking Trends on-demand webinar:
Download the 2023 Global Networking Trends Report