When traditional IT protection isn’t enough, SASE comes to the rescue

The corporate IT environment has changed radically in recent years. The cloud boom and the transition of many employees into a hybrid working mode are fundamentally changing the way users connect to the corporate network, consume data, and use applications. Ensuring cybersecurity in a highly decentralized environment requires a new philosophy and security architecture. The right answer lies in four letters: SASE.

Get closer to your users

SASE – Secure Access Service Edge – is a security response to a situation where the vast majority of corporate traffic moves over the internet. Public clouds are growing in importance and are used to run applications and store corporate data. Businesses use several SaaS services (including Office 365) that are also cloud-based. There has also been a significant increase in the number of employees working from home from their private or company devices. Add to this the situation where companies have a head office and a network of branch offices with a separate infrastructure. If you try to secure such busy traffic by routing it all through your central corporate firewall, you will run into capacity issues.

SASE brings security closer to users. On its way, security follows people and data. Two core parts of the SASE concept are contained in its name: “Secure Access’’ refers to connection security, whereas “Service Edge” refers to the security perimeter moving closer to the user.

SASE as a kit

In terms of technology, SASE includes several key components that build on or complement each other:

• Software-defined WAN (SD WAN) is a solution in which network management is virtualized and decoupled from physical components. WAN virtualization can easily improve the stability, security, and performance of individual applications, even if they live in a private data centre or use public cloud infrastructure. It makes it easy to set priorities or security policies for your company’s data traffic.
• Firewall as a Service (FWaaS) is a cloud-based service for advanced protection across an entire organization (including remote branch offices) which is primarily focused on cloud applications.
• The Secure Web Gateway (SWG) helps establish and secure employee connections to the public internet, such as websites or cloud-based web applications that are not part of the company’s official list of SaaS services in use.
• The Cloud Access Security Broker (CASB) is used to secure connections to SaaS applications such as Office 365 or Salesforce.
• The Domain Name System (DNS) is a DNS query-level inspection.
• Data Loss Prevention (DLP) is a technology for protecting data and information from unauthorized misuse and disclosure.

Soitron helps its customers cover the security aspects of SASE with Cisco products. Cisco is one of the few companies in the world capable of servicing SASE in its entirety.

“For most companies, it doesn’t make sense to try to implement all the components of SASE quickly and at once. Moreover, very often they already have some component of the architecture implemented in their infrastructure. The beauty of SASE lies in the fact that it is a composition of several components that the customer can gradually set up and launch. The customer uses them as a cloud service and therefore does not need to invest in any hardware.”

#CiscoExpertTip by Cisco security expert Milan Habrcetl

How to jump into SASE

SASE is not some unified “box” that is identical for every company and every situation. Every business is unique, and therefore there is no single right way to implement SASE. For example, there are many cases where the existing infrastructure can partially be used. Cisco surveys show that about 17% of companies globally do not have the components in their infrastructure that are needed to deploy SASE. However, other customers can already take advantage of things such as SD WAN or cloud security components. The whole SASE architecture can be built up gradually and more elements can be added to the system later on.

“Analyse what elements you already have in your infrastructure, what hardware you have available, and what licences you own. Formulate a medium-term security strategy that identifies the desired level of security for your company in three or more years and gradually implement that strategy. Above all, choose the right partner because, as a part of the overall Zero Trust concept, SASE deployment is quite complex in terms of implementation,” says Petr Kocmich from Soitron.

Experience from seven European markets

Soitron guides its customers through the pitfalls of implementing SASE into their corporate infrastructure, leveraging its knowledge of Cisco technologies alongside insights from the markets in which it operates. Soitron works for customers in seven countries: the Czech Republic, Slovakia, Poland, Romania, Bulgaria, Turkey, and the United Kingdom. It uses best practices from individual markets for initial analysis and the architecture design, leveraging a cutting-edge technology portfolio tailored to customers’ specific needs.

The experience so far has shown that SASE implementation brings the most benefits primarily to companies with an extensive branch network (e.g. banking, financial services, and insurance institutions – BFSI), companies with a large proportion of hybrid employees, and projects that have grown using cloud-based services.

With a fully functioning SASE, a company can see, secure, and connect all of its employees and verify all users and all devices from a single place. This makes it possible for employees to work from anywhere and get secure and seamless access to all the resources they need to get their job done. The individual SASE parts can be quickly deployed, and the system is scalable. In addition, since these are cloud-based services, the need for investment in new hardware is mostly eliminated.