• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Search
Search
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Security
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Security for Chromebook
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella and Cisco Secure Access Packages
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
      • Cisco Umbrella for Government Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Your SSE journey with Cisco
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
      • Umbrella and Duo Layered Protection
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
        • – FTC Safeguards Rule Compliance 2023
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
      • Cybersecurity Webinars
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Security Definitions
      • What is DNS Security
      • What is a Secure Web Gateway
      • What is a Cloud Access Security Broker (CASB)
      • What is Security Service Edge (SSE)
      • What is Secure Access Service Edge (SASE)
      • Cyber Threat Categories and Definitions
    • For Customers
      • Support
      • Customer Success Webinars
      • Free Trial Quick Start Guide
      • Free Trial Help and Tips
  • Trends & Threats
    • Market Trends
      • Generative AI Cybersecurity Risks and Rewards
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Clearing search keywords
Security

How to address cybersecurity challenges in the cloud era with SASE

Author avatar of Lorraine BellonLorraine Bellon
Updated — June 27, 2022 • 4 minute read
View blog >

It’s no secret – networking and security have left the building. Even before the major shift to remote working in the first half of 2020, workplaces had already made the transition to a decentralized network architecture, where computing resources are located outside the data center and most enterprise traffic is destined for public cloud services. There are more remote and roaming users than ever before, and as work moves outside the office, so does the need for secure access to enterprise applications and data. To be successful in the cloud era, IT teams need to identify a new approach to control and secure users, apps, devices, and data — anywhere and everywhere they go in the world, and no matter what apps they choose to use.

According to Enterprise Strategy Group research, 32 percent of organizations report that most of their apps are now software as a service (SaaS) based. That number is expected to increase to 60 percent within two years.1 In the past, most organizations would backhaul traffic through MPLS WAN links from remote offices back to the data center to apply security policies before sending the traffic to the public internet.

Today, that centralized approach has become impractical because of the high cost of backhauling traffic over MPLS and the resulting performance issues for both branch locations and roaming users. To overcome these cost and performance issues, some businesses are adopting a more decentralized approach to optimize performance for these users with direct internet access (DIA) paths. But this approach highlights a set of new security challenges.

Gaps in visibility and coverage

Centralized security policies can’t be effectively managed and enforced in a decentralized network. This is because most traffic from branch locations to the cloud and internet doesn’t cross a centralized policy enforcement point. This results in visibility and coverage gaps, which increase the risk of a successful breach or compliance violation.

Volume and complexity of security tools

Security teams already struggle to keep up with cybersecurity threats. Many of them have lots of point solutions that are difficult to integrate and manage. These point products generate thousands of alerts — making it very difficult, if not impossible, for analysts to keep up. As a result, many alerts go untouched.

Limited budgets and security resources

IT and security budgets are already constrained. Deploying multiple, costly point security solutions — such as firewalls, secure web gateways (SWGs), intrusion detection and prevention systems (IDS and IPS), and data loss prevention (DLP) — to multiple locations and remotely managing these solutions with limited security resources is both impractical and ineffective.

Introducing secure access service edge (SASE)

In its August 2019 report, The Future of Network Security Is in the Cloud, Gartner defined the secure access service edge (SASE) concept as “an emerging offering combining comprehensive [wide area network] capabilities with comprehensive network security functions (such as SWG, [cloud access security broker], [firewall as a service] and [zero trust network access]) to support the dynamic secure access needs of digital enterprises.”2

The SASE concept consolidates numerous networking and security capabilities and functions — traditionally delivered in multiple, siloed point solutions — in a single, fully-integrated cloud-native platform. This approach delivers some key benefits that are critical for organizations that need to address the modern networking and security challenges of an increasingly cloud-first, distributed, mobile, and global workforce.

Example illustration of Secure Access Service Edge (SASE)


Here are four key characteristics of digitally transformed organizations that are laying the groundwork for this new concept:

Identity-centric

Gartner suggests that “digital business transformation inverts network and security service design patterns, shifting the focal point to the identity of the user and/or device — not the data center.”3

Cloud-native

Gartner describes modern digital enterprises as having “[m]ore sensitive data located outside of the enterprise data center in cloud services than inside” and “[m]ore user traffic destined for public cloud services than to the enterprise data center.”4

Edge computing

To support the SASE concept, Gartner describes a “worldwide fabric/mesh of network and network security capabilities that can be applied when and where needed to connect entities to the networked capabilities they need access to.”5

Globally distributed

Gartner describes the need for an “intelligent switchboard” where “identities are connected to networked capabilities via the SASE vendor’s worldwide fabric of secure access capabilities.”6

Start your SASE journey

Remember: SASE isn’t a product, a company, or a solution. It’s a broad concept that invites you to think differently about how networking and security work together in the cloud era. Two major SASE concepts are consolidation and simplification, so it makes sense to chart a course that includes both networking and security elements from a single vendor.

Secure access service edge - SASE for dummies ebook cover Cisco Umbrella Blog

Are you feeling overwhelmed? Start here to learn more about the SASE concept and how it works, and you can request your free copy of our new ebook, Secure Access Service Edge (SASE) for Dummies. In this ebook, you’ll learn about the benefits of software-defined wide area networking (SD-WAN) and how it can lower your networking service costs and improve performance. You’ll also learn about the best way to secure new traffic flows with cloud-delivered security.

What are you waiting for? If you missed our earlier posts about how networking and security have evolved, you can catch up on your reading with the links below.

  • Top 10 networking and security trends and challenges
  • How networking and cloud security solutions have evolved to connect and protect users everywhere

1 Enterprise Strategy Group, The Rise of Direct Internet Access, 2018
2 Gartner, The Future of Network Security is in the Cloud, 2019
3 Gartner, The Future of Network Security is in the Cloud, 2019
4 Gartner, The Future of Network Security is in the Cloud, 2019
5 Gartner, The Future of Network Security is in the Cloud, 2019
6 Gartner, The Future of Network Security is in the Cloud, 2019

Suggested Blogs

  • Cisco Umbrella Delivered Better Cybersecurity and 231% ROI February 21, 2023 2 minute read
  • Cisco Listed as a Representative Vendor in Gartner® Market Guide for Single-Vendor SASE January 26, 2023 3 minute read
  • How to Evaluate SSE Vendors: Questions to Ask, Pitfalls to Avoid June 23, 2022 5 minute read

Share this blog

FacebookTweetLinkedIn
Subscribe to the Cisco Umbrella blog Subscribe

Follow Us

Facebook X LinkedIn Youtube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2025 Cisco Umbrella