• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Cloud Security Infrastructure
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • 2020 Cybersecurity trends
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Security

How to address cybersecurity challenges in the cloud era with SASE

By Lorraine Bellon
Posted on October 13, 2020
Updated on November 24, 2020

Share

Facebook0Tweet0LinkedIn0

It’s no secret – networking and security have left the building. Even before the major shift to remote working in the first half of 2020, workplaces had already made the transition to a decentralized network architecture, where computing resources are located outside the data center and most enterprise traffic is destined for public cloud services. There are more remote and roaming users than ever before, and as work moves outside the office, so does the need for secure access to enterprise applications and data. To be successful in the cloud era, IT teams need to identify a new approach to control and secure users, apps, devices, and data — anywhere and everywhere they go in the world, and no matter what apps they choose to use.

According to Enterprise Strategy Group research, 32 percent of organizations report that most of their apps are now software as a service (SaaS) based. That number is expected to increase to 60 percent within two years.1 In the past, most organizations would backhaul traffic through MPLS WAN links from remote offices back to the data center to apply security policies before sending the traffic to the public internet.

Today, that centralized approach has become impractical because of the high cost of backhauling traffic over MPLS and the resulting performance issues for both branch locations and roaming users. To overcome these cost and performance issues, some businesses are adopting a more decentralized approach to optimize performance for these users with direct internet access (DIA) paths. But this approach highlights a set of new security challenges.

Gaps in visibility and coverage

Centralized security policies can’t be effectively managed and enforced in a decentralized network. This is because most traffic from branch locations to the cloud and internet doesn’t cross a centralized policy enforcement point. This results in visibility and coverage gaps, which increase the risk of a successful breach or compliance violation.

Volume and complexity of security tools

Security teams already struggle to keep up with cybersecurity threats. Many of them have lots of point solutions that are difficult to integrate and manage. These point products generate thousands of alerts — making it very difficult, if not impossible, for analysts to keep up. As a result, many alerts go untouched.

Limited budgets and security resources

IT and security budgets are already constrained. Deploying multiple, costly point security solutions — such as firewalls, secure web gateways (SWGs), intrusion detection and prevention systems (IDS and IPS), and data loss prevention (DLP) — to multiple locations and remotely managing these solutions with limited security resources is both impractical and ineffective.

Introducing secure access service edge (SASE)

In its August 2019 report, The Future of Network Security Is in the Cloud, Gartner defined the secure access service edge (SASE) concept as “an emerging offering combining comprehensive [wide area network] capabilities with comprehensive network security functions (such as SWG, [cloud access security broker], [firewall as a service] and [zero trust network access]) to support the dynamic secure access needs of digital enterprises.”2

The SASE concept consolidates numerous networking and security capabilities and functions — traditionally delivered in multiple, siloed point solutions — in a single, fully-integrated cloud-native platform. This approach delivers some key benefits that are critical for organizations that need to address the modern networking and security challenges of an increasingly cloud-first, distributed, mobile, and global workforce.

Example illustration of Secure Access Service Edge (SASE)


Here are four key characteristics of digitally transformed organizations that are laying the groundwork for this new concept:

Identity-centric

Gartner suggests that “digital business transformation inverts network and security service design patterns, shifting the focal point to the identity of the user and/or device — not the data center.”3

Cloud-native

Gartner describes modern digital enterprises as having “[m]ore sensitive data located outside of the enterprise data center in cloud services than inside” and “[m]ore user traffic destined for public cloud services than to the enterprise data center.”4

Edge computing

To support the SASE concept, Gartner describes a “worldwide fabric/mesh of network and network security capabilities that can be applied when and where needed to connect entities to the networked capabilities they need access to.”5

Globally distributed

Gartner describes the need for an “intelligent switchboard” where “identities are connected to networked capabilities via the SASE vendor’s worldwide fabric of secure access capabilities.”6

Start your SASE journey

Remember: SASE isn’t a product, a company, or a solution. It’s a broad concept that invites you to think differently about how networking and security work together in the cloud era. Two major SASE concepts are consolidation and simplification, so it makes sense to chart a course that includes both networking and security elements from a single vendor.

Secure access service edge - SASE for dummies ebook cover Cisco Umbrella Blog

Are you feeling overwhelmed? Start here to learn more about the SASE concept and how it works, and you can request your free copy of our new ebook, Secure Access Service Edge (SASE) for Dummies. In this ebook, you’ll learn about the benefits of software-defined wide area networking (SD-WAN) and how it can lower your networking service costs and improve performance. You’ll also learn about the best way to secure new traffic flows with cloud-delivered security.

What are you waiting for? If you missed our earlier posts about how networking and security have evolved, you can catch up on your reading with the links below.

  • Top 10 networking and security trends and challenges
  • How networking and cloud security solutions have evolved to connect and protect users everywhere

1 Enterprise Strategy Group, The Rise of Direct Internet Access, 2018
2 Gartner, The Future of Network Security is in the Cloud, 2019
3 Gartner, The Future of Network Security is in the Cloud, 2019
4 Gartner, The Future of Network Security is in the Cloud, 2019
5 Gartner, The Future of Network Security is in the Cloud, 2019
6 Gartner, The Future of Network Security is in the Cloud, 2019

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Cisco Umbrella Blog
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Cisco Umbrella

Learn more

  • Events
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella