In a world where cloud-first strategy is on the minds of organisations, providing secure access to applications for users has become a priority. But as organisations and users become distributed, the attack surface continues to expand – driving up the demand for easy access to applications without compromising on security. To bridge this gap organisations need to factor in security closer to the user and edge. This can support network agility and minimise network latency. Software Defined WAN (SD-WAN) can cover it all.
BW Businessworld got in touch with Ritesh Doshi, Director of Enterprise Networking at Cisco India and SAARC, to understand more about SD-WAN. Read on for excerpts from the interview.
Excerpts:
How does SD WAN help organizations scale with simplicity?
The moment you talk about software-defined, you are basically abstracting the software layer from the hardware layer. So, now there is no dependency on the hardware. With so many users in an enterprise spread across various regions, connectivity mediums that an organisation wants is ease of management.
The second thing that they want is deep visibility into what the user is doing. For example, when I'm working from home, I'm connecting to the company internet or the company network. In such a scenario, it is quite possible that I'm also accessing some sites or certain workloads, which may carry a potential risk. And if an organisation doesn't have a deep visibility into what my machine is communicating to the Internet, whether it is towards the company network or towards the outside network, they won't be able to figure out how to stop a potential attack from happening. So, in the case of a software-defined WAN (SD-WAN), you can kind of do entire policy management, entire controls at a central level, thereby bringing in a lot of simplicity.
Gartner famously said that says SASE is the future of network security cloud. What’s at the crux of the SASE transformation?
SASE is a framework. It is not a product; it is not a specific solution. Under the SASE framework, there are various pillars which come into play that enable secure access to applications wherever users are a significant priority. But while delivering speed and agility, the multi-cloud environment creates challenges such as an expanded attack surface and less control over the user experience. As security shifts to the cloud, the legacy perimeter must also transform. Now, one critical pillar of the entire SASE framework is the SD-WAN, which is becoming cloud-programmable platform for security and SASE components. Then, we look at cloud-based security services coming towards the edge. Here, what we are talking about is that all the security services, which can potentially help protect a user from direct exposure, or from a direct threat is taken absolutely towards the edge. And that's where the solutions like - virtual firewall, cloud-based CASB, and etc - come into play. Now, all of these solutions have to work in close coordination with each other, and work as part of the framework. The result is a superior application experience and secure connectivity for employees and customers.
When we recommend our customers to go towards a SASE framework, we recommend them to create a long-term blue print to achieve the end-state. Look at the potential window where they have either an upgrade, refresh, or an expansion coming in and start putting various pieces in place keeping the end-state in mind.
We believe, no customer in today's world will be able to turn around toward SASE overnight. At Cisco, help them define a framework around the key fundamental pillars like SD-WAN, CASB, like cloud-based security (Cisco Umbrella solution), which works in close coordination with Talos, our Threat Intelligence and Research solution that extracts intelligence around what is happening globally in terms of cyber threats, etc., and feeding that back in the solution to give the entire end-to-end outcome for the customer.
Could you give us an instance where you helped a client tap into the power of SD-WAN and SASE?
We helped an Indian private bank with 5500+ branches. The bank has users who are business correspondents, accessing the company network from various remote places, not necessarily getting connected to the branches. The bank has been a long-standing customer for Cisco. We have helped this bank chart out the blueprint with three different architectures, including ACI, SD-WAN, and the SDA architecture, coming together with security layer built on top of it.
Now, the customer has an existing network in place in all these three areas. So, we created a step-by-step approach for them that will help them reach the end-state in about 18 to 24 months depending on their execution plan and whenever they get the window to exercise it. But the end-objective in this whole exercise for us and the customer is to achieve two things:
- User Mobility: The bank has a lot of mobile users mostly in the sales organisation. They want the policies to travel along with the user.
- User Provisioning: Customer today touches seven or eight different points to provision a user, when they are onboarded. What I mean by that is that at the moment, whenever there is a new user in the organisation depending on the department, one has to touch the Active Directory, which is where the user is created. Then, the LAN port needs to be provisioned, access to the WAN, Corporate Firewall and access through all the security devices both on-prem and cloud needs to be done to allow the user access workload. We have helped the bank laydown the blueprint which will help them do one-touch provisioning by using tighter integration capabilities between various solution components thereby delivering simplicity, centralised management, greater visibility and tighter security to the environment.
How is Cisco SD-WAN bridging an organisation’s security with SASE rollouts?
In any organization, when we define the end objective it is to make sure that, we are covering every part of the attack surface that we have exposed. With the advent of the whole cloud journey and, most of the applications are moving towards cloud. On the other side, users are getting exposed more and more to the internet as the attack surface widens. With SASE as a framework and SD-WAN as one of its important pillars, we are moving security as close to the edge as possible.
Cisco SD-WAN provides full-stack multilayer security capabilities for both on-premises and cloud. It bridges organisations' current security deployments with their SASE rollout by providing consistent security policy enforcement that can be deployed and managed anywhere. It provides:
- Constant protection against all internal and external threats, from branches to SaaS.
- Improved user experience via secure direct internet and cloud access.
- Increases overall network efficiency and reliability with micro-segmentation and identity-based policy management.
- Centralized visibility and control for all internal, inbound, and outbound traffic.
- Reduced cost and complexity using a single product for networking, security, and cloud.
