Securing a hybrid work environment with SASE

The shift to remote work has indefinitely transformed technology consumption today. With the hybrid work environment expected to be a mainstay in the foreseeable future, digitalization has accelerated and users are connecting to corporate applications and services in different ways. Today’s employees are placing a higher value on flexibility, and would like the ability to choose whether to work from home or in the office. In fact, 88% of workers in APJC are favoring a hybrid blend of office-based and remote work, according to Cisco’s Future of Work study. 

Against this backdrop, enabling user access is no longer as straightforward as connecting the user at the campus or branch office to applications in the data center. Furthermore, more companies are adopting a multi-cloud strategy, so applications are no longer solely hosted on premises. This means that users are accessing these applications from multiple locations – and the apps they are accessing are just as distributed and dynamic. In this new paradigm, users still expect a seamless connection to the apps and services they need, from any location and device. 

How can organizations keep this distributed environment secure for users while maintaining a simplified cybersecurity infrastructure? 

What is SASE and how it is revolutionizing the cybersecurity landscape  

While we hope businesses know by now that cybersecurity needs to be at the heart of digitalization efforts, the complex cyber landscape poses a key deterrence. The multiple regulatory standards and a variety of different providers are just some factors that make security more complicated than before. Today’s network security has completely transformed with the elimination of a traditional security perimeter, and the need to secure the outer edge of the Internet has increased in importance. Securing the modern network is also a time-consuming challenge, and IT teams need a simple and reliable approach to protect and connect with agility. 

This is exemplified in the Secure Access Service Edge (SASE) model. Gartner coined this term just two years ago, alongside their vision for security that is fit for the cloud era. This is underscored in Cisco’s Accelerating Digital Agility Research, which revealed that over half of CIOs and IT Decision Makers (65%) in APJC are pushing applications to the cloud today and security is closely following suit. 

What exactly is SASE, and what does it entail? As a cloud-based, as-a-service-model, SASE converges comprehensive networking and security functions to support the hybrid workplace. It is designed to provide strong secure access from edge to edge — including the data center, remote offices, employees, and beyond.

In fact, leaders are already rethinking their network architecture and are embracing SASE. The same research found that over three quarters of IT leaders in APJC (78%) have adopted SASE solutions, which is higher than the global average of 69%. When asked why, they expressed their interest in staying up to date with industry best practices (63%), investing in cloud applications that needs to be secured (62%), and acknowledging that the workforce is going to stay distributed (40%). 

SASE is made up of network and security functions such as Software Defined WAN (SDWAN), Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB) and others. These individual components can suceed piecemeal, but making them all work together is where organizations can set themselves apart from competitors and truly transform their cybersecurity infrastrature and futureproof themselves. This is why SASE comes to the fore. But SASE is a journey, so let us take a closer look at the components that make this journey.

Connect, Control, Converge

In identifying and deploying a SASE architecture that integrates multiple security and networking functions, organizations need to find the right partner that enables the three Cs. Firstly, it is about connecting users to the applications and data they need to access. Secondly, the control part is about extending secure services from the data center to any cloud. This means establishing zero trust access and protecting users from cyber threats regardless of the location or device they are accessing from. And lastly, it emphasizes this idea of convergence: that we can bring together networking and security functions to deliver secure connectivity in a more integrated fashion, as a service.

As digital transformation continues to accelerate and employees demand flexibility in where and how they work, SASE serves as a great advantage for various organizations in streamlining and simplifying their security infrastructure. It also optimizes business performance by ensuring the fastest, most reliable and secure path to the cloud and delivers the best app experience for users  with end-to-end observability from the user all the way to applications. This enables them to resolve any issues or anomalies, no matter what network or cloud they are connected to. Finally, SASE makes businesses more agile. Leaders can leverage the cloud to remove complexity from their infrastructure and provide immediate scalability. These benefits are especially useful for companies operating in a distributed environment across the headquarters, branch offices or locations and users in remote locations be it at home or working remotely from a café. 

Education institutions for instance, host large volumes of sensitive and personal data. Add to that the growing use of off-campus networks and public cloud services driven by the need for remote working and learning arrangements, the cyber risks and attack surface are exacerbated. This brings about the urgency for an enhanced security ecosystem that enables comprehensive protection anytime for students and staff. 

In line with this, Cisco is currently supporting Hong Kong Baptist University (HKBU) in strengthening its security infrastructure through SASE. In fact, they are the first Hong Kong university to put in place comprehensive cloud-based security solutions to protect over 26,000 students and staff. Through SASE, HKBU is equipped with high visibility of internet activity and SaaS application usage, helping them stay protected against malware attacks and phishing links. The SASE model also enables them to enhance incident response capabilities and effectively establish device trust before granting staff and students access to authorized applications. These factors contributed to HKBU’s overall digital resilience against a rapidly digitalizing education landscape. 

Security that is fit for the cloud era 

That said, we recognize that the migration to the cloud is a continuous journey and organizations are at different stages depending on their business model and goals. When it comes to transformation, there is no one-size-fits-all approach. And moving to a SASE framework is no different.

At Cisco, we have a strong heritage around networking and a thorough end-to-end security portfolio. These are alongside our ability to scale and support the needs and demands of customers regardless of their size or geographical location. Such capabilities greatly help our customers’ journey to SASE at every control point. They combine our best-in-class networking, connectivity, security, and observability capabilities into a single subscription service: delivering seamless, secure access to any application and anywhere users work​.

With SASE, companies can greatly simplify security and reduce the cost, time, and resources previously required for deployment, configuration, and integration. Amid remote working arrangements, and the rapid move to the cloud, the various SASE components help with easy management, automation, and quick detection and response to potential cyber threats. These contribute to a more resilient workforce and enable companies to strengthen business continuity efforts and prepare for the next phase of recovery.