What is SASE?
SASE, also known as Secure Access Service Edge, is the future of Secuirity Management of your On and Off Site Users and Equipment.
Our SASE Video below was chosen as the WINNER of the “Ingram Micro & Cisco Meraki, Pitch Competition” in 2022.
We could just leave this competition winning video explaining the Cisco Meraki SASE solution here for you to watch. However, we know that not everyone has the time to watch a 20 minute video and you may not even have the ability to listen to this video.
The Evolution of User & Business Security.
Historically most businesses will have some form of on-site physical security stack, such as a Firewall, as a security barrier between the internet and your business and employees. These could also link together business locations, allow users to VPN into the office for; File Storage, Server Hosted Software and more. These Firewalls could also manage all of the Security Policies for your business, ensuring that all of the connections to what your employees need the most stays secure.
If the past few years has taught us anything is that our users are not always where your security equipment is. They could be working from home, working from Public WiFi at a local café or they could be working from a remote location anywhere in the world.
And with your remote users now using more cloud platforms than even 5 years ago, how can you ensure that all of your users are managed and stay as secure as they would be if they were in the office?
Historically, this would be by use of a VPN from remote offices or from remote user devices back to the primary data centre or head office, and also by expensive MPSL connections. However, with the increasing amount of users who have been working remotely and using cloud based software this can cause a bottle neck at the security stack that can actually harm the ability for your employees to work effectively, and it can also make it more difficult to manage those cloud based software’s and database connections.
Where 5 years ago, most of a businesses data & software will have been stored or hosted from a business data centre or centralised location, with only a small amount of actual browsing traffic. Meaning that all of your remote sites or users needed to only connect back to 1 central location to access all of the files and software that they needed. Now we are seeing a complete inversion of this, where businesses now rely on their internet connection more than ever for cloud based software services such as Microsoft 365, Cloud Storage such as OneDrive, Sharepoint or Dropbox, or services such as Sage Cloud, Creative Cloud and even Desktop as a Service and a whole lot more besides.
Now it feels like it makes much more sense to take a direct internet access approach for these cloud based software services, rather than redirecting, slowing down and bottlenecking the traffic at a centralised location to give your employees the enhanced security that your security stack offers. However, a direct approach is not secure.
The Challenges of Security & Cloud Applications.
Each of these cloud software services have their own security policies that are not managed by your organisation. Meaning that whilst these are in many cases very good, they are also very inconsistent and could provide a potential security hole for your business.
On top of this, recent studies have shown that approximately 70% of current security attacks on businesses are the result of remote users not being protected by your businesses network security policies.
The BIG Question.
So the biggest challenge is, how do you manage the security of all of these services, users and devices regardless of where your employees are located, without hindering their ability to work, and ensuring that all the companies security policies are adhered too?
The best way to do this, to increase speed and efficiency, is right at the edge of those cloud platforms, on the internet, rather than being redirected to a centralised location.
This is where SASE comes in.
SASE, also known as “Secure Access Service Edge” combines all of the services that you would usually associate with a physical security stack on your network, such as; a Firewall, SD-WAN, DNS Security, Secure Web Gateway, Cloud Access Security Broker & Zero Trust Network Access, but it provides this as a cloud hosted service.
Meaning that regardless of where your employees are located, Personal Home Broadband, Mobile Data, Public WiFi, it doesn’t matter where, they will be connected to your SASE service via their nearest regional Point Of Presence (POP), with multiple redundant failovers, and they will then be protected by all of your security tools whilst having the best experience with the services they use.
The Cisco Meraki SASE Solution is built around 4 Components
Connect is the Networking part of the solution. This allows users to connect to the applications and data that they require using the Meraki SD-WAN Solutions. This allows you to be able to connect sites and users from a single pane of glass and provide a high quality of service that can be customised per user profile depending on their requirements.
Regardless of where they are, the users device is connected to the nearest cloud Point of Presence (POP), which contains your cloud hosted firewall, security policies, anti-malware and more. This then applies all of your security policies to all web traffic to verify what services your users and their devices can access regardless of where they are without ever noticing a difference.
These same rules are also applied to inbound business data access. If a user needs to access files or software hosted on your internal business network, the remote user is verified at the nearest Cloud Edge POP to their location and their traffic is routed via your cloud hosted firewall back to your internal network.
This is a flip of how this would have been done historically where a user would connect over VPN to your business network to apply security polices before routing traffic to the internet which could cause a bottleneck at the centralised location, instead the users connect to the internet and your security policies are applied in the cloud and they can be redirected into your network when needed.
If your users are in the office, SASE’s integration with SD-WAN means that your user’s traffic is routed according to their needs. If they require direct web access to cloud applications and resources the traffic is routed directly via your cloud firewall and security policies. If your user requires access to internal resources such as server hosted software, data or files then the users data is routed via on premises security policies that are also managed from that single pane of glass which manages your complete security.
The Control part of the solution gives you the ability to both control and protect your users. With the growing use of direct internet, or direct to cloud applications, Cisco Umbrella provides all of the tools to protect your users, no matter where they are, from the latest security threats. It allows you to protect all external access and all cloud edge directly at the source by using DNS, Layer Security, Secure Web Gateway, Cloud Delivered Firewall and much more.
Another core component of Control is Zero Trust Network Access which, in the Cisco Meraki SASE solution, is provided by Cisco DUO. Meaning that only verified users and devices can access the services, resources and data that they have been granted access to, regardless of the location they are accessing from, for the most optimised security of your information.
Cisco is then able to Converge all of the resources of Meraki, Umbrella, DUO, TousandEyes and more into an integrated solution for optimised monitoring, high quality of service, and best in class security. And by Converging all of these services, Cisco is able to provide Unique Observability features.
Observability within the Cisco SASE solution is the evolution of monitoring, allowing you to generate actionable insights on your security data. By converging all of these resources under one banner, it means that with Cisco ThousandEyes, even though many of these cloud services are outside your ownership or direct control and you do not know how their traffic is routed. You can still ensure the highest performance, security and integrity of the data being accessed.
The Cisco SASE Solution is able to give you complete visibility from the users to the applications and data they access over any network, regardless of where they are. And it also gives you unique insights into any performance issues, allowing you to remedy incidents quickly and maintain a reliable connection.
At 10:22 in our video we cover a demonstration of how SASE works within the Cisco & Meraki solution.
If your business uses any type of cloud application or data solution such as Office 365, Google Cloud Services, Dropbox, Sage Cloud and so on. And especially if you also have a mix of on site and remote users who are not all protected by your security policies, then the services we have covered in this article and video would provide the perfect solution to manage you remote workforce whilst keeping them and your network secure.
We can provide you with a free trial to set up on your own network so that you can try out the SASE solution for yourself. We can help you set it up, get it configured, show you how it works and how to manage it. And if it’s not for you? Don’t worry about it, we’ll pay to get it returned for you.
You also don’t have to worry about upgrading your network to a SASE compatible solution all at once… it can be done in stages as equipment or services are due for renewal, and as you upgrade each of those parts of your network we can work with you to integrate these services into a SASE compatible solution.
Our fantastic customers include:
Annette, Logo Leisurewear
Happy with excellent service by Pawel and Adam getting my new PC just as I need it to be set up. Thanks.
Jake, Opus UK
Closing tickets faster than I can submit them.
Very quick response on most of our issues. O2C look after us and keep us posted on progress with tickets.