Technology
Author: Rick Su (Cisco Secure Product Manager, MetaAge Technologies)
“Digital transformation” has become an unstoppable industrial issue across the globe, and it is no exception in Taiwan. To date (2021), increasingly enterprises are accelerating digital transformation as the pandemic escalates, to actively embrace remote collaboration and employ numerous cloud application services, hoping to effectively cope with the new norms of work from home (WFH) or split operations.
Meanwhile, the rise of the hybrid work environment has also gradually distributed enterprise applications from centralized data centers to individual users, devices, and applications. Due to this geographic decentralization, their connections have become increasingly complex. For this reason, as it is difficult for enterprises to continuously use the traditional border-based protection, they must keep up with the trends for information security control in the era of digital transformation.
Hence, Gartner proposed a new type of information security framework called Secure Access Service Edge (SASE) in December 2019 to integrate VPN, WAN, and cloud-native information security functionality. That is, functions including secure web gateway (SWG), Cloud Access Security Broker (CASB), firewall, and zero trust network access are provided from the cloud to help enterprises build an information security model for future needs. This way, enterprises can turn complexity into simplicity to access all network and information security functions via one integrated cloud service to more securely and more easily link business locations and WFH employees distributed across different places.
Cisco has responded to the concept of SASE ahead of competitors and built a SASE architecture that can truly integrate network and information security functions into one single cloud-native service to ensure enterprises can ubiquitously protect the access privileges of users, devices, or applications distributed everywhere. In other words, with the support of Cisco SASE, enterprises can implement digital transformation at full steam in the middle of the journey to easily embrace the new norms of remote and cloud operations.
The “2020 Asia Pacific SME Digital Maturity Study” report released by Cisco last year showed that up to 70% of small and medium enterprises (SMEs) in Asia Pacific accelerated the development of enterprise digitization because of the pandemic, and up to 86% of SMEs believed that digitization could really help enterprises strengthen responsiveness in critical crises like COVID-19. These SMEs also believed that they were unable to demonstrate agility and flexibility in quickly adjusting strategies to adapt to changes in the macroenvironment in the absence of a solid foundation for digitization on the way to the new norm of WFH.
In Taiwan, up to 74% of SMEs are seeking digital transformation, hoping to introduce more new products and new services to enhance market competitiveness. In addition, 51% of SMEs have realized that the style of global competition is changing, and only by following the trend and investing in digitization can they keep up with such changes. Clearly, most Taiwanese SMEs have recognized the importance of digital transformation and are willing to invest in digital transformation during the pandemic. However, it is undeniable that there is still huge room for improvement in terms of the speed and breadth of transformation.
In view of the rush for digital transformation of many businesses, hoping to meet the needs of WFH and deploy appropriate and effective solutions, Cisco has prepared rich solutions to help businesses easily face the possible digital challenges for security, high performance, and flexibility.
For example, Cisco has introduced the “Cisco Secure Remote Worker” solution to address the desperate need for remote access during the pandemic. This solution aims to provide secure remote connectivity with Cisco AnyConnect to fulfill the demand for WFH employees to access internal enterprise data. Through the double authentication of Cisco DUO, enterprises can stringently verify if the users connecting to the enterprise networks are true employees. In addition, by enhancing network security with Cisco Umbrella, WFH employees do not need to worry about connecting to phishing or mining websites.
Basically, these solutions can help businesses properly protect the computers used in teleworking. In addition, IT or information security administrators can manage multiple tools with a single platform to simplify and smoothen operating experience.
According to Cisco, businesses must consider some deep structural issues and seek radical solutions in order to face the digital challenges of the post-pandemic era.
These issues include:
1. Are employees working in remote locations (teleworking) or from home (WFH) protected when they search for and/or download data from the internet outside the company?
2. Are there any blind spots in management when employees access data frequently with ADSL or mobile 4G/5G networking services from home, suggesting a wider range of channels for accessing corporate digital assets?
3. According to the traditional border-based network segregation, the intranet of businesses is considered as a trusted network, while the extranet of businesses is an untrusted network. As the security border is gradually vanishing, how do businesses address this issue?
4. Due to both the pandemic and corporate investments in digital transformation, increasingly digital assets or data are being migrated to cloud platforms. In this case, how can service performance be enhanced while at the same time ensuring information security?
5. In summary, whether employees, equipment, or digital assets are progressively migrating to outside the enterprise, as it is out of the reach of traditional border-based protection, how to make changes accordingly to quickly renew the information security architecture?
According to Cisco, businesses should give up routinism in the Information Age and define protection with a brand-new architecture.
According to the new concept of SASE introduced by Gartner, network security and SD-WAN are integrated into a single cloud service to support various edges such as WAN, mobile, and edge computing for each employee and device to securely access corporate digital assets ubiquitously and to the ensure total portability of personal identity and access privileges. With such new architecture, all the above problems can be solved, making SASE a target worthy of putting in practice by businesses.
Cisco also reminds enterprise users that building a complete SASE security architecture must cover the required network services and information security services. Network services may include SD-WAN and WAN optimization; Information security services may cover CASB, SWG, ZTNA, FWaaS, DNS, and RBI.
After understanding the implications of Gartner’s SASE concept, let us see how Cisco has designed the SASE network security architecture.
According to Cisco, users are advised to seriously examine the 3C indicators when trying to understand the Cisco SASE solution. Only with a thorough understanding of these three elements can enterprises quickly and easily implement the SASE network security architecture perfectly. These three Cs are: Connect, Control, and Converge.
Connect refers to the selection of methods for connecting to digital assets, i.e., via VPN or SD-WAN. This is the only way to effectively realize SASE for users to access any applications easily and automatically with any devices.
Control refers to where and what information services are used by users. For example, if FWaaS or SWG is used, as they are considered as the best practices, it is believed that they can establish powerful threat protection and zero-trust access control for digital assets.
Converge refers to how enterprises integrate network security services. Enterprises may determine if the integration of their security protection services is valid by means of visualization, automation, and manageability.
For enterprises to achieve the optimal level of Connect, Control, and Converge in order to create an information platform for the best implementation of integration and collaboration, three cores have been established in the Cisco SASE solution.
First is “Connectivity”.This aims to provide various connection methods, including SD-WAN, VPN, and remove access.
Second is “Security”. This aims to provide information security protection for DNS, SWG, L7 Firewall/IPS, CASB, and DLP through the cloud platform.
Third is “Identity”. This aims to ensure that the connection of each user is trusted by means of zero-trust access to eliminate the manipulation of hackers by “covering up the illegal with the legal”.
More importantly, besides setting out the three cores of SASE, Cisco combines the entire thing with visualization, policy, and integration for business administrators to progressively implement SASE by following a simplified, consistent, and scalable path. In summary, whether enterprises are already on the way to digital transformation or about to start, they can always find assistance from the Cisco Secure team and MetaAge to help realize this new way of thinking in information security to strongly protect the present and future fruits of innovation and evolution.
