“The next decade of economic performance for every business will be defined by the speed of their digital transformation,” said Satya Nadella, CEO of Microsoft. For the past few years, the cloud has grown exponentially. It should not come as a surprise but if you are looking for data points, this IDG survey is a great resource. Thousands of companies have already migrated thousands of apps to the cloud. So, what’s the next big shift? SASE will play a leading role.
COVID–19 has put more urgency on digital transformation. Millions of employees started working from home. Many will not return to their office as many organizations have already closed small or non-strategic office locations: remote working has crossed the chasm. One of the highly visible effects of this change is the booming adoption of remote working software like Zoom. At least, the stock market has great expectations for these companies’ growth given the new environment we live in. Zoom stock jumped 488% YTD compared to 33% for the NASDAQ Index, as of this writing, in later November.
Large organizations still have sizeable datacenter footprints. In these datacenters, we find applications that haven’t migrated to the cloud but also networking components such as firewalls, load balancers, IDS, IPS, routers, switches and devices managing partner connections. Just a few years ago, it was common to design networks for offices to connect to a datacenter where internal applications ran and internet traffic was filtered. Yet, given that more employees now work remotely, and many applications have moved to the cloud, it is an appropriate time to ask whether these networking components are ideally placed on-premises or if they should migrate to the cloud. As a result, transforming traditional on-premises networks to the SASE model (Secure Access Service Edge) is a rising priority for many large organizations today.
Figure 1. Traditional hub-and-spoke architectures vs SASE model.
Enterprises Transition to SASE
According to Gartner: “By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018“. If you are looking to validate our observation, look at the stock performance of companies with modern networking products as their core offering: Zscaler and Palo Alto. Zscaler stock has jumped 118% between its introduction on January 15th, 2020, and the time of this writing (late November) vs 30% for the NASDAQ index. Both Zscaler and Palo Alto offer great products to implement SASE.
Figure 2. AWS network hub that secures Ingress and Egress traffic
Users can expect these key benefits from the SASE model over traditional networking:
- Better Performance and User Experience: Users can easily connect to wherever resources are located. Access to apps, the internet, and corporate data is available globally thanks to cloud infrastructure. That increases employee productivity because it creates a seamless connection between employees and company resources. Also, IT teams spend less time on connecting workers to applications and more time focused on innovation and strategic work.
- Full Visibility and Control: Companies experience always increasing cybersecurity threats as attackers try to access corporate networks and cloud applications. Unlike the traditional approach, SASE provides full visibility and control by leveraging cloud capabilities such as NGFW (Next Generation Firewall), SWG (Secure Web Gateway), DLP (Data Loss Prevention) and ZTNA (Zero Trust Network Access), which means better security.
- Lower Costs: With minimal hardware or software requirements, SASE requires lower capital investments than traditional approaches.
- Less Complexity: Network and security teams no longer need to learn, configure and manage multiple systems from different vendors. This gives teams more time to spend on other critical projects.
While most widely known, Palo Alto and Zscaler are not the only options available. In November 2020, AWS released two services that simplify implementing SASE in AWS:
- AWS Network Firewall is a managed service that makes it easy to deploy essential network protections for all your Amazon Virtual Private Clouds (VPCs). Thanks to its native integration with other AWS services, AWS Firewall Manager allows you to configure Network Firewall for AWS accounts and VPCs in an AWS Organization. AWS Security Hub gives you a comprehensive view of your security alerts and security posture across the whole AWS Organization. On the other hand, because it is an AWS specific solution, it cannot be used for on-premises networks or other cloud providers.
- AWS Gateway Load Balancer (GWLB)makes it easy to deploy, scale, and manage your third-party virtual appliances. GWLB combines a transparent network gateway (a single entry and exit point for all traffic) and a load balancer that distributes traffic and scales your 3rd party security and networking virtual appliances up, or down, based on demand. GWLB is designed for virtual appliances from AWS Partners and ISVs in the AWS Marketplace. This allows you to quickly integrate the vendor you are already familiar with and trust, or test options from other vendors.
AWS provides a variety of network and security services that allow you to build a network security hub in the cloud. AWS Transit Gateway and AWS Gateway Load Balancer allow enterprise customers to build a secure global network in the cloud. With it, they can connect multiple cloud providers and on-premises systems in a secure, flexible and cost-efficient way.
We believe this shift will drive further datacenter consolidations, bringing substantial cost optimization and demand for other core IT components (such as Active Directory and DNS) to be redesigned.
If you need to transform your networking architecture, NTT DATA can help you assess, design, implement and either train your networking team or manage SASE for you.
Post Date: 12/15/2020