In the Part One of this blog series, we shared insights into best-of-breed SASE and securing the ever-growing number of Internet-connected devices or Internet of Things (IoT). This blog will cover the next set of topics: seamless connectivity for a multivendor SASE solution and protecting intellectual property in light of the Great Resignation.
Seamless connectivity for a multi-vendor SASE solution
Most enterprises today prefer a best-of-breed SD-WAN technology and best-of breed cloud delivered security so as not to compromise on either the networking component or the cloud security component of a SASE solution. However, to make a multi-vendor SASE solution easy to deploy and easy to update, just like a single vendor SASE solution, customers need seamless connectivity and a truly converged SASE solution. As one leading industry analyst pointed out, customers face risk if implementing sub-optimal SASE frameworks that are not well-integrated nor coordinated, including higher risk of security incidents or downtime, plus increased TCO. Accordingly, the tight, coordinated linkage between the networking and security technologies is critical.
To implement cloud delivered security and deliver the best cloud application performance, Aruba EdgeConnect Enterprise provides seamless connectivity to Netskope using integrated service orchestration. With Integrated Orchestration, secure IPsec tunnels are automatically established between branch locations and the Netskope cloud security enforcement points. Today, Netskope’s NewEdge security private cloud is powered by data centers in nearly 60 regions globally, all with fast low-latency on-ramps, plus extensive peering. By connecting to the Netskope cloud security enforcement points that are close to that branch location, the delay can be minimized, resulting in the best application performance and quality of experience for users. To keep business running and ensure resilience, IPsec tunnels are automatically configured to both primary and secondary Netskope security enforcement point incase primary is unreachable for any reason. If a branch is served by two different ISP’s, there are 4 tunnels to be configured between the branch and primary and secondary cloud enforcement point.
Historically, manually configuring IPsec tunnels is a time-consuming and error-prone process that typically takes tunnels up to 30-60 mins per branch. With integrated orchestration, the Day Zero onboarding of 500 or 1000 sites can be accomplished in just a few minutes, and because the process is automated, the probability of mistyping a command is significantly minimized. With integrated orchestration that automates the connectivity between best of breed SD-WAN and best-of breed cloud-delivered security (or the Security Service Edge), enterprises can realize the greatest operational efficiencies without compromising on either the networking or security functions of a converged SASE solution.
The Great Resignation – protecting intellectual property
Corporate data holds unparalleled value, and with data being scattered across the web and cloud applications, it is becoming increasingly difficult for organizations to protect their sensitive information or proverbial ‘crown jewels.’ Moreover, in 2021, nearly 50 million people quit their jobs and left the workforce, searching for better and more flexible opportunities, leading to what’s been nicknamed as the Great Resignation. The departure of employees can result in problems relating to intellectual property (IP) loss, sensitive data protection, and other issues when people intentionally or unintentionally take sensitive corporate information with them. This gets even more complicated for enterprises having to navigate the complexities of business versus personal instances of such common SaaS apps, such as Box, Dropbox, Microsoft 365, or G-Suite.
To adequately respond, enterprises need a comprehensive Security Service Edge (SSE) solution that helps organizations take advantage of any cloud and web application without sacrificing security by targeting and controlling activities across any cloud service or application. This includes, for example, accounting for the context of the user, their risk level, location, device posture, app operations or other factors like app instance. An example would be a user that has a corporate instance of OneDrive or Dropbox, while at the same time having a personal instance of these file sharing and collaboration applications. The user should be able to upload and download data from their corporate-sanctioned apps with ease, but they should not be allowed to upload content to a personal instance, or at minimum, this activity should be monitored. For most security solutions, this is an extremely daunting problem to solve, as there is an inability to distinguish between these personal versus business instances of the same application. For Netskope, this is a simple problem to solve.
Just like Aruba embraces Zero Trust, Netskope SSE makes the initial assumption that no user can be trusted by default and supports least privileged access through its ZTNA solution that grants targeted access to apps, not defined network perimeters or zones. This de-risks the age-old problem of lateral movement from exploited VPNs or other risks associated with VPN agent vulnerabilities or inbound attacks on the VPN concentrator itself. ZTNA is complemented by Netskope CASB for protecting SaaS apps and related sensitive data, as well as guard against threats. Additionally, the Netskope Secure Web Gateway (SWG) protects organizations from web-based threats a myriad of techniques including the basics of URL filtering and malicious code detection. And lastly, for non-standard traffic, FWaaS provides rich firewall functionality in the cloud to analyze traffic further for example to stop command-and-control on standard ports, like DNS. The combination of these security services, integrated in single-pass SSE architecture, enables organizations to radically improve their overall security posture and the future of hybrid work.
Together, Netskope SSE complemented by the application and context-aware, business-driven Aruba EdgeConnect Enterprise SD-WAN platform provides a robust, converged SASE solution, unmatched in the industry. This best-of-breed combination ensures users can safely connect from anywhere, remain secure and protected regardless of their location, plus address the growing number of IoT devices, all while ensuring superior network and application performance.
For more details, please refer the Aruba and Netskope SASE solution overview.
Related Resources
- WAN and Security Transformation is Critical to Architecting SASE
- EdgeConnect Enterprise SD-WAN Data Sheet
- Desperately Seeking SASE: SD-WAN and Security Converge
- SD-WAN Explained
About the authors
Karan Singh Dagar is a Product Marketing Manager at Aruba, a Hewlett Packard Enterprise company. Karan has a broad computer networking and cloud background and is responsible for driving product marketing, messaging, positioning, and content creation across Aruba’s enterprise and service provider SD-WAN offering. Karan also has a master’s in computer networking from North Carolina State University.
Jeff Brainard is a Product Marketing Director at Netskope, where he focuses on the NewEdge security private cloud infrastructure and related networking-focused solutions for traffic steering, client access, and digital experience management. With more than 25 years of experience in product marketing, product management, and sales leadership roles, Jeff has deep knowledge of web cache/proxy, secure web gateways, as well as network and application performance optimization technologies.
