As IT and security leaders adapt to business operations in the “new normal,” they are simultaneously being charged with priming the business to win in the next era of distributed computing. This involves myriad updates to the business’ IT systems, and in some cases, a comprehensive overhaul for network modernization, cloud migration, and edge design and deployment — all tightly wrapped with security. The pressure is high because leaders know the decisions they make today will vitally impact the ability of the business to remain resilient and competitive tomorrow.
To this point, many are researching or actively considering new security approaches that are better suited to a distributed computing model where employees, customers, suppliers and more need secure access to applications, data and services anytime and from anywhere. It’s no surprise then, that many are also considering how to merge various technologies within networking and security to help reduce network complexity and overlapping technology capabilities, improve network performance and security, and potentially reduce costs. (After all, reductions in cost can then be redistributed to developing and protecting emerging edge environments.)
One “new category” that is garnering a lot of attention brings together multiple network and security technologies, including but not limited to: Software-Defined Wide-Area Network (SD-WAN), firewall-as-a-service, Secure Web Gateway, Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA). Gartner has coined the term Secure Access Service Edge (SASE). Other firms have given their own labels: IDC (Software-Defined Secure Access), ESG (Elastic Cloud Gateway), and Forrester (Zero Trust Edge). Whatever the name, SASE in one form or another is being considered by customers across industries.
Buzz aside, the question remains: “Are customers actually adopting SASE? And if so, why?”
The answer is yes, and we at AT&T can provide some insight. In March, we launched AT&T SASE with Fortinet, expanding our managed security services portfolio by unifying SD-WAN with some of the essential security functions listed in the SASE framework. And because SASE can be quite complex, we offer support for deployment and 24x7 management. This official launch of AT&T’s first SASE offering, though new in terms of branding, has evolved from the work we’ve been doing for several years with customers who have been moving to SD-WAN and want security to be part of that conversation — a trend accelerated by COVID. These customers tend to be national or multi-national organizations, and if they were not on the path to network transformation already, the sudden need to solve for an expanded remote workforce and increasing number of remote sites, branches, or pop-up locations, pushed them along.
Steven J. Schuchart Jr., principal analyst for enterprise networking at GlobalData, says as businesses plan for digital transformation, “Security is the number one consideration and AT&T’s new SASE offering based on Fortinet addresses not only the security needs at the branch and home location, but the performance and end-user experience issues customers on more traditional architectures experience.”
To this point, as the pandemic took hold in 2020, AT&T began working with a large, multi-national healthcare company on a digital transformation initiative aimed at helping the customer address the latency issues they were having with traffic going into their data center — exacerbated by changes to the business due to the pandemic. In response to COVID, the provider had significantly increased its remote clinic locations to minimize patient impact on hospitals. This change in their business model required an equal pivot in their network and security approach in order to meet the demands on the network and to facilitate application performance. In addition, like most businesses, they were faced with how to protect a large remote workforce.
AT&T’s team helped architect and deploy a plan for dozens of the customer’s remote sites, including an international call center, and thousands of remote employees. They deployed SD-WAN at the remote sites, which improved application performance within the clinics and the call center, and improved network performance overall. With AT&T Global Security Gateway (GSG), a cloud-native solution, the team helped the customer centralize and simplify security policy management and improve access management and control for employees and the business (including monitoring internet application access) whether on site or working from home. These changes also made it possible to push the scrubbing of network traffic closer to the edge, i.e. closer to remotes sites and to employees working from home, which in turn helped improve network performance. By virtualizing its network and security controls, AT&T helped the customer save on its infrastructure costs and helped enable the customer to quickly adapt to the needs of its business, whether by adding more remote sites to meet patient demand or provisioning new employees regardless of where they are working.
By working with the customer on a SASE model for network and security, AT&T helped to:
- Provide for business agility, modernizing their network and security infrastructure, so they could quickly adapt during the pandemic
- Improve employee work-from-home productivity and provide protection for those employees accessing the network
- Support business continuity and resiliency through network and security virtualization which allows for faster changes on an as-needed basis
- Provide relief to overloaded internal IT staff due to AT&T managing the solution, delivering best practices for security policy, provisioning, and 24x7 global monitoring
This is one example of the many conversations AT&T is having with customers as they consider the future of their business and how to best protect it. How customers approach their digital transformation journey and the pace at which they are executing may vary. However, one thing is for sure: most of the conversation are focused on migrating to a new network and security model in the next few years, and that largely includes a discussion on SASE.