It seems that most of us are mired in the same paradox:
- We have inherited a network with multiple vendors, technology types, and capabilities; we need to create order from this chaos, and
- We have a dispersed work environment, with staff operating from everywhere on their own devices, so our network perimeter has essentially disappeared, and
- We’ve amplified our dependence on cloud-based services and applications, and
- Our users, and indeed our CEO, are demanding flawless, seamless network performance, yet
- We still operate a conventional hub-and-spoke network model, routing all traffic through a central data center (because that’s where the firewall is, so that’s how we secure our data)
Secured data does NOT mean compromised performance, especially when you work with the right managed services provider.
Solving the puzzle with SASE
We now have a fresh network security approach, capable of adapting to the scattered nature of all of our contemporary businesses and our rising use of cloud services.
We can safeguard data and systems, no matter their access points. We can manage the intricacies of our newly distributed networks. Secure Access Service Edge (SASE) is a security model that blends your network and your security into a singular cloud native solution, no matter the data being accessed, the person attempting access, or the system they’re using.
This not only bolsters security but also boosts network performance, eliminating the need to route traffic through a central data center.
But SASE comes with its own puzzle pieces
SASE’s network security options include a broad array of security approaches:
CASB (Cloud Access Security Broker): on-premises or cloud-based security policy enforcement. It lives between users accessing your cloud-based applications and services, and your cloud service providers, and enforces the policies you set.
SWG (Secure Web Gateway): an all-inclusive web security solution that includes its own set of security features:
- SSL Proxy
- URL Filtering
- Intrusion Detection and Protection Service (IDS/IPS)
- NextGen Anti-Virus (NGAV)
- Data Loss Prevention (DLP)
- Advanced Threat Protection
ZTNA (Zero Trust Network Access): authentication that follows the user. ZTNA focuses on policy, identity, and content. The policies follow the identity of each user wherever they are, and the control is yours. No access is permitted until you say it is.
FWaaS (Firewall as a Service): Firewall-as-a-Service, also known as cloud firewall, places the management burden on your vendor. FWaaS delivers firewall functionality as a cloud-based service and provides the same features as a next-generation firewall. SASE offers FWaaS as part of a unified, cloud-based security model. This way, you can easily manage deployment from a single platform.
SD-WAN (Software-Defined Wide Area Networking): The “A” in SASE, is the WAN connection to the network security services presented above. As your corporate perimeter dissolves when applications move to multiple clouds to be accessed from anywhere, you must offer end users seamless connectivity and security. An SD-WAN “overlay” to your public Internet or private WAN network optimizes your WAN and unifies security across users.
And… so many SSE vendors! In the realm of Secure Service Edge (SSE) solutions, the landscape is bursting with options. Zayo stands at the forefront of collaboration with some of the industry’s most prominent vendors:
Netskope — Gartner’s top SSE provider, Netskope sets the benchmark with its advanced Cloud Access Security Broker (CASB) capabilities and acclaimed Data Loss Prevention (DLP) features. From forward and reverse proxy functionalities to API introspection, Netskope offers a comprehensive suite of tools to safeguard our clients’ digital assets.
Palo Alto Networks — PAN Prisma offers a robust SSE solution that addresses the evolving security challenges in today’s cloud era. Its combination of advanced security features, automation capabilities, and compliance support makes it a strong choice for securing multi-cloud environments.
Cloudbrink — Advanced ZTNA solution that stands out for its ability to effectively thwart data access breaches, enable ubiquitous employee connectivity, and optimize application performance with client SD-WAN capabilities while solving first and last-mile issues.
And there are more:
On the network side, Zayo partners with these SD-WAN vendors:
VeloCloud — VeloCloud offers agile, optimal, and scalable branch connectivity solutions, delivering enhanced performance and last mile remediation for critical applications through its comprehensive SD-WAN features. It provides easy integration with third-party security solutions for advanced threat detection and mitigation.
Versa — Versa is known for its broad suite of capabilities, including advanced routing functionalities, application optimization features, and integrated NGFW services (on board security). With hosted cloud orchestration, Versa empowers businesses with a scalable, secure, and high-performance network infrastructure that adapts to their evolving needs.
Palo Alto Networks —Palo Alto Networks offers SD-WAN capabilities that seamlessly integrate with leading cloud security platforms such as Prisma Access and third-party SSE offerings, ensuring secure and optimized connectivity for organizations embracing cloud-centric infrastructures.
Fortinet — Fortinet offers a security-first SD-WAN. It delivers NGFW security, advanced routing, and WAN optimization, ensuring a secure networking environment. Additionally, positive customer feedback reinforces confidence in its reliability
And there are more:
Doing nothing is not an option, but reality is messy
One of the big advantages of working with a Managed Service Provider (MSP) is the array of bespoke solutions available to you. An MSP has forged the relationships, understands your individual requirements, and can piece the puzzle together for you. They can help you keep the lights on during a gradual transition to a better networking and security environment.
Customers have thrown us some rather perplexing situations. They’ve inherited networks and decisions made by others, and need to make those decisions work for their businesses today.
Hypothetical Scenario 1: let’s start supplementing with SASE
I’m a large financial institution with 28,000 employees, many now working remotely. Our main office is located in Chicago. We have 10 regional offices in North America, and 50 branch offices globally. We use multiple vendors for connectivity. Employees require secure access to sensitive financial data and applications, all cloud-hosted. We need to ensure compliance with regulatory requirements such as PCI-DSS, GDPR, FINRA, and SEC regulations. We conduct financial transactions that require very low latency. Our network is complex, and we want a gradual transition to SASE.
Solution 1:
This company wanted a strong overall SD-WAN solution that can easily integrate and homogenize their many vendors into a single solution, while ensuring stellar trading performance and ongoing data security. Our managed solution would focus on the flexibility needed to deploy globally, but maintain local breakout and cloud service availability in-region. Latency in a global environment means user traffic cannot be backhauled to some common corporate hub location. An SSE overlay is probably the best solution for remote users, and a tight integration with SD-WAN to solve the branch connectivity piece is going to be key here.
This company wanted to discuss Netskope’s SSE capabilities working with Versa’s SD-WAN. Zayo partners with both Versa and Netskope, and we would therefore discuss the benefits of this potential solution with this customer.
Hypothetical Scenario 2: please manage my network for me
I’m a marketing agency with remote employees and 10 locations. We have cloud-based voice and video applications and cloud-hosted customer information. I’m just getting started converting my security solution from an on-prem firewall to SASE. I’m hesitant to blindly embrace new technology and would prefer to see the solution proven out at one or two locations before we roll it out broadly. Ideally, I want an MSP to take it over. We have more important things for our IT team to worry about.
Solution 2:
A rapidly evolving business with ten locations and remote employees will need encryption and security measures. We can start out with a pilot installation at one or two locations, to test, optimize, and later expand to the other branches, with a focus on careful implementation that takes advantage of existing infrastructure while minimizing disruptions to operations. We’ll work to secure all cloud-based applications without compromising performance, and provide a follow-the-user ZTNA security approach appropriate for this company’s size.
This company appreciated the ZTNA capabilities of Cloudbrink and the security-first SD-WAN approach of Fortinet. Zayo partners with both companies, and we would therefore discuss this potential solution with this customer.
Hypothetical Scenario 3: a measured, gradual implementation
We’re a large retail organization in a hybrid work environment. We have 1,200 stores, and I need visibility into the performance of over 3,000 applications with control over application access. I also use third-party SSE providers and need to trial their solutions in a sandbox. We want a co-managed solution, with a gradual implementation schedule.
Solution 3:
This customer prioritizes security and operational efficiency, and needs a flexible, adaptable security infrastructure that integrates existing technologies, allows them to move to newer solutions, and grows with them. The solution must simplify a complex environment into a more manageable SASE environment, enhance visibility of applications, and improve performance and control.
This company knows about VeloCloud’s third-party integrations and wanted a solution that integrated Palo Alto’s advanced SSE security features. Since VeloCloud and Palo Alto are both Zayo partners, we would present this solution to this customer.
Hypothetical Scenario 4: A new network
I’m a healthcare company with 5 large locations and 20 smaller remote clinics across the U.S. and Canada. I’m managing and maintaining multiple security appliances, VPN connections, and policies across diverse locations with patient data and business applications in the Cloud. We’re backhauling traffic through our data center for security inspection, but it’s causing latency. We plan to grow 10% next year, and we have an opportunity to build a new network from the ground up.
Solution 4:
All healthcare organizations are committed to protecting very sensitive patient information. This one also maintains multiple security appliances, VPNs, and policies across diverse locations – a complex task. Ensuring the security of business applications in the Cloud and backhauling traffic through a data center for security inspection adds to this complexity. With this greenfield opportunity, we need to manage the demands of their cloud-based SaaS applications, navigate the challenges of a multi-national footprint, and uphold the urgent need for a robust firewall-as-a-service.
This company has a strong preference for Palo Alto Networks. Therefore, we would discuss this potential solution with this customer.
SASE requires a profound understanding of both network and security technologies. Done well, SASE will secure your data without compromising network performance. Most importantly, you CAN manage the transition incrementally, without causing disruptions to business operations.
Managed services work for YOU
If your company is hesitant about handing the reins over to a managed service provider, these are the arguments you can take to your finance and operations teams:
- A Customized Solution for YOU
Managed service providers (MSPs) specialize in network security and have years of experience working with various businesses. They can afford to retain the very best talent in each area as they have the scale to keep those resources busy. They understand the intricacies of implementing SASE, and they know the strengths of each vendor. A managed service provider will curate a solution customized to your business. - Cost Savings
Implementing SASE can require significant investment in hardware, software, and personnel training. By outsourcing to an MSP, you can save on these costs. MSPs already have the necessary infrastructure, expertise, and experience in place. No need to hire a full-time IT security team to manage your SASE solution. Plus, with an MSP, you only pay for the services you need, making it a more affordable option for small and medium-sized businesses. - Proactive Monitoring and Maintenance
MSPs provide 24/7 monitoring of your network to identify any potential issues before they become major problems. At Zayo, we use AIOps to proactively identify and address network and security issues before our customers even know they exist. The infrastructure, customer portal, the operations centers, and all the support personnel are already on staff. - Scale
As your business grows, so does your network and data traffic. Even if your business isn’t growing, your network and data traffic are. MSPs can scale up or down their services according to your organization’s needs, ensuring that you always have the right level of connectivity and protection. You’ll never be underresourced again. - Advanced Technology
MSPs constantly invest in the latest security technologies and tools, providing your organization with access to advanced features and capabilities that may not be feasible for you to implement on your own. The many partnerships forged among network and SSE providers ensure that you’re investing only in the security elements your business needs. - Recovery and Continuity
In addition to protecting against cyber threats, MSPs also offer disaster recovery and business continuity services. This means that in the event of a natural disaster or system failure, your network will be accessible so that your business can continue to operate. - Vendor Support
An MSP will spot an outage or degraded service before you do, and will proactively contact your vendors to begin troubleshooting, around the clock. Your IT team can continue working on the projects that advance the business because your MSP is handling the operation of your SASE solution. - Flexibility
With Zayo, we can manage as much or as little as you need us to. Want to retain control over your fiber infrastructure, but need a new ZTNA solution and a managed WAN? We can do that. You decide what to hand over and what to keep. And this can change over time – no boxing you into a corner through the length of your contract. - Peace of Mind
Knowing that your organization’s data and systems are in the hands of experts can bring peace of mind. MSPs have extensive knowledge and experience in cybersecurity, allowing you to focus on running your business without worrying about potential cyber threats or network issues that are hard to diagnose. (That AIOps monitoring we discussed in #3 above? It can tell where outages come from, which need attention immediately, and then your MSP will address them.)
Face your new working realities head-on by taking steps to secure your data when your devices and people (and data!) are everywhere.
With a Managed Service Provider (MSP) behind you, you can begin to integrate the benefits of a SASE solution, including SD-WAN and more, with your existing network infrastructure. And since SASE blends your network with your security – these two teams, who may have been working independently, will now work together more efficiently.