Cisco is embracing the secure-access service edge (SASE) architecture put forth by Gartner with plans to upgrade some of its existing products to reach the goal of delivering access control, security and networking to cloud services.\nThe enterprise shift to SASE will be gradual as they figure out the best way to connect their increasingly remote workforce to distributed resources delivered from corporate data centers and as cloud services, Cisco says.\n\n\n\u201cFlexibility will be fundamental as IT chooses among multiple security and networking capabilities that best fit their operations, regulatory requirements, and types of applications,\u201d said Jeff Reed, senior vice president of product, Cisco\u2019s Security Business Group in a blog post. \u201cSecurity services can be predominantly delivered from the cloud to provide consistent access policies across all types of endpoints. However, globally distributed organizations may need to apply security and routing services differently according to regional requirements.\u201d\u00a0 \u00a0\nReed stated that secure access and optimal performance are a must. \u201cThe rapid adoption of SD-WAN for connecting to multi-cloud applications provides enterprises with the opportunity to rethink how access and security are managed from campus to cloud to edge,\u201d he stated. \u201cWith 60% of organizations expecting the majority of applications to be in the cloud by 2021 and over 50% of the workforce to be operating remotely, new networking and security models such SASE offer a new way to manage the new normal.\u201d\nAccording to Reed, the goal of SASE is to provide secure access to applications and data from on-premises data centers or cloud platforms, with access determined by identities that are defined by combinations of characteristics including individuals, groups, locations, devices, and services.\nService edge refers to global points of presence (PoP), IaaS, or colocation facilities where local traffic from branches and endpoints is secured and forwarded to the appropriate destination without first traveling through corporate data centers. By delivering security and networking services together from the cloud, organizations will be able to securely connect any user or device to any application and optimize user experience, Reed stated.\nTo support this framework, Cisco said it will increasingly enhance and integrate a number of networking and security products including its SD-WAN software for networking, Umbrella for security and Zero Trust for identity and access.\u00a0\nReed wrote:\n\n\u201cSD-WAN is a cloud-delivered overlay WAN architecture with application optimization to deliver predictable application performance in multi-cloud environments. A full security stack is built in, and offers firewall, IPS\/IDS, AMP and URL Filtering. Analytics and Assurance deliver the visibility and insights over any type of connectivity to deliver the best experience.\n\u201cUmbrella unifies secure web gateway, DNS-layer security, firewall, and cloud access security broker features in a single integrated cloud-native platform. Built as a micro-services-based architecture with dozens of points of presence around the world, Umbrella provides the scale and reliability needed to secure today\u2019s remote workforce, all driven by threat intelligence from Cisco Talos.\n\u201cTo verify identity and protect access to resources, Cisco\u2019s Duo and Software-Defined Access (SD-Access) enable a zero trust network architecture to be extended anywhere people work. Duo provides workforce protection, while SD-Access protects the workplace. Ultimately, IT is less concerned about where the security functions are implemented and can focus more on the policies that they need to enable throughout the enterprise, Reed stated.\u201d\n\nThe disparate ways that security and network services are sold will make it difficult to buy them for the purposes of SASE, he wrote. \u201cToday these technologies typically have separate buying cycles, which may slow SASE adoption. Secondly, licensing structures are different for networking, which are typically throughput-based, versus security services, which are based on protecting a wide variety of users and endpoints.\u201d\nExperts agreed that SASE is a process that is only beginning.\u00a0\n\u201cSASE is definitely a journey not a product, and it won\u2019t be sorted out quickly,\u201d said Lee Doyle principal analyst at Doyle Research and Network World contributor.\u00a0 \u201cCisco has embraced the SASE terminology, and the company is uniquely positioned in that it has the strengths in network and security technologies needed to build it out,\u201d Doyle said.\u00a0\n\u201cThey don\u2019t have everything to meet all of the SASE criteria, and they aren\u2019t saying they do but they are well-positioned,\u201d Doyle said. \u201cPutting everything Cisco has together in an integrated, easily consumable fashion for customers will be the next steps.\u201d\nCisco certainly won\u2019t be alone in its SASE quests as VMware, Palo Alto, Fortinet, ZScaler, Cato Networks and others are all marching down the same competitive path.