The pandemic has impacted every aspect of our lives, but in particular it has fragmented the traditional working environment, scattering employees to different locations and thus making secure access more challenging, as most of the connections to the internet no longer happen from behind a firewall. The end users, no matter where they are, need to have access to the web in a safe way, without the risk of being infected by the most advanced malware. To respond to the security challenges that are emerging in the IT space a new framework, called SASE (Secure access service edge) has emerged.
In this Q&A, Alessandro Monforte – Cisco’s Head of Cloud Security Sales for South Europe, Middle East and Africa – explains more in detail how these new security issues are best addressed using SASE –– solutions. Cisco believes that service providers will be pivotal in pushing the adoption of SASE to the enterprise market.
Why is the role of operators and service providers so important in delivering better cybersecurity?
There are several reasons. During the pandemic, the amount of phishing and malware attacks really skyrocketed, mainly because everyone was a bit more fragile and exposed. Cyber attackers do not stop because of the pandemic; everyone is more
inclined to look for information about outbreaks or updates on recent laws approved by governments, so we’re more inclined to go and click on links that we shouldn’t. According to Talos – the Cisco cyber lab that is the biggest privately owned cyber lab worldwide – from March to December 2020,
more than 300,000 domains were registered with the words “coronavirus” or “COVID”, and more than half of these were malicious.
Service providers have the coverage to provide security services to residential users as well as small and medium businesses. These users buy data
from them, so the service provider can approach them and say “don’t worry, I can offer you voice
and connectivity as well as a security service that will protect you.” These users are likely not skilled in terms of IT security, so service providers are able to offer this protection as a service, protecting their sensitive data from exfiltration. This is fundamental, as the amount of phishing attacks that aim at exfiltrating home banking credentials has more than tripled.
The service provider is naturally in contact with both residential and SMB users, and because many of them probably don’t have much knowledge of things like ransomware, they require protection from the
SP. There are third party studies saying that over 70% of residential and SMB customers are ready to buy security services from their provider. The role of the SP towards the corporate segment is a bit different; they can guide them through the SASE journey.
So what exactly is the SASE journey?
This is the adoption of secure access service edge solutions. This is important because now that everybody’s working from home, the amount of people that are accessing applications, data or domains from their home – or while they’re on the move – is increasing a lot. So if I try to access applications that are no longer in my company’s data centre, but are in a public or private
cloud – these kinds of access no longer happen from behind a firewall. Wherever they are, access to applications and data need to be secured – so the SASE framework, which also covers the ‘secure remote worker’ use case, is ideally regulated by the service provider.
Customers are aware of the need for cybersecurity but seem reluctant to delve too deeply – which has led to a trend for operators to offer it as an additional service.
It’s also a way for service providers to increase loyalty – they can offer customers security for the same amount that they’d typically pay for a contract. This also improves brand awareness.
What are the factors that make businesses and consumers particularly vulnerable in emerging markets?
When we talk about the mass market, IT skills are typically very low, so they’re much more likely to be infected by advanced threats. The new trend in cyber attacks is ‘zero-day’ malware, i.e. malware that has never been seen before. Traditional anti-virus security solutions are signature-based – they block what they know. If they don’t know something, how can they block it? Zero-day malware is aimed at people with low IT skills, because they’re much more likely to be caught out. It’s so common now to see very well-crafted messages sent to mobiles – which obviously have much smaller screens than computers – from something that appears to be your bank,
and people enter security tokens or other sensitive information, and then they’re screwed!
Being able to offer extra security is a good way for operators in emerging markets to attract customers and increase loyalty; presumably it can also increase their revenue?
Absolutely, and with a very high marginality – and that’s even more important than the extra revenue. These are very affordable services; even if the carrier charges 50 cents on the dollar, they can make wide margin for residential and SMBs.
For enterprises where the employees are more involved, the role of the SP is more complex and more connected to the SASE.
How will the connection between operators and enterprises develop as SASE becomes more widespread?
More and more, applications and data are being shifted from the different companies’ data centres into the public or private cloud. So, how do employees get access to corporate applications that are no longer in the data centre, and are instead in the cloud? They need a connection that offers very well-defined quality of service, and they need the applications and data in the cloud to be secured – along with their access. This emerging trend is due to the fact that users are increasingly widespread – they are no longer working from the branch campus.
The SASE has the connectivity portion and the security portion, so the service providers acts as something of a vehicle for the SASE solutions – they don’t provide all the layers of the SASE connection, but they help to deliver the SASE solution to the corporate markets. This is ideal, because it’s in the interests of the SP to go to these markets with new services – they’re not just trying to sell voice and connectivity to them.
SASE is an emerging concept in cybersecurity that is fast gaining traction – what is the concept and what are the use cases that it’s best suited for?
SASE stands for Secure Access Service Edge – it’s a framework developed by Gartner that’s used to respond to the latest IT trends emerging in the enterprise segment. As I said before, the main trend is applications and data shifting from the data centre into the cloud. This happens for a number of reasons – for example to get more scalability and less OPEX. Sooner or later, enterprises will inevitably make these changes.
The second trend is the end users – the employees – are becoming more widespread, working from home or smaller branch offices. These users still need to have access to the internet with good quality of service no matter where they are, and they need this to be secure even though accessing websites, applications and data no longer happens from behind a firewall – it’s direct internet access.
The SASE framework allows a response to these trends – it’s not a product, it’s a concept comprised of different layers. There’s the connectivity layer – this can be SD-WAN (software-defined wide area network) or even 5G once this becomes more widespread. The latter provides a lot of bandwidth, and will probably become the best way of accessing the internet with good quality of service. This is key – the quality of service has to be comparable to what the end users perceive when they’re working from the office.
Next is the security layer, which is used to secure applications and data in the cloud but also ensures that when end users have access to a specific domain, they do not get infected – they are prevented from accessing malicious destinations. Within this layer, we also have ‘zero-trust’, which is aimed at identifying anyone requesting access to corporate applications in the cloud and establishing whether they have the correct permissions.
As 5G becomes more established, it will facilitate abuses of connectivity and access, creating risks but also opportunities. What are the key pitfalls of forthcoming technologies, including 5G but also AI, IoT etc?
Obviously hackers tend to follow the development of technologies – they don’t stand still. The risk is that the security technologies available will not be able to keep pace with the development of cyber attacks.
It will be fundamental that security technologies must be based on machine learning algorithms, because this is the only way that they can become predictive. This is key: your security solution is your defence mechanism, so it has to be more advanced than the attacking technique. The opportunity for the service provider is to embrace security services, bundling them with their traditional services.
This will deliver a lot of benefits: more ARPU, higher marginality, better brand awareness – it’s a way of increasing loyalty to differentiate themselves from the competition. Let’s not forget that the importance of cybersecurity is increasing – people are aware of the need to protect their PC, even if their IT skills are poor.
This is perhaps even more important in emerging markets where people rely massively on their mobile phone rather than a computer – it’s their bank account, it contains a lot of personal data. Are people in these regions becoming more aware of the need to protect their devices with cybersecurity?
Absolutely. Also don’t forget that a mobile screen is relatively small – if you get a phishing message from your bank that looks mostly correct, a lot of people aren’t paying attention to the domain because it’s harder to see.
How is the trend towards hybrid working increasing the need for cybersecurity?
People are working from home, or small branch offices that aren’t as well equipped in terms of security – this is a very complex scenario. It would be much easier for the company’s IT administrator, or even for the service provider, to deliver connectivity to an employee working in a campus network,
but that’s not the case. End users are everywhere, and the applications they’re trying to access are no longer located in the campus data centre – they’re in the cloud. Despite this complexity, end users need to perceive the same quality of service, and they need to browse safely. Hybrid work has complicated the job of IT administrators, and also the job for service providers delivering connectivity. During the pandemic, the main challenge that SPs had to face was that their connections to branch offices weren’t dimensioned correctly for the amount of traffic that they were expecting, so they had to make sure that the branch networks didn’t collapse. The reason is clear – the source of the traffic was totally different, it’s much less concentrated and more widespread.
In the SASE journey, it’s desirable for the service providers and corporates to partner with vendors like Cisco that own all the layers of SASE. Cisco is the biggest SD-WAN vendor in the world and is also a leader in security.
The SASE journey doesn’t happen overnight; it’s at least several months, possibly even years, so it helps to have a vendor who can guide you through all the different steps of the adoption of this framework.
This is because all the components are integrated; our security solutions are integrated with our SD-WAN; our zero-trust is integrated with everything. This is why we’re the ideal SASE partner for SPs and enterprises; our cloud solution – Cisco Umbrella – can be delivered very easily to millions of residential and SMB users without any drop in end user experience.
By Alessandro Monforte, Head of Cloud Security Sales for South Europe, Middle East & Africa at Cisco
Alessandro Monforte is an experienced Senior Sales Manager in the IT,
security and mobility areas. He is in charge of selling Cisco Cloud Security,
Email Security and EndPoint Protection Solutions in South Europe, Middle East and Africa. Prior to Cisco he worked for multinational telco companies,
in charge of business development and account management activities in the areas of network infrastructure, mobile security and cloud services. He studied telecommunications engineering in Rome and got an MBA from Bocconi School of Management in Milan.
Protect what’s now and what’s next with the most comprehensive integrated cybersecurity platform on the planet. Simplify your experience, accelerate your success, and secure your future with Cisco Secure.
As the largest enterprise cybersecurity company in the world, we lead the way with solutions that are driving the industry in Secure Access Service Edge (SASE), Extended Detection and Response (XDR), and zero trust.
Cisco Umbrella—a key component of Cisco’s SASE architecture—integrates multiple standalone security services and appliances into a single, centrally managed, cloud-native solution that can scale to protect a remote and roaming workforce.
Cisco Umbrella helps service providers deliver a “clean network”. It meets business and consumer customers’ critical security needs and creates a new revenue opportunity for operators.
Attach security that is easy to provision, deploy, and manage. Stop threats before they reach your customers’ networks and endpoints.