Cloud-native SASE and Zero Trust – the future for Asian businesses

cloud-native zero trust
Image by Inq |

Asian economies were the first to feel the impact of COVID-19, owing to their proximity to the pandemic’s origins in China. Enterprises across the region have been in the front line of the crisis ever since. Corporate IT teams, in particular, have been feeling the heat.

From the earliest days of the pandemic, they had to find ways to manage the COVID-related upsurge in remote working, while all the while striving to maintain their focus on digital transformation. To take Malaysia as just one example, a recent study by independent consulting firm KPMG revealed that 64% of workers in the country said they had felt challenged in adapting to home working during the country’s movement control order (MCO) period.

The top three difficulties cited were: network or connection issues (61%), communication barriers (14%) and a lack of technology readiness (10%). When asked what would improve the remote working experience, most said a stable Internet connection, better IT infrastructure, and clearer guidelines on remote work from bosses.

There is no question that similar challenges have been experienced across the region. The reality is that when country after country was forced into lockdown measures at the beginning of the pandemic, nobody was truly prepared from a technology perspective. Many workers found themselves relying on their own devices on a BYOD basis. Corporate devices had not been procured because it had never been expected that people would be working from home on such a scale.

A parallel problem was how to give access to corporate applications to those workers. The first step for many enterprises was to put applications into the cloud so that they could be accessed from any location. All this, of course, demands appropriate connectivity.

In the past, enterprises have turned to communications service providers to connect a head office at Point A to a branch office at Point B. But at a time of mass cloud migration, with enterprises often spreading their reliance across multiple public cloud platforms, old school telco networks are just not up to the job. It’s not something they were designed for. These days there are software-defined alternatives to conventional MPLS and VPN-based connections. Just as you can spin up a virtual machine in the cloud, you can now spin up a network in the same way. There’s no need to go to a traditional service provider to help you do that.

Using normal home broadband, software can be deployed on the laptop of a remote worker that will provide connectivity to multiple clouds. Policies can then be set to decide who has access to which application. We’re talking about a network that resides in the cloud, so-called cloud-native. The Internet acts as an underlay for the connectivity layer that lies on top in the form of an overlay. 

One of the first questions that any responsible CIO will ask about such a solution is ‘How secure is it?’. Could such a cloud-native network overlay end up compromising corporate data in any way? Given that workers are dispersed to a multitude of locations, needing access to perhaps several different platforms, what sort of cloud access is so secure that nobody can hack into it?

The answer here is secure-access-service-edge or SASE. It’s cloud-native networking with cloud-native security integrated. This model allows software-defined access to the cloud, and also lets you connect to multiple cloud providers. In addition, it delivers security at both cloud and user end, as well as the middle mile. With SASE, handling BYOD is a piece of cake.

Providers of SASE include NetFoundry, VeloCloud, VMware, Cloudflare. All have slightly different capabilities, but all are much more adapted to multi-cloud demands than anything offered by a traditional telco. Enterprises need to seek out a connectivity platform that is based around zero trust principles. To be more specific, they need to adopt a software-defined perimeter that comes complete with zero trust security. This gives you a gateway that can be spun up inside a cloud provider. Once activated this interacts with software at the other end with the consequent communications channel completely invisible.

There’s no need to depend on any kind of traditional network. You get connectivity that’s performant, fast, in fact, five times faster than a VPN connection. The zero trust aspect is all about trusting nobody, as the name suggests.

Most security models, like one-time passwords, can be misused. They rely on individuals doing their job right. Zero Trust means all you trust is the policy which your company has created. As a model, it has clear-cut, policy-based restrictions. It limits who can use which type of application as without authentication, a connection cannot be made.

Some 80% of cyberattacks come from a connection being opened without the right authentication taking place, but with Zero Trust in place this can’t happen. It works on multiple layers of verification and doesn’t depend on individuals doing the right thing. That’s why everybody will soon be moving on from the SSL or VPN-based technology there were relying on only a couple of years ago. 

With the right kind of software-defined, cloud-native, zero trust multi-cloud solution, you can easily share your workloads around between different clouds without having to integrate anything yourself. Only one network is needed to control everything, managed through a single window. You are not limited to a particular location to have this control, or to use the cloud services. Connect from anywhere at any time, agnostic of any one network. 

The pandemic may be a long way from over just yet, but armed with the right tools enterprises can face the future with a degree of confidence.

By Dipesh Ranjan, VP & Managing Director, NetFoundry, APAC & India

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.