In this episode of our Telecom 10 podcast, we’re speaking with Matrix-NDI Account Executive, Vlad Novosad, about the network security solution, SASE, or Secure Access Service Edge.
Tana Larsen (00:01):
Hello and welcome back to The Telecom 10 with Matrix-NDI. My name is Tana and today I have one of our account executives, Vlad, with me, and we are going to discuss SASE or Secure Edge, I'm sorry, Secure Access Service Edge. Vlad, welcome to the show.
Vlad Novosad (00:19):
Hey, thank you Tana. Thank you for having me.
Tana (00:21):
Yeah, why don't you give us a little bit of an introduction on yourself, what your specialties are, passions in technology, all that good stuff.
Vlad (00:28):
Yeah, I mean, the best way to put it is I'm a nerd who enjoys the technology piece of it. I've spent about half over a decade now working with customers and clients of various sizes to understand the technology that's out there and the providers that are out there and translate that technical verbiage into the more simplified verbiage on how it's gonna impact that immediate business need and what they need to do to keep growing themselves as a company successfully.
Tana (00:55):
Awesome. So one of your specialties currently is SASE. So today I'm just gonna have you give us a super high-level overview of what SASE is and make it in layman's terms here because I'm not super familiar with it and I'm sure many of these listeners are not going to be familiar with it either. So why don't you just kind of high-level go over it and then we'll dive into some of the components.
Vlad (01:19):
Sure, absolutely. Well, I mean, SASE, just like a lot of the other acronyms you'll see out there is really a concept, it's an idea. It's a lot of other technologies put together into one simplified solution. So, think of it as SASE in particular would be like the SD WANs of the world, like the other types of security protocols that exist out there. And they combined all those ideas into one platform, or one converse platform for other people to understand a little bit better, or at least to know what kind of platform they're gonna be running and what that platform's gonna include. And that is comprised with the components of SASE. So, it's a, it's not a one-in-the-box solution - oh, here you go, everything is all said and done. It's a complication of other provided solutions for security, like Zero Trust and a few others that we'll name that put it all together into a solution and a concept to protect your investment, which is your company.
Tana (02:19):
Awesome. So I took the liberty of kind of looking into some of the main components of SASE, so I'm just going to ask you about a few of them. So Zero Trust is a big component. Can you dive into what Zero Trust means?
Vlad (02:34):
Yeah, absolutely. So Zero Trust is the opposite of trust, right? There is no trust involved. So think of it as your traditional VPNs. When you would wanna connect to your network or connect to your office, once you're connected, you're connected. All your applications, your emails. You had access to all of that data in the files at one point or another. Zero Trust works the other way around. It basically doesn't trust any device including you or any of the applications. And they have to get special granted access to access specific data on that network or on the data center. So something simple as your email, you can log in and view your email, but you can't do much more than that. And Zero Trust does that all the way across the board of all of your applications and all of your devices. So it doesn't necessarily replace the VPN, but it sort of protects the VPN on top of the not trusting you.
Tana (03:25):
So that'd be kind of like, as a user perspective, when you used to go to work, you'd come in, your computer's automatically on that network. They know it's you, they don't look any further. You're on the network on your device that was handed to you by the company. Now you're saying I can get on my phone and come in here and get the same stuff cuz they're verifying not only my phone, my laptop, my tablet, everything that gets connected anywhere is being re-authenticated every time.
Vlad (03:52):
Yeah. Not only is it verifying, it's also not trusting any of those devices. So you're not limited to being in the office, you're not limited to having to stay on the network. You can now connect to other networks where you're out and about on the bus stop or you're at home and connected to your private network at home and it's all being treated the same and all the way across the board. And then the policy management becomes significantly easier for that special IT person who's having a headache having to deal with it, right? Because now you can set a more organized policy where nobody's trusted at all and each device has its own specific access, so to speak.
Tana (04:28):
Okay. Well, we'll dive into Zero Trust a little bit further down the road here or maybe on a different episode, but let's go into a couple of the other ones. SWG is another acronym I found when it comes to SASE. Can you tell us what that is and a little bit about that as well?
Vlad (04:43):
Yeah, absolutely. So that's one of the layers and one of the components of the SASE or SSE or the whole security platform that's out there, right? And what the Cloud Secure Web Gateway, excuse me, what it does is basically protects everything that's on the web. This is gonna be from your phishing from clicking the wrong link to going to a wrong website or maybe even on purpose going to Yahoo! And somebody else's hacking Yahoo! So it's another layer of security that's in place to protect the internet access, so to speak.
Tana (05:12):
Okay. And then we have a couple more here. CASB. I have never heard of that in my life. So why don't you jump in and just take that one right off the bat?
Vlad (05:21):
Yeah. Cloud Access Security Broker, I think you're kind of catching the trend of everything is in the cloud, everything's gonna be some sort of a cloud access. And the CASB was gonna help the organization discover where that data is across different services that are out there, different networks that are out there, and the applications that are in motion and the cloud environments that are set in. So all ties back to that on-premise data center. It's being accessed by your remote workers, by your, neighbors, so on and so forth. So it's another way, another layer I should say, not another way that it kind of ties in a security piece and a protocol into the whole entire platform, the whole entire concept.
Tana (05:59):
Okay. And then the final component we'll dive into here is something that most of us have at least heard of and that's SD-WAN. So how does SD-WAN fit in with SASE?
Vlad (06:10):
Well, SD-WAN was introduced as a all-in-one solution of having easier access maintenance, being able to create protocols, being able to isolate devices and isolate different branches of offices and have one centralized location where you can control and access that from, right? Now, as things developed, as people got smarter and they started to try to hack different ways and have different types of software that they'd need to absolutely run, there had to be a way to kind of combine all of that into one and have an easier management. Otherwise, you're gonna have 17 plus different layers of security that you have to manage individually, and that's a lot of work. So the SD-WAN, it has been around and it's gonna continue to be around, but it's also gonna continue to evolve included into the SSE and into the SASE platform of the world where it's gonna compromise comprise, that's gonna be a tough word for me today, all of those acronyms that you were mentioned into a one solution where it is easier to access, easier to manage, easier to deploy and having the flexibility to scale up or scale down your security needs, not just on the physical layer of your office or your branch with the firewalls, but things like the Firewalls of Service, the CASB, the SD-WAN, the Secure Web Gateway, all those can be now monitored remotely and accessed remotely and configured remotely to combine all of your layers into one push of a button. New employee is starting - "Here you go. You're good to go, cuz we're gonna secure everything from your mobile phone to your laptop, to your desktop, to when you do go into your office, your physical phone."
Tana (07:50):
So all of this stuff is cloud-based obviously as we're gathering. So is this more cost-effective than say the traditional world of having pieces of hardware in every location for every single layer of security, you know, all that stuff? Does this make it a more affordable solution for businesses?
Vlad (08:06):
Yes and no. So there's not gonna be a time where you completely get rid of your physical hardware, physical security, physical layers like a firewall, like your switches. Those all still need to be protected. What this does, this gives end-users an easier way to scale this security platform up and down. Also, kind of looking at how everything is changing and becoming mobile, you also have to scale up to how often you're gonna be working outside the office, inside the office. So a little bit of both. It's gonna be both affordable in a sense that it's not gonna be as dramatic as getting a whole new network set up in your office . . .
Tana (08:43):
Goes on top of what you already have . . .
Vlad (08:45):
Right, right. But it's also a must. This is something that we can't avoid anymore because you're gonna have to be mobile one way or another somewhere, somehow.
Tana (08:53):
Right. Okay. Well, that is going to be all the time we have today, but on the next episode, I think we'll dive into how SASE fits into a post-COVID world, cuz obviously there's been a lot more cloud access, a lot more remote work. So tune into the next episode to learn more, a little bit, to learn a little bit more about that. Thanks for joining us today, Vlad.
Vlad (09:12):
Hey, thanks for having me, Tana. Speak Soon.
Tana (09:13):
And thanks for tuning into this episode of the Telecom 10 with Matrix-NDI. My name is Tana, and if you'd like to learn more about Matrix-NDI, you can find our website at www.matrix-ndi.com or you can find us on Facebook, Instagram, and Twitter with the handle @matrix_ndi.