Public cloud services spending is expected to reach about $825 billion in 2025 — an increase of just over 22 percent in one year. Many companies still run their workloads on-premises, but that is shifting quickly as organizations realize the benefits of the cloud.
Migrating traditional on-premises security solutions to cloud-hosted offerings provides many benefits, including centralized management, increased accessibility and potential cost savings. The right approach can help companies improve operational resilience, strengthen security, and reduce complexity, but despite this, misconceptions remain that hinder companies from making this move.
Grappling with Performance and Resiliency
Organizations typically have two common concerns about putting security assets in the cloud.
- First is the performance impact. When leaders think about digitization and moving assets to the cloud, they worry, “If I move my security stack to the cloud, will it have an impact on application performance and affect employee productivity?”
- The second concern is control. Organizations are sometimes reluctant to give up control of their security assets to a cloud provider, as their assets will be stored in the cloud vendor’s data centers. We frequently speak to customers who are worried about this aspect. They are concerned about maintaining the right level of control in this scenario.
SASE is a cloud-native architecture that combines SD-WAN and Security Service Edge, which includes Zero Trust Network Access (ZTNA), secure web gateway (SWG) data security and other security functions delivered at the network edge. It fits seamlessly into the move to the cloud by providing a unified, scalable, cloud-based platform that combines network and security functions. This allows organizations to secure applications, data and users everywhere. The benefits of SASE can include:
- A centralized security framework designed for today’s dynamic networks, combining security and networking services.
- A Zero Trust approach that empowers organizations to run continuous verification and inspection. It provides policy enforcement based on identity and application for access to sensitive applications and data.
- SASE overcomes the inefficiencies of traditional architectures by prioritizing consistent data security across all edge locations (geographically dispersed data centers or points of presence positioned close to end users.) It simplifies data protection policies and removes difficulties such as shadow IT, security blind spots and policy inconsistencies.
- Regardless of location, SASE offers visibility into hybrid enterprise network environments that connect public and private clouds, branch and remote locations, headquarters, data centers and users. It also offers visibility into application use, allowing detailed understanding and control.
Setting the Record Straight
Today’s SASE tools are built in the cloud, on top of leading cloud platforms like Google Cloud Platform and Amazon Web Services (AWS), which are ubiquitous.
Modern apps are essential for productivity, but poor app performance is a significant hindrance. Traditional content-caching solutions and existing SASE solutions cannot solve poor performance for modern apps that are highly dynamic and personalized. There are SASE offerings that provide extremely fast processing, eliminating latency concerns.
Many CIOs have implemented or invested in an app acceleration module that works on dynamic apps and makes them load faster than directly over the internet. This improves the experience, throughput and response time. Meanwhile, you can remain in control.
You can consume this type of offering as a service while getting best-in-class security and performance. If you have SD-WAN access from the same vendor, you also gain full visibility from the branch through the cloud to the application so that you can make the right performance optimization decisions. You also gain a unified policy for security and networking.
Proactive management is a critical component of monitoring performance in the cloud. You must constantly monitor the health of your data and hosted services. For instance, if there’s a sudden uptick in users, you’ll need to scale up quickly to meet demand. If you spot congestion on a link, you can automatically switch to an optimized, performant link, improving performance.
Ideally, you’ll have a strong relationship with your cloud provider(s) to get real-time service status updates. If you find any disruptions, you can work with your provider and site reliability engineering (SRE) team to quickly stop possible service impact before it starts. Committing to continuous monitoring and mitigation will be the foundation for your operational service resilience, enabling you to respond rapidly to potential issues.
Performance is crucial for cloud-based businesses as companies shift away from data centers. It’s just not true that companies should expect a performance drop in cloud-based security assets. Due to its cloud-based nature, SASE empowers a highly performant and dynamic network that can roll with whatever business punches come. That includes capacity, business priority shifts and an ever-changing threat landscape.
Today’s businesses must build operational resilience with a cloud-based security package. In doing so, you’ll also get more robust service due to the cloud’s redundant nature, which inherently provides resilience. This enables unprecedented scalability so that companies can ensure the smooth operation of business no matter what happens.
Anupam Upadhyaya is the vice president of product management for all SASE products including Prisma Access, SD-WAN, GlobalProtect and ADEM at Palo Alto Networks.