Data-Centric SASE: Delivering a Great User Experience

Anyone could probably build their own car if they kept working at it, but it wouldn’t be a Ferrari. So, why should IT organizations go it alone when they can work with the best partners in the business, like Google Cloud - when it comes to building critical networking infrastructure? The business of infrastructure is one of the most distracting activities an organization can undertake, which is why so many choose to partner. Collaborating with the right cloud partner can accelerate an organization’s software innovation and growth and increase their focus on what matters most.

It’s an important topic as enterprises consider moving to the new vision for network security called Data-Centric Secure Access Service Edge (SASE).

Data-Centric SASE flips the current network perimeter security model on its head. It offers a new architecture that places specially adapted security assets closer to where users, applications, and data are located right now (out on the internet), as opposed to where they were 10 years ago (within a private network). Without proper placement of security assets, organizations miss opportunities to protect users, data, and applications from sophisticated attacks that, a few years ago, would have only been accessible to nation-state actors.

But Data-Centric SASE is more than just security. A good SASE solution must also be a faithful custodian of the user experience. In my hundreds of customer conversations there are two constants: Information security is job number one which is followed closely by preservation of the user experience. Customers know that the user experience can make or break a security solution, so they seek low-friction options. When fully implemented, SASE should, by nature, improve the user experience when compared to the corporate VPN. Most of us would agree that beating the VPN in a performance contest is a low bar, but it’s a start. So, it’s useful to question what other factors influence the user experience.

And that’s where hyper-scale, private networking infrastructure can play such a critical role.

DIY Cloud

Who doesn’t love the can-do spirit of the modern engineer? They are part philosopher, part scientist, and part artist. No task is impossible for an engineer. And this is the spirit that has created many of the world changing inventions that we all know and love. But there are times when engineers want to solve problems that should be left to others. Cloud infrastructure happens to be one of those problems. For years, we operated on an infrastructure model that we have since termed “DIY Cloud” which stands for “do-it-yourself cloud.” The term “DIY” is appropriately affectionate, implying a certain level of self-sufficiency that invokes a sense of nostalgic pride. But in the modern context, DIY also implies a lack of professional polish. DIY in pop culture is decidedly average. DIY is often described as “just ok” or “functional,” but it is rarely labeled “impressive.”

Two years ago, at Symantec, a division of Broadcom Software, we embarked on a humbling exercise: The core question we considered at the time was if we could outperform public cloud vendors on all relevant aspects of infrastructure operations. More importantly, we wanted to explore if we were already lagging the infrastructure juggernauts. Finally, we asked ourselves if the hidden costs of running our own infrastructure was such a distraction that it was affecting our security focus? Our conclusions were honest and sobering. We walked away from those discussions understanding that not only Symantec, but no one in our industry was going to “out-Google, Google” and the other infrastructure leaders at hyperscale cloud.

It’s the same basic math that many of our customers have gone through over the past several years. Can we really do a better job of managing infrastructure than the world’s largest and best public cloud providers? It’s difficult to ignore such overwhelming facts and we took that realization and began to act.

As a result, we selected Google Cloud as our infrastructure partner, replacing the DIY Cloud that so many of our competitors are still wrestling. And we were not disappointed. Once fully operationalized on Google Cloud, we reduced data center build times from months (or more) to a few hours. We increased automation, reducing human errors, and we improved our resiliency by embracing advanced concepts like infrastructure as code. Nothing in our world is physical. The idea of a hardware failure is delightfully antiquated. We work with a single vendor instead of the 30+ vendors required to run our old DIY Cloud. Given these great accomplishments, which took less than a year to fully realize, it’s not difficult to see how all this has benefitted customers.

But did it benefit the user experience? Just one example is a before-and-after test we ran, that indicated a 20 percent improvement in the performance of Symantec Secure Access Cloud (SAC), our Zero Trust Network Access (ZTNA) solution, since migrating the infrastructure to Google Cloud.

A critical component of the SASE architecture, ZTNA provides Zero Trust Network Access for the cloud generation. An ability to deliver ZTNA so quickly and efficiently through a strategic partnership with a private, cloud-networking provider allows businesses like ours to greatly accelerate enterprise migration to a fully-developed SASE network security architecture –paralleling the migration to cloud which was accelerated by the Covid pandemic.

But that is not the only benefit.

More Than Dots on a Map

Partnering with a company like Google Cloud enhances Symantec’s ability to deliver cloud-first software with speed, scale, and efficiency. It also allows us to accelerate innovation and integration of our core security franchises – including Symantec Web Protection, CloudSOC CASB, and Secure Access Cloud – to meet the growing needs of digital businesses globally.

But beyond the basics there is a frequently overlooked problem in our industry: Edge connectivity.

I sometimes get the question, “Why Google?” The answer is simple: because Google has mastered the art of transiting large amounts of data between its POPs (Point of Presence) and the edge. Airports, our homes, coffee shops, cellular networks, and wherever we go as internet users; that’s where the edge is. Since the pandemic, the edge has become more important than ever to businesses. The success of the world’s largest applications, to a big extent, depends on how well they can move data between POPs and users. The inherent unreliability and inefficiency of public internet routes can easily disrupt the user experience so that variability must be controlled, exposing another weakness of DIY Clouds.

Google’s solution to this problem was to not just put the requisite POPs on the map. Google knew that it must take ownership of as much of the data path as possible by interconnecting its POPs with the surrounding ISPs and other entities to ensure efficient transit to and from end user populations. This strategy goes well beyond peering in a handful of exchanges. In total, Google participates in 180 internet exchanges in addition to 160 private interconnection facilities. No DIY Cloud from the SASE industry comes close. Without a highly interconnected private network, applications hosted in these DIY Clouds are subject to the same inefficient routes used by smaller, less capable applications putting the user experience at risk.

Summing it all up, when we say we are cloud-native, we mean that we have an underlying on-demand compute pool on tap. Our POPs are backed by one of the world’s largest networks interconnecting our applications to your users. Other benefits of partnering with a hyper-scale, private network infrastructure company include:

• Virtually infinite scalability
• More consistent service levels
• Most up-to-date technical requirements
• Immediate architectural updates
• Seamless global cloud experience

To get to SASE faster and more securely, take the Ferrari that was created when a world-class security company partnered with a best-in-class hyper-scale, private network infrastructure company to accelerate software innovation and growth. To learn more about this and our other network solutions, contact us HERE.