Bringing SASE to the Masses—Considerations and next steps - CET 2020
[00:00]
Abe Nejad: Teleworking from separate office branches became more crucial for business operations as we quickly moved into the post pandemic world and SASE is now a valuable next step for the SDWAN sector. So, what challenges lie ahead for operators and their customers as we take the crawl, walk, run approach to SASE deployments in many disparate solutions needed to achieve the desired outcome. On this executive broadcast, we have Rupesh Chokshi, vice president of cybersecurity at AT&T and Sanjay Uppal, senior vice president and general manager, VMware SD-WAN & SASE.
And gentlemen, welcome.
Thank you.
Abe Nejad: Thanks for being here. It's really good to have Sanjay Uppal joining us from VMware and of course, Rupesh Chokshi with AT&T, as always good to have you. Rupesh, if you don't mind, I'm going to start with you. The business landscape continues to change and network requirements are evolving. How is this impacting the WAN network and what customers are looking for?
Rupesh Chokshi: That's a great question Abe to get it started here, you know, if you think about 2020, what are year, right. And here we are on this sort of in a virtual setup. The way the enterprises have evolved, this has become a very sort of in a distributed environment, highly distributed with the work from home with mobile users, etc. And what it started to do is that kind of like that the shift from the data centers to the workloads and multi-cloud environments to edge cloud, etc, to bringing in this concept of zero trust network access, to bringing in the ability to deliver a very differentiated experience for work from anywhere for work from home. And then you start to take all of that and think about the automation that needs to be taking place in surrounding it. So, the wide area network has evolved and is changing very rapidly every day, right? The customer needs are changing, the technology needs are changing. But, at the core of it, it is still all about sort of agility, it is about securing these networks and the endpoints, and it's about connecting the endpoints to the destinations, whether it is an application, whether it is a sort of you know, video stream, like we're doing right now, whether it is a you know, conferencing platform. And that is where the network infrastructure has to become a lot more agile, a lot more software driven, a lot more software centric, in sort of, you know, how it is put together. So, to sum it up, the enterprise has changed a lot. You know, it's a very distributed enterprise. And the technologies that we are seeing with the software defined networking in SDN, we're seeing a lot of intake and uptake, and securing those connections to do what I just mentioned before in terms of the trends.
Abe Nejad: And Sanjay the impact on the WAN network, sort of the state of play for WAN, if you will?
Sanjay Uppal: Yeah. So, when you look at it, you know, the WAN architectures have always been hub and spoke. So, you have a number of these spokes that connect up typically through a private network to the hub. But, what happened about 10 years ago or so is when the application started leaving the private data centers and went on to the public data centers, then it doesn't make sense to send the traffic all the way to these, you know, few numbers of hubs. So, it gave need for the network to move into the cloud. And that's really what the one of the major shifts that Rupesh also mentioned, is that the cloud becomes the network. And so you get from your spoke locations all the way to wherever your applications are, by using a software layer on the cloud. And what happened with the pandemic is it's just exacerbated this, meaning that the software overlay can accommodate for changes much more rapidly than can hardware. And so the software overlay of SD-WAN is now getting extended out using SASE all the way to individual people who are working from home. So, we're really seeing that the starting off of SD-WAN making it cloud delivered has really helped us when the pandemic hit, because 10s of 1000s if not millions of people now are working out of their homes. And the fact that the cloud is the network has really allowed them to accommodate for the shift rapidly. I mean, literally, in a few weeks' time people were working out of the home using SD-WAN types of technologies. And that shift is going to be there for a long period of time. It is going to endure.
Abe Nejad: So, Sanjay, I'm going to stick with you. So, applications are making it easier for customers to really customize how they work and use the tools that are necessary. But, at the same time, SD-WAN and other technologies that optimize their delivery have also exploded in popularity. Do you think this is a chicken or egg scenario in the sense that the need for apps is driving an increased adoption of optimization delivery technology or is it the reverse of that?
Sanjay Uppal: In fact, that's a very interesting question. I would say that it's a chicken and egg scenario, meaning that that both those things are happening at the same time, the application push on the network and the network becoming application aware are happening in consonant. And so, what we are finding is that in fact, very recently, we released a piece of technology that can correlate what's happening at the network layer with the app layer. So, let's say that you're, you know, on a Zoom call, or a Teams call, or Webex call any one of these collaborative apps, you should be able to see if your call is not going well, what's the source of the difficulty. Is it really your machine? It could be your machine, it could be the home router, it could be the internet, or it could be the application itself. Now, prior to this happening, you couldn't really correlate them, meaning you could either tell that it was a network layer, but then you didn't know is that really what's impacted your call right now? But, now with these new technologies coming in, which are a complement to SD-WAN, you can pinpoint where the issue is. And in fact, you can pinpoint it all the way up to a user's living room, and then figure out where the issue is, and then quickly fix it. So, you know, to answer your question, it's actually the app talking to the network, the network talking to the app, and both of them working together to be able to solve the problem.
Abe Nejad: Rupesh, anything to add to that?
Rupesh Chokshi: You know, I agree with what Sanjay said, right? A lot of the technology that we're seeing is kind of getting a little bit more deeper into sort of, you know, understanding what's happening with the application, and then tying it back to the end user experience, right? The example that Sanjay talked about, and that same concept of, you know, how do you improve and enhance the end user experience is very, very important. And that's what, you know, software centric networking delivers is a very differentiated experience.
Abe Nejad: So, Rupesh, again, I'll stay with you. So, SASE is playing a larger role in the need to ensure a robust customer experience. So, how is SASE influencing your respective business?
Rupesh Chokshi: So, I think, you know, SASE is here, right? We see a lot of discussions in terms of, you know, the coming together, or the convergence of SD-WAN and security, and all of it delivered in an edge cloud kind of an architecture. And if you tie that back to the enterprise, and you say, okay, what is it in for the customer? Right? Why are they thinking about or should be thinking about this thing? You know, so I have a few simple things, right? One is, which Sanjay already touched upon, which is that the software layer is [inaudible 07:26] and delivering to a differentiated experience. The second is how do you bring in sort of a software defined security [inaudible 07:35] right? How do you bring that zero trust network access? You know, what endpoints are allowed? What endpoints can consume the applications that are sitting in the multiple clouds, or at the edge cloud, etc. And then the biggest advantage for the customer is then sort of a centralized control and management. But, also, the insertion of the policies is a lot more easy, right? So, there is a level of efficiency. I have to deploy 10,000, you know, home workers or work from anywhere. If I need to go rapidly go deploy sort of, you know, change management and software patches because of compliance, all of that can be done at scale. And that is where we see a lot of advantage and how all of it comes together. And what I like to say is that, you know, it's peanut butter and jelly SD-WAN and security go together.
Abe Nejad: I like that, Rupesh. I like that. So, SD-WAN, Sanjay, cannot control certain security features such as VPN, remote access, and web gateway gateways. Can you provide an example of how this is occurring or a different example even?
Sanjay Uppal: Yeah, certainly. So, you know, when you look at security, that is, that is deployed today, you know, the VPN type of security, let's take that in its IP Sec connections, it usually is either a device or some piece of software that you put in every one of your end client devices, and then you VPN it into what's happening in your data center. But, that's no longer sufficient. That's the opposite of zero trust, because that is, that is full trust, you know, you'd let that person into the door, and once they are inside the premises, then they can go anywhere. And that really does not reduce the attack surface, it's it's pretty dangerous thing to do, as we've seen from all these exploits that have happened, you know, over the over the last few years. So, as Rupesh was putting it very eloquently, it's really the zero trust that is required, which simply means, you know, do not trust people as they're coming in, do not trust their machines, do not trust their postures until you check. And once you check, then you let them access only those resources for which they have the privilege to access. And if you do that, then the attack surface reduces. Once you reduce the attack surface, you can then also scan the traffic, you can look for bad things that are going on in the traffic, you can terminate it, you can apply cloud web security to it, you can firewall it. All these schemes are in addition to the zero trust. So, it's really a bedrock of zero trust that is required in the in the new architecture and then on top of that you have specific security in services that you can deploy, whether it's IDS, IPS, or it's MDR types of services, or it's cloud web security, these are services that you put on top selectively on the basis of certain types of applications and traffic. As Rupesh was also saying, you know, automation is critical. So, you can't go in manually and say, for this app, you know, apply this security service. You set a policy, and then the system needs to accommodate for it, which is what, you know, our systems combine between AT&T and VMware are doing right.
Rupesh Chokshi: Right.
Abe Nejad: Rupesh, back to you. So, one of the biggest challenges facing SASE adopters and adoption is the lack of standardization. How is AT&T proposing to bring its work in software defined network security, and also policies to advanced SASE frameworks and services centralization?
Rupesh Chokshi: So, that's a great point, right, in terms of, we're seeing a level of sort of, you know, convergence taking place. We're seeing this concept of this sort of, you know, VNF sort of software capability that is multi use, right. What that means is that you start to build upon the layers of capabilities that are put together, and there will be standardization, as Sanjay mentioned, AT&T, VMware we've had a long history, we brought SD-WAN to the market, we've deployed it globally to many customers, you know, endpoints, etc. And now, it's about sort of, you know, how do you get into that 2.0 or 3.0? And how do you bring a set of capabilities that are even more elastic in nature that go expand to the different endpoints that we're talking about? So, I think standardization is going to happen. I think the automation and the telemetry and the ability to react quickly, there's going to be a lot more important and a lot more kind of, you know, value or premium to the enterprise, because we want to get to sort of, you know, smart, intelligent self healing networks, but also highly, highly secure, right. As Sanjay talked about, you know, if you deploy it in the right way, and if you have the policies in the right way then you are significantly reducing the footprint on where you can have exposure to attacks, etc. And what we do at AT&T is we also have sort of, you know, the ability to kind of monitor at the network layer from a threat perspective, right, what is happening and combining all of that together is a very differentiated experience and protecting back to enterprise end to end.
Abe Nejad: And, Sanjay, any comment on the lack of standardization or the future of standardization?
Sanjay Uppal: You know standardization, usually, it kind of levels the playing field from one perspective, and I think it's important, but you have to distinguish between standardization at what layer. So, clearly, the different devices and the different applications need to talk to one another. And, and that happens today. From a management plane perspective, you need to make sure that especially if you have a very large distributed enterprise, you're coming in from at one management layer, and then you can set the policies. And you can get telemetry, as Rupesh was saying, from different devices, and you can pull all those together. And I really think that from a management standpoint, this is where the standardization will help the most. And it is also a fortunately, it's the easier one to get done. In a data plane from the base layer IPSec talking to IPSec, or, you know, just IP as being the substrate that works. But, if it's specific algorithms, like as an example, you know, from a VMware standpoint we steer packets on a per packet basis, not everybody does that. So, you know, you cannot, you know, have one of our devices, then talk to a different one that doesn't do it on a per packet basis. But, from a security standpoint, the management plane integration, bringing in those policies, putting it under one umbrella, getting all the telemetry, you know, as Rupesh was saying threat management, very critical. You need to be able to take many feeds in but yet show it in a consistent basis. I think standardization from the inputs to that, I think is called for and I think it's it's kind of a tractable problem to solve.
Abe Nejad: So, Rupesh, something I'm gonna wrap with a futures question and we'll let Sanjay finish up. So, Rupesh, if you look five years into the future, how do you see the SD-WAN and the application delivery world changing and how SASE represents really a cloudification of the networks of network security?
Rupesh Chokshi: So, I think, you know, if I look at the next 2, 3, 4, 5 years, the first thing is we need to be able to all you know, get on planes travel and do things, right. So, I'm looking forward to that happening sometime soon. And then from a technology perspective, I do believe genuinely right, that SASE and the concept of the conversions is real. It's here, it's arrived, right. Now we get into how do you implement it at scale? What is that evolution that has to take place? What is that new product capability feature functionality that is that is going to come rapidly? And I think it's categorized in two ways, right? One is, I believe that, you know, networks will continue to be intelligent, they continue to be secure, and self-healing, right, you start to get into this concept of how does it kind of resurrect itself, because it is moving all these workloads and be able to continue to deliver to that experience. So, that's item one or category one. The second is a lot of elasticity, because we are putting, you know, a lot of capabilities, whether it is the security or the SD-WAN or the firewall or the [inaudible 15:38] ZTNA, all of it into this sort of, you know, elastic edge pops, right. So, that elasticity should help us, should help the enterprise really, you know, scale and be able to kind of scale when they need it, to be able to scale as they are moving within that distributed enterprise. And the third area is more along sort of, you know, as we enter the era of 5G, that is a very different set of use cases that are going to emerge with a high speed low latency, but in conjunction with this sort of, you know, wireless technology, and the 5G technology, and I think SASE would play a bigger role in not only having the adoption of 5G into the enterprise, but also kind of, you know, delivering and treating those endpoints in the same way as we see some of the traditional sort of, you know, wired connections, right, so this combination of, you know, self-healing to elastic to 5G is where we see us in sort of the next three to five years.
Abe Nejad: Again, Sanjay, same to you sort of that futurist question, next two to three years.
Sanjay Uppal: Yeah. So, you know, when I look at what happened with COVID hitting, we transposed atoms moving around to bits moving around. Meaning that we could not move around much anymore as Rupesh was saying, and so the atoms stayed put, but the bits started flying all over the place. I think I, too, will look forward to the time when atoms like us can move around as well. But, I don't think that the bits are going to stop. I mean, I think that that that train has left the station, meaning that you know, these things about work from home, all of this is going to endure, it's going to be there around. And so what is the answer to that? What can we look forward to in the three to five, three to five years? And Rupesh put it very crisply in the three points that he raised. I think I'll just say one thing to add to that, which is that it needs to be on demand, whether it is the services that you get, or whether it is the network that you purchase, or whether it is the security that you add, all of it needs to be on demand, I think gone would be the days where you say, I want this type of connection. And oh, by the way, this is the amount of money I'm going to pay for it. And then you're stuck with that type of connection, or you use a particular application, you buy the application. I think it's all going to move on demand, you might call it, you know, sharing is going to be everywhere. You can actually get your network connection, and you can use it only for the amount of time that the app wants to use it. And 5G will enable that as Rupesh was saying. And so you know, when things to get to move to much more of an on demand perspective, all the services that follow whether it's compute services, or security services or network services, all follow and become on demand. And at that point, I think we will really serve the needs not just of the enterprise, but also us as individual users.
Abe Nejad: Well, I was talking or we were involved in a previous session earlier today also on SASE on the managed service provider topic. Again, it's an umbrella topic that's not going anywhere anytime soon. So, it's always good to have these discussions, especially again, from the CSP point of view. And then also from the solution provider, supplier side of the industry as well.
Rupesh, you've always been gracious with your time. We appreciate it. And Sanjay is a professional so he really pulled it out so, Rupesh, we really appreciate your time.
Rupesh Chokshi: Great. Thank you so much.
Abe Nejad: Thank you.
Sanjay Uppal: Thanks, Rupesh, always great to chat with you.
Rupesh Chokshi: Yeah, same here.
Abe Nejad: And Sanjay, I wanted to personally thank you and your team as well. Your team made all this actually happen today. So, if it wasn't for VMware, we wouldn't be here. So, we appreciate that. And we hope to see you guys sometime soon.
Sanjay Uppal: Absolutely. Thank you.
Abe Nejad: All right, Sanjay. Thank you.
Sanjay Uppal: Cheers. Bye, everyone.
Abe Nejad: Bye. And to our audience out there, thank you again to our speakers on this executive broadcast called Bringing SASE to the Masses -- Considerations and Next Steps. For this broadcast on demand and all of our executive sessions, please log on to the networkmediagroup.com. So long.
[19:58]