25 Jun VMware jumps on the SASE train with zero-trust access service | Light Reading
VMware aims to improve secure remote access options for millions working from home by adding a Global Zero Trust Service to its SASE (Secure Access Service Edge) platform.
“SD-WAN is a very good starting point for building a portfolio of services called the Secure Access Service Edge,” says Sanjay Uppal, SVP and GM for VMware’s VeloCloud unit. This zero-trust service is VMware’s first step into building its SASE platform by bringing together its SD-WAN and NSX virtual networking services to provide combined cloud networking and cloud security for its enterprise customers.
Omdia defines a zero-trust access service as “a class of secure remote access technology that is emerging to address the greater performance demands, not to mention the security challenges, of
enterprise applications moving into or being developed natively for the public cloud. Omdia believes it will gradually replace traditional virtual private network (VPN) technology, which was developed for a world in which all corporate applications lived on a company’s premises.”
VMware is integrating its SD-WAN service and Workspace ONE to provide the zero-trust service, and will deploy it to over 100 locations operated by VMware and over 120 service provider partners. VMware will also utilize over 100 PoPs and more than 2,000 cloud gateways to deliver the new service.
Instead of installing a new client on an employee’s device, the Zero Trust service can be added via VMware’s SD-WAN PoPs and the VMware Workspace ONE Intelligent Hub, which is already installed on millions of customers’ devices, says Uppal. This is the simplest and quickest way for remote workers to access the zero-trust service, but an alternative option for “power users” is deploy the service on a VeloCloud Edge device, he says. In addition, the zero-trust multi-region VPN service can be deployed on iOS, Android, Windows and MacOS clients, with role-specific policies for persona-based controls.
As millions of enterprise employees shifted to a work-from-home environment due to the COVID-19 pandemic, network performance has become critical to prevent application brownouts; secure access to enterprise applications is also front of mind for global companies, says Uppal.
“One important thing about connecting one cloud to another is latency. Another is the quality of experience we need to reduce the number of brownouts,” says Uppal. Brownouts can cause a drop in audio on Zoom calls or pixilation in video calls, for example. VMware’s SD-WAN service addresses brownouts to improve network performance for employees so their network experience at home is similar to that in the physical office, adds Uppal.
“Zero-trust access is a logical response and it makes sense for [VMware] to come to market with this service as the world is still reeling from this pandemic, which has exploded the need for remote access. More advanced remote access options are flavor of the month,” says Rik Turner, principal analyst of infrastructure solutions for Omdia.
Earlier this month, Versa launched its on flavor of secure remote access on a SASE platform with the introduction of “Versa Secure Access,” a service that provides remote workers with secure connections to “applications in both private and public clouds as part of Versa Secure Access Service Edge (SASE) services,” according to the release.
At Cisco Live last week, Cisco announced its “Secure Remote Workforce Solutions,” to improve VPN configuration and secure access to applications for its enterprise customers.
The timing of these secure remote access announcements has accelerated due to the speed at which employees have moved out of physical branches to working from home since enterprises worldwide are facing social distancing restrictions. One of the issues with traditional VPNs is they run the risk of being overly permissive once you’re logged into the VPN, explains Turner. In addition, network traffic flows less efficiently on a traditional VPN due to “tromboning” which occurs when network traffic travels to and from the corporate data center, cloud, and back to the end user.
“If I steal someone’s credentials, I could get into the payroll or financial database I get access to all the crown jewels of the company once I have that VPN authorization. On the other hand, zero-trust access aims to address both of those shortcomings,” says Turner. “The control is in the cloud, and there’s considerable less latency and inefficiency and none of the tromboning through the data center. In terms of security, it only gives me access to a single application that I need to do my job at any one time.”
— Kelsey Kusterer Ziser, Senior Editor, Light Reading