Producer [00:00:00] Welcome to Security Visionaries, a podcast powered by Netscape focused on bringing you conversations with senior executives from the world of cybersecurity, technology, trust and networking. This episode features a conversation with Robert Arandjelovic, director of Solutions Marketing at Netskope, and Gerry Plaza field CTO Netskope. Moderated by me, Max Havey, senior content specialist at Netskope. As experts on both the security and networking side of Secure Access Service, Edge or SASE. Robert and Gerry discuss the origins of SASE, how it has grown since 2019, and what excites them most about seeing SASE continue to level up. Here's my conversation with Robert and Gerry.
Max Havey [00:00:40] Welcome to the Security Visionaries podcast. I'm your host, Max Harvey, senior content specialist here at Netskope. And today's episode, we are talking everything SASE. Our guests today are Robert Arandjelovic, who is director of Solutions Marketing here at Netscape. Robert, thank you for joining us.
Robert Arandjelovic [00:00:56] My Pleasure.
Max Havey [00:00:56] And we've also got Gerry Plaza, a field CTO here from Netskope as well. Gerry, thank you for joining us.
Gerry Plaza [00:01:01] Appreciate it. Happy to be here. And I do want to say, just to kick it off, perfect pronunciation of Robert's last name. Even I have challenges. I just call him Robert.
Robert Arandjelovic [00:01:11] Robert A is kind of it's.
Max Havey [00:01:13] It's taking a lot of practice from my end, but I'm glad I finally got it down right now. But cool. So today we were talking about SASE. It's been about four years since Gartner first coined the term SASE in September of 2019. SASE being secure access service edge. But a lot has changed within the industry since then. A lot of things have evolved and grown. So I wanted to talk to both of you guys who get sort of a security and networking perspective on how SASE has sort of changed things and what that means looking ahead as well. So to get things started here, could you each sort of give me your take on where things were from both a security and networking perspective before SASE came on the scene back in 2019? Robert, could you could you sort of start us off there?
Robert Arandjelovic [00:01:55] Sure. And I won't take too much on the networking side. And Gerry could speak to the architectural deficiencies. But effectively, what we really saw happening was we've kind of run into an architectural dilemma. Digital transformation. It's been happening for a long time, well before SASE. And what you started seeing was this sort of stretching of the fabric. The classic enterprise perimeter dissolved pretty quickly with cloud, basically cloud migration, effectively taking the infrastructure that used to be living in servers on the data center in the corporate network, taking that off site. And then users became more and more mobile and that got basically put into hyperdrive during the pandemic where all of a sudden users weren't in the office. And yet you had this network perimeter based security architecture that kind of relied upon everybody being centralized. And you had some mechanisms in place to kind of have everything kind of go back in with remote access technologies like SD-WAN taking branch offices to the center, you had VPNs taking users to the center, but it was hugely inefficient because you effectively had architectures where users were coming into the corporate network and then going back out to the cloud. So it created a lot of problems that Gerry can speak to there. But it also created great security challenges because basically tons of latency got introduced because of all the appliances that were doing scanning back at the corporate network before you can go back out to the cloud. But then you also got this situation of circumvention, whether it was network managers trying to enhance the user experience so they would actually skip out on security and let people go straight to the cloud or the Internet for certain access, or users would find ways to get around it by turning their VPNs off, for example. And so you'd have all this infrastructure sitting outside of the loop core, outside of the path of where users would actually be doing their work. And so there was this recognition that things were kind of breaking.
Gerry Plaza [00:03:46] Yeah, fantastic overview. Robert. I'll I'll take it from the perspective of the teams. When you look at what SASE envelops, network and security, and before the advent of SASE, there was a real marked separation between network and security. Networking was solely focused on connectivity, speed, reliability. While security was really largely about protecting the perimeter and monitoring these users internal activities, the siloed approach often led to complications and inefficiencies. Companies had to juggle multiple vendors, lots of different tools, all different policy frameworks, which not only raised the cost but also increased the complexity and then the rapid move towards digital transformation, as Robert was alluding to, further complicated the landscape, pushing these traditional models to their limits, right? Having to force all their users back on prem when a big majority of their traffic in applications and data was now living off-prem created that big, big challenge. And then teams were left scrambling to figure out how to enable really the expansion of remote connectivity that their businesses needed overnight when COVID hit. Not only that, it's how do you secure these users as they left the perimeter of their offices and then just as important as connectivity security, they were challenged with doing this while trying to find a way to not impact the business or the user experience, which those really can be hand in hand. When you start to impact the user experience, you impact the overall productivity of the business. And so all of that really kind of bubbled up and we were headed in this path even before COVID. So, you know, 2019, 2018, 2017, it starts to look back back to 2013 when digital transformation really started taking off. There's been a trajectory going in this direction. It was just literally thrown at everybody instantaneously when COVID hit and everyone was left scrambling. And so we've had to accelerate a lot of plans to move us towards this new ability to deliver a secure access to our applications for our users, wherever the users might be and wherever their applications and data might be.
Max Havey [00:06:00] So in a sense, it was sort of like the announcement in 2019 there, that that was that was laying the groundwork and then the pandemic hitting and lockdown and moving to remote work 6 to 8 months later, that kind of became the catalyst to, you know, to driving more toward this sort of SASE approach to thinking about security and networking coming together.
Robert Arandjelovic [00:06:21] I'd argue that if the pandemic didn't hit, we'd still be talking about SASE as something down in the future as opposed to something people are doing today.
Gerry Plaza [00:06:28] Yeah, I fully agree. Right. Gartner really kind of saw this coming, which is why they announced that in 2019, they were you know, they interviewed customers and they were seeing a recurring theme of, "hey, you know what? We've got to make sure we're talking about security over enabling and driving towards digital transformation. And the network aspect is one of the most important parts of that, as how do we enable connectivity for these users?" And then it was just thrown at everyone. So it was an instant acceleration of what was eventually to become the de facto direction for security and network tech companies.
Max Havey [00:07:07] Well, and so sort of thinking about SASE as a term, I know that's kind of the accepted term that Gartner coined. Are there other terms out there, though, that people are using sort of in tandem with SASE or that are, you know, sort of SASE adjacent terms? I know. I know. In the world of security, there are a lot of acronyms and they don't always mean the same thing depending on who you're talking to. But from your guys's perspective, are there other sort of acronyms that folks should be aware of that are also sort of semi SASE related?
Robert Arandjelovic [00:07:35] So there's and we're going to give some props to some of the other analyst firms out there. So I think Gartner gets credit for kind of being first. So secure access service, edge or SASE is sort of I think what we and most people sort of refer to it as. But IDC calls it a Network Edge as a Service or NE-SaaS. And then you have Forrester referring to it as Zero Trust Edge. And I kind of like that one just because it does talk to something that I don't think I don't know how much time we'll have to talk to it to it today, but one of the things Gartner sort of noted is I think one of the attractions for security practitioners to SASE is it's one of the first practical implementations of Zero Trust where people can quickly, you know, push a button or a technology that helps them get to zero trust because zero trust is a very intangible thing for a lot of companies. So that one sticks for me pretty nicely. But again, I still I think of it as SASE just because that's what it's being called from 2019 onwards. So.
Gerry Plaza [00:08:32] Yeah, you know, that concept of SASE being introduced by Gartner in 2019 was an ideal direction for the industry. Now, the reason being for the first time, organizations started to think of these two traditional separate domains, networking and security as interdependent facets of the more integrated whole. And the flexibility and scalability of SASE has encouraged businesses to think differently, which is the most important driving factor,