Enterprises must view SASE as an architectural shift to their network and security controls: Avinash Prasad, Tata Communications
Due to the COVID 19 Pandemic, the trends regarding ‘cloud adoption’ and ‘work from anywhere’ have accelerated. Organizations are looking for partners in their journey towards secure network transformation. Cybersecurity attacks have also increased over the past year with remote working. To help enterprises improve their security posture, Tata Communications has upgraded its cloud-based firewall to an offering based on SASE and ZTNA principles, called GSIGS 2.0
In an interview with Express Computer’s Moumita Deb Choudhury, Avinash Prasad, Vice President and Head for Managed Security Services and Content Delivery Network, Tata Communications, shares his perspective on some of the latest security trends and how his company plans to position this product in a highly competitive space
Some edited excerpts from the interview:
Please describe the changing network and security architecture requirements in enterprises today. How is the pandemic adding to it?
With an increased rate of digital transformation, connectivity requirements for enterprises have changed rapidly. Further, data and workloads are getting more distributed, across multiple cloud environments, making the network environment increasingly complex. Apart from the basic network and traffic management challenges, there are important layers of concern such as security vulnerabilities, data protection, and regulatory compliance. This is a trigger for enterprises to recalibrate their strategies immediately, in line with the work-from-home and hybrid-work environment. There are also several other challenges like speed, reliability and security to be considered.
Organisations are now looking at bringing in models such as SD-WAN, which drives the usage of public internet with a managed approach for enterprises. In this scenario, enabling a cloud-based security platform approach makes it easier and faster to triage security events and detect and remediate malicious practices. Tata Communications Global Secure Internet Gateway and Managed Authentication addresses this need. It adds a layer of security to enable secure access controls to applications and data residing in the enterprise data centre and/or public cloud infrastructure, without impacting budgets.
According to you, how would next-generation network security look like in the coming days?
Since the network provides important visibility to all traffic flows, a security-enabled network can access the vast yet rich pool of data to identify traffic deviations or anomalies that are potentially malicious security activities. Hence, cloud security solutions are deemed to be one of the best bets to manage the increasing demands of modern networks. Organisations need to protect their people, critical systems, and data from constantly evolving criminal and state actors. An expert managed services partner is poised to effectively deliver on this by leveraging NextGen Firewall as a service (FWaaS) solution which is hosted on the cloud and accessed over the internet. This also helps to configure, maintain, and push security features regularly to keep the enterprise network updated and safe. Tata Communications provides a proven solution for the same which is time-tested, globally deployed and trusted by hundreds of customers.
In addition to adopting FWaaS, we also recommend enterprises to view Secure Access Service Edge (SASE) as an architectural shift to their network and security controls. Implementing SASE is a complex process and for it to work effectively, SASE needs to be a fully engrained feature of an enterprise’s secure network transformation plan, so that users can connect to business resources and applications securely and efficiently from anywhere. Tata Communications cloud based secure network platforms are uniquely positioned to effectively screen between malicious and legitimate traffic through a specialised network threat protection platform to mitigate attacks and manage risks across on-premises and multi-cloud environments.
According to Gartner estimates, in 2021, some 25 billion IoT devices will be connected to telecom networks. Despite sluggish adoption, IoT devices have already posed both internal and external threats to cybersecurity. How do you think this can be addressed?
The rise in the adoption of connected devices has been one of the key triggers for launching the Global Secure Internet Gateway Service (GSIGS) 2.0 solution at Tata Communications. More devices mean more data and therefore more targets for cybersecurity attacks. Our latest “Leading in a Digital-First World; Enabling Success with the Right Mindset, Ecosystem and Trust” Report corroborates the same by stating that 49% of enterprises consider cyber security to be the top-most priority for their businesses. However, securing multiple endpoints is complex and costly. To address these pain-points and reimagine their security architecture, organisations need to adopt centralised cloud-based security solutions that are easy to deploy around the world and lower the total cost of ownership.
For which industry/vertical is the product most relevant? Any supplementary vendor solution to address the total security of the organisation?
GSIGS 2.0 is designed for all kinds of small, mid and large sized businesses across verticals like information technology, BFSI, manufacturing and so on. GSIGS 2.0 is a secure gateway solution that offers fully managed secure network transformation for enterprises. It helps centralise internet breakouts, secure extranet and remote access and cost-effectively unifies all touchpoints and resources of organisations such as different branches, remote users and data centers/ cloud environments. Additionally, the solution is easy to deploy, fully managed and owned by a single provider. At present, we have more than 100 current active users. We also use the solution internally at Tata Communications to ensure end-to-end security. The solution becomes especially relevant for enabling seamless and secure remote working infrastructure for organisations to sail through the current scenario. With this solution, remote workers can easily install additional hardware or firewalls on their devices to maintain secure communications.
Also, the idea behind the service was to enable the customers’ digital ecosystem with more holistic solutions. GSIGS 2.0 helps assure fully managed network- security for our customers through our 24×7 Security Operations Center (SOC). This reduces the number of vendor involvements giving customers a hassle-free and cost-effective experience.
What is the new approach that GSIGS 2.0 brings to security? How is the product planned to be sold? Any bundling strategy?
Based on the cutting-edge SASE and Zero Trust Network Access (ZTNA) principles, GSIGS 2.0 transforms network security on three fronts – Centralised Internet Breakouts (CIB), providing Secure Extranet Access (SEA) and offering Secure Remote Access (SRA). CIB and SEA can help customers, looking for security as a service from the cloud, in connecting and securing their branches, remote users and data centers/ cloud environments. While SRA enables remote access to applications and data over private networks.
GSIGS 2.0 is built in a highly reliable architecture with global deployment and guaranteed SLAs and service credits. It provides advanced reporting, analytics, and management with an integrated self-service dashboard. This gives customers a first-hand view into any potential vulnerabilities in their IT infrastructure. The solution is also augmented by incident management, with advanced threat intelligence from globally enriched threat feeds. This is what brings the fast predictive approach to tracking and resolving cyber threats. At present, the services are delivered as part of our Managed Security Services (MSS) portfolio.
We have a subscription-based model that divides the multi-tenant cloud infrastructure into customer-specific instances. This solution is effectively packaged by us with internet access services as well as with SDWAN services because both of these services open the user and application to malware and other relevant security threats from the internet.