SASE and SSE architectures mark a fundamental shift from network-centric to identity-centric security models. In an exclusive conversation, Andrew Winney, Global Head of Product Management – SDWAN, SASE, SSE, Tata Communications explains to Bhavya Bagga, Business Reporter – Corporate & Leadership how identity is becoming the primary control point for determining access for enterprises.
How is Secure Access Service Edge (SASE) transforming the way enterprises approach cybersecurity in an increasingly hybrid and cloud-first world?
Today, leading enterprises are reimagining their network security model to secure the New Enterprise Perimeter that has emerged due to the adoption of multi-cloud environments, hybrid work models, and expanding ecosystems. With this new enterprise perimeter, enterprises are moving from a castle and moat approach to the Zero Trust Framework: SASE (Secure Access Service Edge), which converges security controls and simplifies management with a unified platform, is key to this transition.
SASE integrates Software-Defined Wide Area Networking (SD-WAN) and Security Service Edge (SSE), allowing organizations to modernize and converge both their network and security stacks. The unified SASE stack enables secure connectivity to users (including employees, third-party ecosystem providers, or IoT) to resources (on-cloud, hybrid cloud, or SaaS).
At Tata Communications, our managed SASE services deliver this transformation through an intelligent, scalable approach powered by the AXIOM methodology. This methodology allows us to reimagine the customer journey of SASE adoption and management with platforms and capabilities, thereby improving user experience, strengthening security posture, and simplifying management. The result is a future-ready cybersecurity foundation that supports secure digital business operations at scale.
Tata Communications emphasizes a unified and intelligent framework for security. Can you elaborate on how this approach simplifies security architecture for global organizations?
Today, CISOs are re-architecting their security stack from protecting locations to protecting basis identity and data. Tata Comm managed SASE provides a unified and intelligent security framework that enables organizations to build a unified SASE stack with simplified adoption and intelligent management. This reduces operational complexity, improves visibility, and strengthens policy enforcement across geographies.
At Tata Communications, the AXIOM methodology underpins this approach, encompassing five key stages: Assess, Execute, Integrate, Operate, and Manage, wherein we bring our platforms and expertise. During the assess phase, we co-create a structured blueprint for SASE deployments tailored to an enterprise’s specific requirements. With our Network Digital Twin platform, we can de-risk deployments by validating complex integrations prior to the selection of the platform. In the execute and manage phase, we bring in automation capabilities for tasks such as policy migration and post-deployment checks. These allow us to provide a first-time right deployment during this phase.
During lifecycle management, we provide central policy management to enable zero trust security while the user experience remains seamless. AI-driven monitoring, digital twin simulations, and real-time threat detection are built into the lifecycle, enabling fast fault diagnosis and minimal downtime. This holistic approach not only simplifies architecture but also enhances resilience and control.
What are some of the measurable ROI and long-term strategic benefits that enterprises can expect when adopting SASE-based security models?
Enterprises adopting SASE benefit from tangible returns across security, performance, and operational efficiency dimensions. Key measurable outcomes include:
- Improved User Experience: Policy-based traffic routing and seamless access reduce latency and improve application performance.
- Faster Time-to-Market: Pre-configured workflows and error-free deployments accelerate implementation, delivering 99.8% first-time-right deployments
- Cost Optimization: Unified infrastructure lowers total cost of ownership (TCO), with Tata Communications customers reporting up to 25% savings.
- Pro-activity in management: Enhanced visibility and continuous monitoring lead to faster detection and mitigation of threats and a better user experience.
These gains translate into long-term strategic agility, allowing enterprises to scale securely in a cloud-first world.
With remote and hybrid work becoming the norm, what are the key strategies to ensure secure, seamless access for distributed workforces without compromising user experience?
Supporting remote and hybrid models requires a shift from traditional VPN-based architectures to dynamic, identity-aware frameworks, which enable a zero-trust-based architecture. Here are the key strategies to secure our distributed workforce while ensuring a seamless user experience:
- Distributed Policy Enforcement with SASE: Instead of routing all traffic back to a central office, SASE brings security enforcement closer to the user. SASE platform consolidates network and security functions in the cloud, enforcing policies from globally distributed points of presence. This bolsters security, improves performance, and reduces the management complexity.
- Robust Identity and Access Strategy: The new perimeter is identity. Enterprises need to ensure that access is granted based on identity instead of location. This involves adopting tools like Multi-Factor Authentication (MFA) and Single Sign-On (SSO) to verify user identity. These solutions facilitate seamless and granular access control enforcement.
- Zero Trust Architecture: Zero trust is a framework that ensures a ‘never trust, always verify’ model, which is essential today. A Zero Trust framework continuously verifies user identity and device posture for every access request, ensuring that access is granted on a least-privilege basis. This approach significantly minimizes the attack surface and prevents the threat of lateral movement.
- AI-Based Management with XDR: Managing a distributed workforce needs correlation of data across multiple fronts, such as endpoints, applications, and networks. This requires AI-led correlation, like Extended Detection and Response (XDR), to detect advanced, multi-stage threats to ensure effective response strategies.
Identity and access management has become central to modern cybersecurity. How do SASE and SSE models evolve the role of identity in threat detection and response?
SASE and SSE architectures mark a fundamental shift from network-centric to identity-centric security models. In this paradigm, identity becomes the primary control point for determining access.
For remote users, SSE leverages identity as the control point to enforce the right level of access to users. Beyond the initial validation, SSE enables identity as a continuous context to take dynamic policy decisions by correlating with other parameters such as device posture, location, and behavior patterns. Many advanced SDWAN implementations at branches also bring in identity to enforce consistent policies from the branch.
Can you share real-world insights or challenges that Tata Communications has helped customers overcome during their journey to adopting SASE and SSE solutions globally?
A global IT services company approached Tata Communications to modernize its sprawling, siloed WAN infrastructure and security posture. The organization faced challenges integrating disparate VPNs, managing inconsistent policies, and ensuring reliable application performance across locations.
By deploying a unified SASE solution anchored in Zero Trust principles, Tata Communications replaced traditional VPNs and proxies with ZTNA-based architecture. The engagement included a comprehensive infrastructure assessment, a digital twin simulation to pre-empt deployment risks, and automated migration of complete policies from existing firewalls into new technology using the AXIOM methodology.
As a result, the customer achieved centralized policy enforcement, improved application performance, and enhanced security visibility. This is one of many examples where Tata Communications has helped enterprises transition from fragmented environments to scalable, secure, and future-ready architectures.
