By Bob Michaud, Q2 Chief Security Officer
Because Q2 is a Cybersecurity Awareness Champion, I share weekly blog posts on the topic every October during National Cybersecurity Month. This year, my blogs have focused on Q2’s implementation of a zero-trust framework – a multilayered approach that does away with the assumption that bad actors are always outside of the trusted part of your network and that only trustworthy users have accessed the trusted part of your network.
This week, I’ll explore Secure Access Service Edge (SASE, pronounced “sassy”) and what it means to Q2’s Zero Trust strategy.
I began my career at a small technology company in Lincoln, NE. That company, Information Technology, Inc. (ITI), developed a core banking platform that supported small community banks in the United States. ITI’s Premier core solution was very successful; in fact, it’s still being used by over 30% of U.S. banks. My time at ITI played a big part in how I look at security and networking. Throughout my years at Q2, I’ve gained an even deeper appreciation for the connectivity between banking cores, digital platform providers, and end users—and for the importance of ensuring those connections remain secure. This is where SASE comes in.
Secure Access Service Edge (SASE) is a new category of enterprise networking technology introduced by Gartner in 2019. SASE changes the traditional paradigm by bringing network security services together into a single, identity-driven, cloud-native, and globally distributed model. SASE securely connects all edges (WAN, cloud, mobile, and IoT).
In Q2’s case, SASE helps secure connections from our hosting environments to the core, usually through the financial institution hosting the core. This means Q2 maintains a massive VPN spoke-and-hub network where standard VPN hardware devices connect all of the spokes. At the same time, we have huge security doors at the edge of our hosting environment to let in only desired traffic.
Q2 CIO Lou Senko and I discussed all of this recently, and he gave me a more comprehensive perspective on SASE. Q2 refreshed our network over the past year, not just to modernize it from a legacy hardware-only solution to a newer SD-WAN, but as Lou noted, to also take an extra leap forward into a SASE solution.
By using the cloud as the center of the network, our SASE can distribute security solutions across the network to the actual far-endpoints, meaning we do not let unwanted traffic into the VPN mesh in the first place. This includes the entire network footprint of Q2’s Zero Trust framework.
I asked Lou, “What advantage does this provide our customers?” He explained that we can deliver more services faster and more securely to the endpoints. Q2’s SASE transforms the industry in significant ways; this convergence of services creates a
new delivery model. This improves security and scaling, allowing data to flow dynamically and, ultimately, to perform better.
Join me next week as we discuss the final component of Q2’s Zero Trust strategy—the data itself and how Q2 protects it.
Thank you, and happy National Cybersecurity Awareness Month.