SASE in Practice: Grocery Chain Achieves Integrated, Secure Networking

Tamimi Markets provides practical example of how to bolster networking functionality and cloud security.

shopping basket with fresh food grocery supermarket food and eats picture id1216828053
iStock

The security landscape has rapidly changed as result of the evolving workspace, ever-new and more sophisticated cybersecurity threats, and continued adoption of cloud infrastructure.

The ramifications for security teams are significant. There are now seemingly endless endpoints to protect, creating greater complexity to manage and less visibility across the IT environment.

To address these challenges, security too must move to the cloud—with the goal of achieving consolidated, converged services that provide secure networking, including for multi-cloud environments. That includes building a secure bridge between access points and the service edge—the cloud, data center, or point of presence where traffic is secured and then forwarded. That access is predicated on identity, whether it’s an individual, device, application, or service.

This is the concept of Secure Access Service Edge (SASE). It’s an architectural framework that combines multi-cloud networking with secure software-defined WAN (SD-WAN).

While it’s important to note that SASE is still a work in progress, vendors like Cisco are working toward the vision of integrated security and networking functionality, underpinned by the Zero Trust model for access.

How SASE works: A case study

Organizations are already undertaking SASE-related implementations. Tamimi Markets is a good example.

Tamimi, founded in 1979, is a supermarket chain with 65 locations throughout Saudi Arabia. Like most businesses but especially retail organizations, it has had to find its footing in the ecommerce world. In addition, Tamini needed to improve its WAN capabilities.

“Network traffic from our supermarkets, warehouses, branch offices, and remote users were all routed through our head office via three separate ISPs,” said Joel Marquez, Director of IT for Tamimi. This caused multiple challenges in terms of data protection, connectivity, and visibility. “We couldn’t tell, for example, if a marketing manager working from home had proper endpoint protection on their computer.”

And there was no failover between the ISPs; if one ISP went offline, stores and offices that used their infrastructure were cut off from the head office and the rest of the network.

“Essentially, we were employing band-aid solutions as the demands on our network grew,” Marquez said. “Our overall IT infrastructure had become obsolete and stretched too thin.”

To address these challenges, Tamini tested proof-of-concept solutions from several vendors, and ultimately chose Cisco SASE to provide a SASE architecture, including Cisco SD-WAN and Cisco Umbrella.

First, by deploying SD-WAN, the supermarket chain was able to achieve branch independence. “Our stores, warehouses, and offices no longer have to backhaul network traffic through our headquarters to talk to one another, which speeds things up tremendously,” Marquez said.

Cisco SD-WAN also enables Tamini’s IT team to choose whatever public or private infrastructure makes sense, regardless of carrier. “We can also add or change service providers with ease when better options present themselves or if we need more bandwidth.”

In addition, the company rolled out Cisco Umbrella to secure Internet access for its network, branches, and remote users. “We can now see which devices employees are using to connect to Tamimi Markets’ SD-WAN, restrict them to the most secure protocols, and even limit the applications they can use while connected to the network. This added security protects our staff from the ever-present threats on the Internet.”

Marquez says his company is already seeing multiple benefits. “Our new infrastructure handles video traffic with ease. It has also improved the customer experience for Tamimi Markets shoppers. Our points of sale have a seamless and fast connection to our customer loyalty database and other cloud-based utilities, thus accelerating the checkout process.

“I’m thrilled with the many improvements we’ve made by choosing Cisco for our SASE architecture,” he said.

Get more information about how the SASE concept works, and the Cisco solutions that support it: https://cisco.com/go/sase

Related:

Copyright © 2020 IDG Communications, Inc.