Living on the Edge

Research reveals a strong correlation between an organization’s IT architecture and its security resilience – and one thing those reporting positive resiliency outcomes have in common.

istock 1124603530

“Tell me what you think about your situation. Complication – aggravation is getting to you.”

–Aerosmith, Livin’ on The Edge

If you’re responsible for ensuring the security of your organization, chances are the aggravation of overly complicated IT infrastructure has gotten to you. I’d like to share some findings from a recent study of over 5,100 IT and security professionals that offers hope for improving security resilience for those who dare to live on the edge.

“Edge of what?” We’ll get to that, but let’s start with the study. The Security Outcomes Study from Cisco Secure, with independent analysis from the Cyentia Institute, found that un-complicating your IT architecture helps drive a three-fold improvement in security resilience. If that sounds ‘Amazing’ (another great Aerosmith tune), then read on for tips on making your organization more resilient.

We asked study participants to describe their IT architecture using simple scales with contrasting extremes (e.g., consolidated vs. distributed). We also asked them to rate their organizations’ level of success in achieving a dozen security outcomes, four of which are crucial for building resilience:

  1. Keeping up with the business
  2. Avoiding major incidents
  3. Maintaining business continuity
  4. Retaining talented personnel
picture1 Cisco

As the chart above shows, organizations describing their IT as distributed, unreliable, outdated, and on-premises report low success rates for these four resilience outcomes. Perhaps this is what Aerosmith meant by thinking about a situation that is less-than-ideal. Can that situation be improved under different circumstances? This next chart gives a resounding “Yes!”

Here we see the very positive effects that consolidated, reliable, modernized, and cloud-based IT has on security resilience. Success rates for all outcomes are about three times higher than exhibited in the first chart. Sounds great in theory, right? But how can organizations practically begin moving their IT architecture from the state of the former chart to the one below? Well, that’s a perfect segue back to the “edge of what?” question we delayed answering earlier in this article.


The ‘edge’ I’m referring to is secure access service edge, otherwise known by the sassier moniker of SASE. Originally coined by Gartner, SASE refers to the convergence of core security and networking functionality into a single, cloud-delivered service that greatly streamlines what would otherwise be disjointed systems and processes. Core SASE functions include software-defined wide area network, secure web gateway, firewall as a service, cloud access security broker, and zero-trust network access.

After grasping what it is, it’s not hard to see how SASE epitomizes the architecture traits listed above that our study correlates with resilience outcomes. SASE improves operational efficiency to help security keep up with the business. Greater consolidation reduces blind spots that all-too-often lead to costly incidents. It is flexible, cloud-based architecture that maintains continuity through unexpected events. And integrated security follows users wherever they work, promoting productivity and retention.

If this evidence connecting resilience outcomes to SASE seems a bit circumstantial to you, we will make that more explicit in this last chart. We asked study participants where their organizations were in terms of implementing SASE. Not surprisingly, the majority of respondents rated their implementation as “limited” or “making progress,” with a smaller minority claiming maturity.

We then compared SASE implementation to each organization’s reported achievement of resilience outcomes and observed a significant increase across all four. To solidify that further, we created an overall resilience score based on ratings for the four outcomes and tested that against the level of SASE implementation. The chart below says it all. Organizations that haven’t made much progress on their SASE journey ranked in the bottom third for security resilience, whereas those with mature implementations reversed that fate to rank among the most resilient!

picture3 Cisco

Do the results of this study tempt you to join us in living on the edge? We hope so! At the very least, we hope this analysis demonstrates two things: 1) IT architecture makes a huge difference for resilience outcomes, and 2) SASE offers an architecture that fosters those outcomes for a more resilient organization.

To learn more about how to protect your business with security resilience, visit Cisco.


Copyright © 2022 IDG Communications, Inc.