Clicky

Networking and Security: Why SASE Needs to be a Priority – Futurum Tech Webcast Interview Series
by Daniel Newman | August 2, 2021

On this episode of the Futurum Tech Webcast – Interview Series I am joined by Samantha Madrid, Vice President, Security Business & Strategy at Juniper Networks. Our discussion was a timely one centered on the security risks and hacks we’ve seen in the last few months and what CISO’s need to know to be better prepared for the future.

Why SASE Needs to be a Priority

My conversation with Samantha also revolved around the following:

  • An overview of the recent hacks we’ve witnessed
  • How companies are shifting the way they view security
  • What key factors are driving the adoption of SASE
  • What the market needs to know about SASE
  • Where SASE needs to be on the priority list of the future

If you’d like to learn more about SASE and what Juniper Networks can do for you, check out their website. And while you’re at it be sure to hit the subscribe button so you never miss an episode of the webcast.

Watch my interview with Samantha here:

You can also listen to my interview with Samantha below or on your favorite streaming platform.

Don’t Miss An Episode – Subscribe Below:

 

Disclaimer: The Futurum Tech Webcast is for information and entertainment purposes only. Over the course of this podcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we do not ask that you treat us as such.

Transcript:

Daniel Newman: Hey, everybody. Welcome to the Futurum Tech Podcast, Futurum Tech TV. I’m your host, Daniel Newman, principal analyst, founding partner at Futurum research. Excited about this episode of the Futurum Tech Podcast Interview Series. I’ve got Samantha Madrid, one of the top executives at Juniper Network, leads our security group and I’m going to have her on in just a minute. She’ll tell you all about herself, but this show we’re going to cover what’s going on in cybersecurity, the state of the space, some of the big hacks and some of the big threats that are going on. She’s got a lot of insights. Excited to talk to her about that.

Also, we’re going to talk about SASE and I’m not talking about being sassy. I’m talking about the technology and I think everyone that’s watching this show knows that. But very important that if you don’t, that you do. And before I have her on also just as I always do, a quick slate of disclaimers. This show is for information and entertainment purposes only and while I will be talking to, with and about publicly traded companies, please do not take anything I say on the show as investment advice. All right. Without further ado, I want to get this party started, going to invite Samantha from the backstage to join me here on the show. Samantha, welcome to the Futurum Tech Podcast.

Samantha Madrid: Hey Daniel, how are you? Thanks for having me.

Daniel Newman: Great to have you. It’s been awhile since we chatted, but I remember I had a great time talking to you. A lot going on, been some serious breaches that have happened in the last several months. I think that’s going to give us some great fodder to spend some time talking about, but before we do that, you as the guest of honor on this episode of the each Futurum Tech Podcast interview series, go ahead and introduce yourself and tell everybody a little bit about your work and what you do at Juniper Networks.

Samantha Madrid: Yeah, absolutely. So thanks again Daniel. I’m Really glad to be here. So Samantha Madrid, I lead the security business here at Juniper Networks. I’m responsible for all our security technologies across all our customer segments. So enterprise, cloud and service provider, and the security industry is certainly taking shape. I’m excited to be here to talk to you a little bit more about it.

Daniel Newman: Yeah, there is a lot going on in that space and it is really great that you were able to come back and talk. I remember being really, having the chance to first time you briefed me on the business and what you guys are doing over in security. And I said the world needs to hear a little bit more from Juniper, especially some of the things that you and your team are doing very ambitious. You guys definitely seem to have your fingers on the pulse of what’s going on in the space. And I don’t need to tell that story because you’re going to get the chance to do that. But before we do jump into some of the product solutions, I definitely want to hear more about what you’re doing in SASE. Hey, let’s just set the stage here for a minute.

We’ve got a world that’s just more attuned to all the events, all the current events. And of course, we’ve got a media that loves nothing more than a great sensational story. What? The last nine months we had SolarWinds, major, major hack, got a lot of headlines. Microsoft had the Exchange hack infected and affected a lot people around the world. We’ve had Silicon level hacks over the last few years. Intel had some major challenges that it was facing with some vulnerabilities. Silicon levels were hanging at the silicon at the infrastructure level, at the software level and even recently we’re seeing ransomware play out with the colonial pipeline attack.

So much going on and these are just the ones we’re hearing about. I mean, and if we’re hearing about it, they’re big. And more and more you’re starting to hear this, it’s not if you get hacked, it’s when you get hacked. And if it’s not how if you get hacked, it’s how big the hack is. So you’re hearing more and more about this, but security is in focus. Kind of what’s your general perspective on the market on security, what’s going on with all these hacks? What is going on Samantha?

Samantha Madrid: Million dollar question? So all the attacks you highlighted are great examples of how cybersecurity affects everyone. Bad actors, whether they’re state sponsored or in business for themselves look for weaknesses and opportunities to exploit those weaknesses, which is why visibility, intelligence and enforcement everywhere within the technology that’s being deployed as well as how it impacts your employees is critical.

Daniel Newman: Yeah. I think that makes a lot of sense. Now when you sit there in the role that you’re in Samantha and you turn on CNBC or even the Nightly News because this isn’t just business media anymore. You’re hearing about these hacks on your local news station as a national news story. What’s your reaction when you kind of hear these things happen? I mean, are you just totally callous about it now or do you kind of just, do you raise an eyebrow? Do you go, oh my gosh, this is an opportunity? I mean, how do you react each time you hear about one of these big breaking security stories?

Samantha Madrid: Well, it’s certainly a concern, right? Security historically has been siloed in deployment and operation meaning there have been a very network centric view as well as a more traditional security view. And both present their challenges. This is fundamentally why we need to really think differently about security and why… Frankly, I fundamentally believe that when you hear about these instances that have taken place and you read about them, it just reinforces that security is everybody’s problem, right? Technology is pervasive. You have your smart, connected devices. Those are gateways. Those are gateways to SaaS applications, to company issued technologies.

You are directly accessing confidential information on your company’s network. You have to treat it as such. So conceptionally, kind of you think about it from a pre-pandemic era. We are now starting to see that security needs to be a part of everything. And so again, we have to think differently and that’s fundamentally the path that I’ve been on with the team here at Juniper is we have to change how you secure a network and we call this connected security. And fundamentally it’s about bringing security to every point of connection so that you are not just safeguarding your users, but you’re safeguarding your users, your application and your infrastructure.

Daniel Newman: And you make a great point too because so much of the security vulnerabilities, they’re not these big coordinated attacks that you see in the beginning of a movie where you see a hack going through the wire and the wire running all the way through to the central nervous system of like the CIA or the FBI. I mean, you’re seeing a lot of times, this is some really rudimentary stuff because the fact is there are so many endpoints, there are… And when I say rudimentary, I don’t mean that there’s not a certain amount of sophistication in the black hat arts of creating something that can spread and create a lot of pain for somebody, but I guess what I’m kind of saying is it’s like clicking on one of those links from the prince of Nigeria that wants to send you money.

It’s like in the world of entrepreneurship, right? They call it like the law of averages. You call enough people, you might get a sale. Well, it’s kind of like you send the hack to enough people. I mean, even like those, I remember those very, very coordinated attacks where you’d go to a popular spot like a ball game and you would drop a bunch of USB drives all over the place and people would pick them up and somebody might just take that thing, put it in their bag, put it in their pocket, stick it in their machine. It’s like a lottery. I mean, you don’t know if you’ve got someone that was a finance or accounting person at a fortune company or you’ve got someone that’s going to have no real valuable information, but either way, they’re silly.

And then they go all the way up to the very, very, most sophisticated stuff that you see like in Mr. Robot where they’re breaking into data centers and putting Raspberry Pie inside the men’s bathroom. But overall, we do create because we are seeing just some of the secular trends right now with COVID is, right, more than one PC per household. You’re in numerous devices now. We’re going to where we have a mobile phone, we have a tablet, we have a laptop, we have a desktop.

Samantha Madrid: You have a smart home.

Daniel Newman: Yeah. You’ve got a smart one on your wrist. And people carrying…. And what I’m saying is every one of these devices is a surface, they’re all attack surfaces. And some of them were much better at securing than others, but a lot of us are lazy. A lot of people as a society are pretty lazy. We pretty much take for granted that our four digit security code or whatever is going to actually do the trick, even when there is multifactor and there is biometric and we don’t even turn it off. I mean, as a society, it’s kind of interesting to watch this.

Hopefully enterprises take the lead here. So you built this connected security business. It’s certainly what caught my attention. I do think your concept of kind of having this edge focused approach is critical even though these data centers definitely need to be hardened, definitely needs some attention.

SASE is something though. I wanted to take a little time and talk to you about too, because this has become the epicenter of so many security conversations I’ve had over the past several months. It seems like it’s a wave. It’s had a marketecture wave to it, but it also has a pretty significant usability and adoption wave. What’s going on? Just to start from the beginning. For those that don’t know, what is SASE kind of, and then give a little background on how it’s really starting to play a bigger part in your strategy.

Samantha Madrid: Yeah, I’d be happy to. So fundamentally what we’re seeing before we kind of get into the definition of SASE is a convergence between networking and security and kind of bringing those two traditionally separate functions within an organization together. So you have kind of this better together strategy that’s happening across enterprises and large organizations worldwide. And the benefit of that is the cloud. And that’s where you kind of hear about SASE and that’s where SASE kind of comes into the picture. To me, SASE is an architecture full stop. It is not a product. It is a combination of technologies together delivered from the cloud. What the cloud means in the most simplest terms to me, it means access. It means more opportunities to connect. It means access to broader technologies worldwide. It means you could accomplish more and you have scale. You can reach your users wherever they are.

You’re no longer putting the infrastructure onus on the customer or are on the enterprise. So the benefit of this is that it evens the playing field for all, whether you’re a very large global 50 enterprise or you’re a smaller midsized enterprise, or even a small company. You can have access to the same advanced security capabilities that any company has and you can do so at your pace. And the benefit of it in looking at SASE as an architecture, is that you’re able to leverage your existing technology that you have in your environment as you make that architectural transition. So when we at Juniper embarked on SASE, we did so with an operational approach. As a company, Juniper is very, very laser-focused on being experience led. And so what that means for SASE, it means you’re taking your existing technologies, maybe that’s a firewall, your proxy, your advanced threats ATP capabilities and you’re moving those to the cloud.

But the reality is you’re not doing that overnight. You’re actually doing that, maybe it’s site by site, maybe it’s a segment of your network or a segment of your users. And so the key thing is operational. And I think what’s being often missed in a lot of the hype in the conversations around SASE is it’s being relegated to a product. And I think that’s going to set a lot of customers up for a failure quite frankly, if I can be so bold because it’s not like you’re starting nor should you start from scratch, but it’s what a lot of vendors would have you believe that you can just completely start from level zero. But no organization does that. Let me give you a perfect example. So when you move, in fact, Daniel, you just moved just recently. When you move from one house to another, you take your possessions with you. You don’t typically start from scratch.

And very, very few people could throw all their furniture, their personal belongings away and then completely rebuild anew. That’s not reality. And then when you do that, you realize, oh, wait, I should have kept that photo album. I should’ve kept that TV. And I’ve already gotten that working for myself. So, and this is a very simplistic way of really thinking about SASE as an architecture. So what we’re building is something called SD cloud. It’s our SASE portal. It allows a customer to take their existing on-prem security and move it to the cloud at their pace. It’s able to replicate all of their policies from they’ve been using on-prem and put them in the cloud. So as changes are made, they never have to skip a beat. This is called taking an operational approach and it’s been very effective and exciting a lot of customers because when they doubled clicked and looked at other solutions in the market, they’re literally having to start from a clean slate.

And I don’t know about you, but having to build a brand new set of security policies from scratch, companies don’t want to do that. It’s not realistic. And so we’re really trying to take that approach that is driven by operations. It’s able to migrate a customer at their pace, at what policy is important to them. To put it a different way, I’m a big fan of Apple, and we’re taking an iCloud approach to SASE, meaning iCloud similarly is the point of enforcement and then you have all your apple devices connecting. The same holds true with SD cloud, whether you are using our firewalls or advanced security capabilities or you’re utilizing our security intelligence tied into your networking equipment, like routers and switches and wireless access points. All of that will be managed, configured and operationalized through SD cloud.

Daniel Newman: Yeah, I like the way that narrative comes together. The first thing when I started hearing SASE, I just started thinking software defined. I mean, that was the first thing when I was sort of listening to the strategy. As I said, we’ve moved to a world where, right, you used to think of security as racks and racks of firewalls and different hardware, gatekeepers in different just hardware infrastructure that was used the same way a server would be used. But we’ve democratized so much technology with software, we’ve optimized so much and even now the way we’re doing it with chips and the way we’re using like GPUs, or different types of architectures now to allow general CPUs to be most efficient at what they’re doing, whatever type of workloads they’re built to be faster and we’re building other fabrics and software that allow for more effective networking or storage to be… Because what it’s really all about, right, is getting the computer and the data as close together as possible.

Well, here you have all this infrastructure and what you really need is how do you simplify the management? I like that the moving actually because it’s kind of like what… It’s my life right now. I will say there was a part of me that did want to throw everything away. I do have some clothes that I don’t know why I still own. And then some furniture that I think I bought when I was like 22 and I just turned 40 this year. So it’s probably time, but I still moved most of it and I definitely to your point kept those family photographs because there are the parts of what you’re building that are totally instrumental to everything that you’re doing. But I think the pandemic really did sort of put a spotlight on all of this when we saw what it did from VPN to having to go to software to find that the WAN just to be able to handle capacity and be able to give access and secure access to employees of all the applications and the VPN wasn’t really well-designed to scale from 500 users to 50,000 users for companies overnight.

So they using software defined and the way and they were able to do that, security… This SASE approach seems to be really taking off, but… And also you mentioned the cost, right? Because it is more cloud-like, it’s consumption like it’s, it’s cost effective at least to scale. Like everything you start doing enough of anything and there’s the cloud economics and the heart, they start to become in question, but that’s the job of the CISO and the executives and the financial leaders in the business to look at that. But SASE does obviously always have that part to play, which takes me to my kind of last topic I want to spend a few minutes with you on is the CISO. So I kind of wanted to bridge you right there. Hopefully I did a good job.

We talked a little bit philosophically about what all this means and we… But CISOs right now are the ones sitting there and they might be a CIO, CTO. We don’t want to exclude be exclusionary of anybody. We know titles can be a little bit different in every organization, but you’re sitting there and you have the pressure of knowing that your company is a target. Every CISO out there knows their company is a target. Nobody’s below or above it. And so where does SASE fit? Where does that fit in the journey? What should CISOs be thinking about Samantha? What are you talking about when you’re in the room and when your team is in the room with these leaders, telling them how to approach SASE. And of course, what is Juniper? Why is Juniper a great partner choice?

Samantha Madrid: Absolutely great questions. So first of all, again, because SASE is an architecture, you should really look at your goals or as you embark upon that transition from it, an operational lens. And so I always like to say with any new project, personal or professional, what are my goals? What am I looking to get out of this over the 12, 36 months from now and even looking further. And so if you want to start, what’s what’s the end in mind? And then you want to come back in from there. The starting point should be what current technologies do I have that I want to continue to leverage. That includes your policies, because this is an opportunity for change. You said yourself, there were some clothes in your move and you were like, why do I still hold onto this? And similarly, if you translate that to policies and operational structures, this is your opportunity to redefine those.

However, you’ve made a lot of investments in things and organizations have made a lot of investments in their technologies. And I would imagine you want to leverage and maximize your investment. So you want to start by saying, what technologies, what do I want to keep? And then you want to say, what are my priorities? In terms of security, is it about securing whether [inaudible] usage? Is this securing the connectivity? Is it certain applications? What data is the most important that I need to prioritize in terms of securing. And then my rollout plan needs to be centered around those goals. And what’s your transition look like? Can I use my existing policies? Do I have to migrate and set up new? What does this mean for my team? Do I need to hire new people? And all of these questions should be answered before you start.

I can’t stress enough, the ability to leverage your existing operational efficiencies when you make that transition is going to pay dividends for you longer term, operationally speaking. Most of the time where people who are targeting your environment tend to leverage those transition points because in the past, people have attempted to start from scratch. And when you start from scratch, you have a higher degree of human error. And in that error and those gaps in visibility and coverage is where people target. So if you can take your existing technology, if you can take those policies associated with that technology and you could automatically through orchestration, put those in your SASE architecture, you’re already a step ahead, which means you don’t have the blind spot going into a new architecture. And then you kind of build from there.

It doesn’t mean you don’t refine. It doesn’t mean you don’t subtract because I do believe anytime you make that transition, it should not just be an addition, it should be a subtraction as well, because that’s how you’re going to maximize the balance between your operational efficiencies and the cost of the output of those.

Daniel Newman: Yeah, absolutely. I think you hit it on the head and for the CISOs out there and of course those that are basically going through the exercise, selling this upstream to the board, to the leadership of the company, and then of course doing your job, wanting to make sure that you are not one of those headline names that your company was hacked. And look, it’s a tough job. And these types of technologies are going to make it easier. It’s just like how the cloud made ERP easier to deploy on a corporate wide level. Security needed to be simplified, needed to be further democratized. And this is a technology that changes the complexities of the role, doesn’t replace them or eradicate them in any way.

So Samantha Madrid, thank you so much. I’m really glad we were able to get you back here on the pod. We love conversations like this. Security is one of those things near and dear to my heart, doesn’t get enough attention, doesn’t get enough time on the docket, but anyone that’s ever felt like they’ve been breached and vulnerable, had their data stolen from them, it just takes once. It just takes once, whether you’re the entrepreneur, the business owner or just personally, you get hacked to go, oh my gosh, never going to do that again. But Juniper Networks is doing a lot of great things. You leading this business, congratulations on all the success.

Samantha Madrid: Thank you.

Daniel Newman: Hope to have you back soon.

Samantha Madrid: Well, it was a pleasure. Thanks so much Daniel. And I would love to come back.

Daniel Newman: All right, everybody. Thank you so much for tuning in. Wasn’t that great? Samantha Madrid, VP of security, business and strategy at Juniper. Great story. Love what they’re doing over there. Definitely something to pay attention to. Check out the show notes. I’ll put some links where you can learn a little bit more about the business, about Juniper’s SASE strategy. And also of course, check out all of the Futurum Tech Podcast interviews. We have lots of great conversations with the leading executives of the biggest and most prestigious tech companies in the world. That’s what we do here. We break it down. It’s a lot of fun to get underneath the hood because we love technology here at Futurum Research. But for now, for this episode, it’s time to say goodbye. So hit that subscribe button, share with your friends on social media and tune in again real soon.

About the Author

Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. Read Full Bio