Why Retail and Hospitality Companies Need SASE

November 1, 2023
IT Security, Retail

With Secure Access Service Edge — known as SASE and pronounced sass-ee, companies can eliminate the effort and costs required to maintain complex and fragmented infrastructure made of point solutions, reduce the risk for breach and data loss with optimal security posture, enable secure work from anywhere, and improve access to global applications on-premises and in the cloud. Not surprisingly, there’s a huge need for SASE solutions in the retail and hospitality industries.

The Security-Performance Challenge

The companies that fall in the retail and hospitality category — ranging from large department stores and small mom-and-pop businesses to restaurants and hotels — strive to increase efficiency and reduce costs while ensuring an excellent experience for their customers. That experience can take place onsite (and often at many sites) or online.

Traditionally, delivering both performance and user experience has come at the cost of security. That’s largely due to the fact that deploying a comprehensive, high-performance security stack to every location can create extreme complexity and be cost-prohibitive. This has become more challenging over time as many resources that were once centralized in the data center, such as Voice over Internet Protocol (VoIP) VOIP and Point of Sale (POS), and are now delivered as cloud services.

Adding to the challenge is the critical nature of connectivity for retail and hospitality companies’ locations. Without the ability to communicate, check inventory status, process credit card transactions, and perform other technology-reliant activities, business can come to a standstill. That results in lost productivity, lost customers, and lost revenue.

Connectivity and Security Concerns

Most companies in the retail and hospitality space are managing connectivity and security for multiple geo-diverse locations, sometimes globally. They must prioritize critical systems, deliver guest wi-fi, and protect against insider threats and targeting by organized threat actors, among other security-related activities.

With the legacy model, this has often been accomplished by utilizing costly MPLS links or complex VPN tunnel connectivity between a company’s locations and a centralized data center where security was applied and the business resources hosted. However, MPLS is not always available. The public Internet is better suited for cloud access and the flexibility required to handle the turbulent retail and hospitality markets.

The public Internet also creates concerns as ISPs typically prefer cost savings over performance, introducing an unpredictable transport that suffers from packet loss, jitter, and latency issues — not to mention insufficient security. Few, if any, companies can afford the financial costs that come when security fails and data breaches occur. In 2023, the global average cost of a data breach was $4.45 million, a 15% increase over three years.

The SASE Solution

SASE addresses the aforementioned issues, starting with branch connectivity. Native SD-WAN, as part of a SASE solution, reduces cost and complexity. At the same time, it allows organizations to deliver reliable connectivity using commodity broadband links and 4G/5G wireless connectivity.

The hardware is often readily available and easy to deploy and procured as a low-cost OPEX subscription. This makes it possible to deploy high-availability pairs at every location.

From here, traffic is sent to the closest SASE point of presence (PoP), where security and zero-trust access policies are applied. Guest Wi-Fi can be filtered using SWG, while intrusion prevention systems (IPS) and next-generation anti-malware (NGAM) protect the location from threats. Meanwhile, Cloud Access Security Brokers (CASBs) and Data Loss Prevention (DLP) help to maintain data sovereignty and PCI compliance.

Next, traffic is sent over a global private backbone while applying Quality of Service (QoS) bandwidth prioritization policies, Transmission Control Protocol (TCP) acceleration, and packet-loss mitigation, egressing at another Point-of-Presence (PoP) close to the destination, whether it’s a private data center, public cloud, or SaaS application. This improves performance and reliability while ensuring that all data in transit is secured.

The Final Analysis

Overall, SASE enables consistent, comprehensive security for retail and hospitality companies of all sizes without creating complexity or adding to administrative overhead and costs. These companies can minimize business interruptions and deliver exceptional user experience without compromise, enabling transformation and cloud adoption. Importantly, all of this can occur with the agility and flexibility of the cloud, futureproofing the deployment for whatever is next.

To learn more about SASE and how it can benefit your business, contact us.

Note: The information in this blog is based on information provided in Cato Networks’ whitepaper: SASE for Different Verticals. Cato, a US Signal partner, is the company behind US Signal’s Cato SASE Cloud.