Securing the Emerging Innovation of the Distributed Cloud – Secure Access Service Edge

Securing the Emerging Innovation of the Distributed Cloud – Secure Access Service Edge

By Sam Armstrong

25 Oct, 2021

By Bob Michaud, Chief Security Officer, Q2

October is Cybersecurity Awareness Month, and Q2 is a Cybersecurity Awareness Champion. As we continue our look into how Q2 is securing the emerging innovation of the distributed cloud, I want to discuss Secure Access Service Edge (SASE) and what it means to Q2’s distributed cloud model.  

SASE (pronounced “sassy”) is an Enterprise networking technology category introduced by Gartner in 2019. SASE changes security paradigms through a networking and security platform that is identity-driven, cloud-native, globally distributed, and securely connects all edges (WAN, cloud, mobile, and the Internet of things).

I started my career at a small technology company in Lincoln, NE. Information Technology, Inc. (ITI), which developed a core banking platform that supported small community banks in the U.S. The Premier solution was very successful, and it’s still being used by over 30% of the banks in the U.S. At Q2, many of our online services are positioned between the end-user and the banking core, such as Premier. Our digital banking solution provides account information, money movement, account opening, and corporate banking features that rely on connectivity to the core banking application.  

I asked Q2’s Chief Availability Officer, Lou Senko, what SASE means to our network and security.  Lou explained this network was refreshed over the past year, not just to modernize from a legacy hardware-only solution to a newer SD-WAN (Software-Defined Wide Area Network), which provides easy operation and rapid deployment and takes the extra leap forward into a SASE solution.  

Lou explained that we have many hosting environments that, to connect to primary and secondary sites and banking cores, required us to fundamentally change our connection strategy – moving away from the tried-and-true Cisco ASA point-to-point VPN network, where we supported 1,800 endpoints in a massive hub-and-spoke network, to the two datacenters in our private cloud. Although it performed as designed, it was incredibly fragile and hard to scale. Each new hosting environment we added required us to plumb to every endpoint. We needed a new scalable solution, so we moved to an SD-WAN, which allowed us to use automation to deploy, manage, monitor, and upgrade the network and gain visibility into network flows and advanced connection continuity when devices or links fail.

By partnering with Trustgrid, we have solved for that, allowing us to define which protocols, from which ports, from which IP addresses are allowed to talk to one another. It is nearly an IoT play – where can connect very discreetly. This finite control at scale is truly amazing and future-proofs us as we continue to expand on Q2’s distributed cloud footprint.

The most innovative part of our Trustgrid mesh network is that it allows us to extend our hosting security even further, protecting more digital banking experiences than ever before.  Under the old ASA VPN spoke-and-hub model, we would deploy the devices and turn most of the features off – isolating the link between Q2 and its customer and placing significant security resources at the entry-points to the hosting environments – so the link was merely an encrypted connection between our customers and us. Now, the Trustgrid mesh allows us to extend our security across to the endpoint device, including the link, meaning we can leverage innovative services that use machine learning to identify abnormal traffic on the links, augmenting the standard security tooling of SIEM, WAF, and firewalling. Q2’s SASE solution is an innovation foundation we will continue to build on for years to come. Underscoring its value, we’re proud to share the Trustgrid solution was recently recognized with the CSO50 Security Industry Leader of Impact and Innovation Award for 2021.

Join me for my final blog later this week as we wrap up this year’s Cybersecurity Awareness Month blog series with a look at the last pillar of security in our distributed cloud model – data. This security pillar means protecting the actual data with a new, innovative approach..

Thank you, and happy Cybersecurity Awareness Month!


Sam Armstrong

Written by Sam Armstrong