Buying a car can be an anxiety-ridden experience for many, but personally, I love it. Aside from the numerous options you need to decide on like color, interior material, technology packages and transmissions – the most important question remains. Do you lease or do you buy? Let’s examine the possibilities, and then I promise we will talk about security.
Buying and leasing each have plenty of pros and cons. When you lease a vehicle, you typically pay less monthly, and the dealership handles repairs and maintenance. However, you’re limited to how many miles you can drive yearly, you cannot modify the car in any way, and once the lease is up, you return the car and have no real return on the money you paid. Leasing is basically renting the car from the dealer for a year, using it exactly how they want you to, on their terms, with little overall return.
Financing a car is the most common purchase method for a vehicle – and a better option than leasing for most people. You’ll pay a portion of the total vehicle cost upfront as a down payment, receive a loan for the vehicle, and then pay the balance off over a specified timeframe.
The major difference between financing and leasing is that with financing, the vehicle is yours (or the banks, if you want to get technical on me) and there are no limits on what you can do with it. Want to drive 50,000 miles (about 80467 km) a year? Go ahead! Inspired to wrap it in neon yellow? Not advised, but yes, you can do that too. You are in complete control of your vehicle, and you don’t have to return it until you’re ready to buy a new car.
The explosion of work from anywhere accelerated many trends in security, particularly around Identity and Access Management (IAM), remote access, and the Secure Access Services Edge (SASE). Organizations that did not have massive global networks and connectivity methods like Software-Defined WANs (SD-WAN) or site-to-site Virtual Private Networks (VPNs) struggled (and continue to struggle) to connect users to their daily work resources. Traditional VPNs became ubiquitous but faced massive scalability issues that required additional hardware, licensing, and massive endpoint client deployments. End-user workflows were heavily impacted with strained bandwidth and overall frustration using antiquated clients. So, what did legacy organizations do? Adopt leased networks in the name of “zero-trust” and modernization.
On paper, this makes complete sense. Why invest substantial resources and time into building a global connectivity fabric when you could work with a SASE vendor and simply use their network for transit instead? These traffic exchanges claim to offer much more value as well, including zero-trust, access policies, device health checks, Secure Socket Layer (SSL) inspection, and private application access. This type of architecture can work very well for smaller businesses, but organizations with large remote worker populations, or more risk-averse companies may want to reconsider this approach.
Let’s look at the top 3 reasons why you should consider an identity-based access and connectivity tool that does not rely on a shared traffic exchange.
True Scalability: While the cloud has brought numerous benefits, including scalability, it can be difficult for large enterprises to scale and stay agile when they are 100% reliant on a shared network service. Even the vendors hosting these services must manage how they scale, and many struggle due to limitations of public cloud or their own internal tooling that limits agile expansion.
Better Performance: While leased connectivity platforms live in the cloud, you must use some type of on-ramp or Point-of-Presence (PoP) to funnel your users into that service. The physical location of users is incredibly critical here – if a home worker is 500 miles from the nearest PoP, they will experience severe latency with bandwidth losses nearing 50%.
Zero-Trust, Not Vendor Trust: As noted above, using a rented security networking stack requires insane amounts of inherent vendor trust. To get traffic into those on-ramps, VPN or Generic Routing Encapsulation (GRE) tunnels from your locations to a vendor datacenter is required. Road warriors will need to utilize agents without proper device posture verification that slow them down due to massive bandwidth losses even when accessing direct internet resources.
Deciding whether to lease your connectivity fabric or buy your own identity-based access control tools is not a simple matter. Each organization should evaluate both options to see which better fits their unique users, applications, and risk tolerance level. But, knowing there are options can make all the difference for security practitioners who are concerned with achieving maximum performance at the best value. Now, it’s time for me to choose the trim package on my next car!
Josh Martin is a security professional who told himself he'd never work in security. With close to 5 years in the tech industry across Support, Product Marketing, Sales Enablement, and Sales Engineering, Josh has a unique perspective into how technical challenges can impact larger business goals and how to craft unique solutions to solve real world problems. Josh joined Cyolo in 2021 and prior worked at Zscaler, Duo Security, and Cisco.
Outside of Cyolo, Josh spends his time outdoors - hiking, camping, kayaking, or whatever new hobby he's trying out for the week. Or, you can find him tirelessly automating things that do NOT need to be automated in his home at the expense of his partner. Josh lives in North Carolina, USA.