SASE overview

Everything you need from a single online experience

SASE Overview

Visit lumen.com/sase for more details

Introduction

Introduction

Currently undergoing a Fourth Industrial Revolution (4IR), the global economy operates under a new, dynamic digital paradigm. Networks are hybrid. Workforces are distributed. Applications and data are distributed, located on-premises, in the cloud, in an edge facility, or provided via Software as a Service (SaaS) from any number of vendors. Endpoints that connect to applications and data are everywhere, and still growing. Multiple devices used by employees and Internet of Things (IoT) devices pumping out the data that drives machine to machine operations. The very definition of a “user” is evolving rapidly since machines and applications need access to data and other applications.

Legacy IT architectures are insufficient to move packets fast enough or scale quick enough to support the needs of a digital driven economy. Most importantly, IT organizations are losing visibility and control. They no longer have the time or technology to aggregate the management of myriads of devices operating anywhere, on any available network, at any location. The security implications of operating a business in this environment is unnerving. Modern Businesses need a converged network and security experience offering centralized policy control, the ability to scale as needed and cloud management capability to support their current and future IT priorities.

1/10

In this environment, Secure Access Services Edge (SASE) is emerging as a direction for combining network access and security into a converged experience that orchestrates business-created access policy. Yet, the gap between SASE as a concept and SASE as a reality is wide, and the confusion might well grow as the tech industry’s hype machine builds momentum around this new conceptual framework.

The goals of this eBook are to:
model framework

Understand that SASE is a technological and usage model framework

implement framework

Appreciate the real requirements of a service provider to implement that framework

SASE journey

Explore the role of the trusted advisor as enterprises embark on the SASE journey.

Lumen believes that SASE holds great promise for enterprise application environments. Implementing SASE, however, is better seen as a journey rather than an event.

2/10

What is SASE?

SASE was introduced in 2019 as a model, or experiential concept, for addressing the security needs of an increasingly distributed enterprise without impairing application performance, user experience, or complicating the IT environment. While the concept has evolved in the intervening years, SASE is still best seen as a directional north star for navigating complexity.

It is true that many vendors will attempt to sell a product they call “SASE.” This statement alone may be incomplete and possibly misleading. Let’s begin by addressing some fundamental questions as we attempt to bridge the gap between concept and reality.

Network security Seguridad de la red Network security Segurança de rede Seguridad de la red Seguridad de la red Seguridad de la red Sécurité Internet Netzwerksicherheit Network security Network security ネットワークセキュリティー Seguridad de la red Seguridad de la red Network security Network security Seguridad de la red CASB Cloud SWG Cloud SWG Cloud SWG Cloud SWG Cloud SWG Cloud SWG SWG en la nube SWG en la nube SWG en la nube SWG en la nube SWG en la nube SWG en la nube SWG en la nube Cloud SWG Nuage SWG Cloud-SWG クラウドSWG ZTNA/VPN DNS WAAPaaS FWaaS RBI Carrier Carrier Carrier Carrier Carrier Carrier Transportador Transportador Transportador Transportador Transportador Transportador Transportador Operador Transporteur Träger キャリア WAN optimization WAN optimization WAN optimization WAN optimization WAN optimization WAN optimization optimización de WAN optimización de WAN optimización de WAN optimización de WAN optimización de WAN optimización de WAN optimización de WAN Otimização de WAN Optimisation du WAN WAN-Optimierung WANの最適化 Bandwidth aggregation Bandwidth aggregation Bandwidth aggregation Bandwidth aggregation Bandwidth aggregation Bandwidth aggregation Agregación de ancho de banda Agregación de ancho de banda Agregación de ancho de banda Agregación de ancho de banda Agregación de ancho de banda Agregación de ancho de banda Agregación de ancho de banda Agregação de largura de banda Agrégation de bande passante Bandbreitenaggregation 帯域幅の集約 Networking vendors Networking vendors Networking vendors Networking vendors Networking vendors Networking vendors proveedores de redes proveedores de redes proveedores de redes proveedores de redes proveedores de redes proveedores de redes proveedores de redes Fornecedores de rede Fournisseurs de mise en réseau Networking-Anbieter ネットワーキングベンダー Network as a service Network as a service Network as a service Network as a service Network as a service Network as a service Red como servicio Red como servicio Red como servicio Red como servicio Red como servicio Red como servicio Red como servicio Rede como serviço Réseau en tant que service Netzwerk als Dienst サービスとしてのネットワーク CDN SD-WAN

3/10

integrated solutions

A set of integrated solutions and services

Because the SASE framework encompasses several technologies, some of which might come from different vendors, SASE’s “secret sauce” is as much the integration expertise as it is any one technology. Mixing and matching technologies from different vendors is a workable idea, but the engineering implications of making all those disparate pieces work together in a coherent solution should not be underestimated.

experience

An experience

Within this technology framework, SASE combines security with network functionality to improve application, end-user, and administrative experiences. Customers will no doubt soon be inundated with SASE product pitches from vendors – if they are not already – but they should not lose sight of the end goal that every user or endpoint should get access to the resources they need, and all accesses should be secure and efficient.

Businesses need partners that offer flexible management that fits their current and future IT staff requirements, expertise, and prioritizes. As they continue to transform their day-to-day work environments, the ability to offload service management will support these changing needs.

architectural framework

An architectural framework

The reality is that SASE will be composed of numerous technologies that together enable security across environments, endpoints, access locations, and topologies, while maintaining application performance and business agility.

The complete implementation might look different from one enterprise to the next depending on the specific needs of that organization. This software-defined framework gives enterprises the flexibility to think strategically about connecting users, applications and data, then deploy rethink, change, and scale as needs change.

4/10

What is SASE NOT?

SD-WAN

Not SD-WAN 3.0

While SD-WAN might be a component of a given SASE framework, SASE is much more than SD-WAN on steroids.

single product

Not a single product

Enterprises should beware of any vendor that draws on SASE’s industry buzzword status to sell you their SASE “product.”

cloud-based security

Not simply cloud-based security

Many of the SASE components will reside in the cloud, but they must work seamlessly with other pieces of the framework, and – as the name implies – be present at the edge in ways that ensure application performance.

edge compute

Not simply edge compute

Edge compute is a critical component of a SASE implementation; yet many “edges” are ideally tied together within the integrated framework to best address application performance requirements.

SASE is not a single product you can just buy. It is more accurate to think of SASE as a journey to an ideal state of security, access, and end-user experience that can be managed through a single pane of glass.

5/10

The SASE technology framework

Some of the SASE components will include SD-WAN, firewalls, gateways, zero trust network access, and others. Many of these technologies will be delivered “as a service” from the cloud and oftentimes different clouds depending on the mix of vendors. To maintain “best of breed” capability in any one component, multiple technology suppliers will be involved, placing an even greater priority on the expertise of the provider who integrates and manages the framework as a whole.

The SASE framework will be extendible as usage models and technologies evolve. For instance, most initial implementations will be geared toward human users. Eventually machine to machine (M2M) communications such as the IoT will be included as well as application-to-application communication and data access.

Different vendors might well lead in any one of these areas. The framework approach creates the flexibility to change, adjust, and grow solution functions and features as technology permits and the business demands.

A robust infrastructure of network, data centers, and edge nodes will tie all these pieces together. The engineering requirement to integrate all the pieces from many vendors into a holistic experience is not trivial. The role of the service provider that integrates all the pieces for the customer is paramount for successful SASE experiences. Businesses seek partners with the ability to manage the entire service stack allowing the business to quickly adjust to changes, IT staff capabilities, and focus.

SASE Technology Framework

6/10

For enterprise customers, the service provider offers the expertise necessary to fill in the SASE framework with the best-in-class technologies and deploy those components into a solution that the enterprise can purchase. The ideal service provider possesses three key attributes:

Infrastructure assets: A global network, efficient access to public and private data centers, and strategically situated edge nodes are the backbone of the SASE framework. This foundation provides linkages among distributed assets and data transport. It is a hybrid network that can programmatically route traffic for optimal performance based on demand and usage while accommodating different access types, whether wireless or broadband. Integrating all these into a secure solution becomes more complicated with remote, distributed workforces where a single user might log in from home, the office or on the road. Connectivity is also multi-dimensional.

The service provider needs to connect users to their applications and data wherever the users and the applications might be. Direct and dynamic connections to the major cloud providers are key and that requires the major cloud providers to have a level of trust in your service provider.

“Edge” is incorporated into SASE’s name. In addition to reducing latency, edge compute is a key enabler of the SASE framework, providing deployment sites for the multiple functions, features, and capabilities from various vendors participating in the total SASE solution. In the case of authentication services, firewalls, and other security features, edge compute facilities can check access at the earliest possible point in the network topology before access to resources of any kind is enabled.

SaaS Public Public Public Public Public Public Audiencia Audiencia Audiencia Audiencia Audiencia Audiencia Audiencia Público Public öffentlich 公衆 Web Web Web Web Web Web Netz Netz Netz Netz Netz Netz Netz Rede la toile Webseite Webサイト Security: Protect traffic from multiple locations at the cloud edge Security: Protect traffic from multiple locations at the cloud edge Security: Protect traffic from multiple locations at the cloud edge Security: Protect traffic from multiple locations at the cloud edge Security: Protect traffic from multiple locations at the cloud edge Security: Protect traffic from multiple locations at the cloud edge Seguridad: Proteja el tráfico de múltiples ubicaciones en el borde de la nube Seguridad: Proteja el tráfico de múltiples ubicaciones en el borde de la nube Seguridad: Proteja el tráfico de múltiples ubicaciones en el borde de la nube Seguridad: Proteja el tráfico de múltiples ubicaciones en el borde de la nube Seguridad: Proteja el tráfico de múltiples ubicaciones en el borde de la nube Seguridad: Proteja el tráfico de múltiples ubicaciones en el borde de la nube Seguridad: Proteja el tráfico de múltiples ubicaciones en el borde de la nube Segurança: Proteja o tráfego de vários locais na borda da nuvem Sécurité: Protégez le trafic de plusieurs emplacements à la périphérie du cloud Sicherheit: Schützen Sie den Datenverkehr von mehreren Standorten am Cloud-Edge 安全: クラウド エッジの 複数の場所からトラフィ ックを保護します Network: Decentralized Network: Decentralized Network: Decentralized Network: Decentralized Network: Decentralized Network: Decentralized Red: Descentralizado Red: Descentralizado Red: Descentralizado Red: Descentralizado Red: Descentralizado Red: Descentralizado Red: Descentralizado Rede: Descentralizado Réseau: Décentralisé Netzwerk: Dezentral 通信網: 分散型 Security stack Security stack Security stack Security stack Security stack Security stack pila de seguridad pila de seguridad pila de seguridad pila de seguridad pila de seguridad pila de seguridad pila de seguridad Pilha de segurança Pile de sécurité Sicherheitsstapel セキュリティスタック SD-WAN Work from anywhere Work from anywhere Work from anywhere Work from anywhere Work from anywhere Work from anywhere Trabaja desde cualquier lugar Trabaja desde cualquier lugar Trabaja desde cualquier lugar Trabaja desde cualquier lugar Trabaja desde cualquier lugar Trabaja desde cualquier lugar Trabaja desde cualquier lugar Trabalhe de qualquer lugar Travaillez de n'importe où Arbeiten Sie von überall どこからでも作業 Branch offices Branch offices Branch offices Branch offices Branch offices Branch offices Sucursales Sucursales Sucursales Sucursales Sucursales Sucursales Sucursales Filiais Succursales Niederlassungen 支店 Data center/HQ Data center/HQ Data center/HQ Data center/HQ Data center/HQ Data center/HQ Centro de datos/sede central Centro de datos/sede central Centro de datos/sede central Centro de datos/sede central Centro de datos/sede central Centro de datos/sede central Centro de datos/sede central Centro de dados/HQ Centre de données/siège Rechenzentrum/Hauptsitz データセンター/本社

7/10

Security providers Security providers Security providers Security providers Security providers Security providers Proveedores de seguridad Proveedores de seguridad Proveedores de seguridad Proveedores de seguridad Proveedores de seguridad Proveedores de seguridad Proveedores de seguridad Fournisseurs de sécurité Provedores de segurança Sicherheitsanbieter セキュリティプロバイダー Infrastructure Infrastructure Infrastructure Infrastructure Infrastructure Infrastructure Infraestructura Infraestructura Infraestructura Infraestructura Infraestructura Infraestructura Infraestructura Infrastructure A infraestrutura Infrastruktur インフラストラクチャー Cloud providers Cloud providers Cloud providers Cloud providers Cloud providers Cloud providers Proveedores de la nube Proveedores de la nube Proveedores de la nube Proveedores de la nube Proveedores de la nube Proveedores de la nube Proveedores de la nube Fournisseurs de cloud Provedores de nuvem Cloud-Anbieter クラウドプロバイダー Applications Applications Applications Applications Applications Applications Aplicaciones Aplicaciones Aplicaciones Aplicaciones Aplicaciones Aplicaciones Aplicaciones Formulários Applications Anwendungen アプリケーション Partner Ecosystem Partner Ecosystem Partner Ecosystem Partner Ecosystem Partner Ecosystem Partner Ecosystem Ecosistema de socios Ecosistema de socios Ecosistema de socios Ecosistema de socios Ecosistema de socios Ecosistema de socios Ecosistema de socios Ecossistema de parceiros Écosystème de partenaires Partner-Ökosystem パートナーエコシステム

Partner ecosystem: Each customer will have their unique needs on the SASE journey and start at different points on that path. To tailor the solution, the service provider needs a robust set of partner relationships to fill out the SASE framework so that the customer can design it to meet their specific needs. This involves different vendors, different software choices – all geared toward the best-in-class selections for each component.

Different vendors will focus on different aspects of a SASE solution set, such as zero trust or an IoT implementation. The service provider needs deep relationships with these partners. The quality of the relationship enables the provider’s ability to choose the right pieces for a given SASE implementation, and to develop the expertise in those partners’ technologies to integrate them and support them effectively.

Service management

Service management: To make this complex framework deployable and easy to manage, the service provider needs to have the capability to be the single point of contact for the customer, simplifying the overall application environment. The service provider must be able to put all responsibility under one roof, from support to a single bill for the service to the resources of both a Network Operations Center (NOC) and a Security Operations Center (SOC).

Because different enterprises will have different levels of expertise, management models should be flexible as well, from self-service to a fully managed service. As SASE providers improve their operational proficiency across these foundational areas, their ability to deliver on the unified vision of SASE increases greatly.

8/10

Trusted advisor role

When we think of SASE as a journey – not a product or a single deployment event – we must reckon with the evolution of the framework. Customers begin at different places on that journey based on their business needs and existing architectures. Their needs will change over time and new technologies will become available. A trusted advisor must play the role of guide on this journey.

A trusted advisor has the experience to know where a given customer is at on this journey and assess the next steps to take from that point. Because technology is fundamental to organizing business models and customer interaction today, this advisory role goes beyond architectures and technologies. New capabilities might create new opportunities for organizing the business. It might change the types or configuration of IT teams as silos around security or cloud operations are broken down.

As this eBook stated earlier, most SASE discussions today center on human access to resources. But, that will rapidly change as fleets of IoT devices are deployed and greater automation drives machine-to-machine (M2M) and application-to-application communication. These areas are emerging today and will mature in the next two to four years.

Many vendors will make claims about their products as they market their wares. For instance, a zero-trust approach will have to apply to these accesses as well or they become new avenues of attack.

The trusted advisor will evaluate these new technologies as they come to market and assess them for quality and architecture so the customer can have confidence in the integrity of their SASE framework.

The natural choice for this trusted advisor is the service provider who builds and supports the SASE framework. That adds a new layer of sophistication for selecting the service provider. The service provider needs to understand the customer’s business as it evolves, solving for specific use cases as they appear on the horizon.

Conclusion-SASE

9/10

Conclusion

The Fourth Industrial Revolution is upon us. The opportunities are immense. Yet, the threats of bad actors and security breaches are daunting if the digital environments we build are not secure or capable of supporting our next-generation technologies.

SASE was envisioned as a way of approaching both the promises and the concerns of the 4IR. The vision is becoming a reality. Yet, SASE is neither a static idea nor a single product easily purchased and deployed.

SASE is a journey, with many milestones, starting points, and tangents. Lumen stands ready as your service provider, trusted advisor, and fellow traveler on this journey.

10/10

back-arrow
×
Please select which section you want to download
Download