Everything you need from a single online experience
Currently undergoing a Fourth Industrial Revolution (4IR), the global economy operates under a new, dynamic digital paradigm. Networks are hybrid. Workforces are distributed. Applications and data are distributed, located on-premises, in the cloud, in an edge facility, or provided via Software as a Service (SaaS) from any number of vendors. Endpoints that connect to applications and data are everywhere, and still growing. Multiple devices used by employees and Internet of Things (IoT) devices pumping out the data that drives machine to machine operations. The very definition of a “user” is evolving rapidly since machines and applications need access to data and other applications.
Legacy IT architectures are insufficient to move packets fast enough or scale quick enough to support the needs of a digital driven economy. Most importantly, IT organizations are losing visibility and control. They no longer have the time or technology to aggregate the management of myriads of devices operating anywhere, on any available network, at any location. The security implications of operating a business in this environment is unnerving. Modern Businesses need a converged network and security experience offering centralized policy control, the ability to scale as needed and cloud management capability to support their current and future IT priorities.
In this environment, Secure Access Services Edge (SASE) is emerging as a direction for combining network access and security into a converged experience that orchestrates business-created access policy. Yet, the gap between SASE as a concept and SASE as a reality is wide, and the confusion might well grow as the tech industry’s hype machine builds momentum around this new conceptual framework.
The goals of this eBook are to:
What is SASE?
SASE was introduced in 2019 as a model, or experiential concept, for addressing the security needs of an increasingly distributed enterprise without impairing application performance, user experience, or complicating the IT environment. While the concept has evolved in the intervening years, SASE is still best seen as a directional north star for navigating complexity.
It is true that many vendors will attempt to sell a product they call “SASE.” This statement alone may be incomplete and possibly misleading. Let’s begin by addressing some fundamental questions as we attempt to bridge the gap between concept and reality.
What is SASE NOT?
Not SD-WAN 3.0
While SD-WAN might be a component of a given SASE framework, SASE is much more than SD-WAN on steroids.
Not a single product
Enterprises should beware of any vendor that draws on SASE’s industry buzzword status to sell you their SASE “product.”
Not simply cloud-based security
Many of the SASE components will reside in the cloud, but they must work seamlessly with other pieces of the framework, and – as the name implies – be present at the edge in ways that ensure application performance.
Not simply edge compute
Edge compute is a critical component of a SASE implementation; yet many “edges” are ideally tied together within the integrated framework to best address application performance requirements.
The SASE technology framework
Some of the SASE components will include SD-WAN, firewalls, gateways, zero trust network access, and others. Many of these technologies will be delivered “as a service” from the cloud and oftentimes different clouds depending on the mix of vendors. To maintain “best of breed” capability in any one component, multiple technology suppliers will be involved, placing an even greater priority on the expertise of the provider who integrates and manages the framework as a whole.
The SASE framework will be extendible as usage models and technologies evolve. For instance, most initial implementations will be geared toward human users. Eventually machine to machine (M2M) communications such as the IoT will be included as well as application-to-application communication and data access.
Different vendors might well lead in any one of these areas. The framework approach creates the flexibility to change, adjust, and grow solution functions and features as technology permits and the business demands.
A robust infrastructure of network, data centers, and edge nodes will tie all these pieces together. The engineering requirement to integrate all the pieces from many vendors into a holistic experience is not trivial. The role of the service provider that integrates all the pieces for the customer is paramount for successful SASE experiences. Businesses seek partners with the ability to manage the entire service stack allowing the business to quickly adjust to changes, IT staff capabilities, and focus.
For enterprise customers, the service provider offers the expertise necessary to fill in the SASE framework with the best-in-class technologies and deploy those components into a solution that the enterprise can purchase. The ideal service provider possesses three key attributes:
Infrastructure assets: A global network, efficient access to public and private data centers, and strategically situated edge nodes are the backbone of the SASE framework. This foundation provides linkages among distributed assets and data transport. It is a hybrid network that can programmatically route traffic for optimal performance based on demand and usage while accommodating different access types, whether wireless or broadband. Integrating all these into a secure solution becomes more complicated with remote, distributed workforces where a single user might log in from home, the office or on the road. Connectivity is also multi-dimensional.
The service provider needs to connect users to their applications and data wherever the users and the applications might be. Direct and dynamic connections to the major cloud providers are key and that requires the major cloud providers to have a level of trust in your service provider.
“Edge” is incorporated into SASE’s name. In addition to reducing latency, edge compute is a key enabler of the SASE framework, providing deployment sites for the multiple functions, features, and capabilities from various vendors participating in the total SASE solution. In the case of authentication services, firewalls, and other security features, edge compute facilities can check access at the earliest possible point in the network topology before access to resources of any kind is enabled.
Partner ecosystem: Each customer will have their unique needs on the SASE journey and start at different points on that path. To tailor the solution, the service provider needs a robust set of partner relationships to fill out the SASE framework so that the customer can design it to meet their specific needs. This involves different vendors, different software choices – all geared toward the best-in-class selections for each component.
Different vendors will focus on different aspects of a SASE solution set, such as zero trust or an IoT implementation. The service provider needs deep relationships with these partners. The quality of the relationship enables the provider’s ability to choose the right pieces for a given SASE implementation, and to develop the expertise in those partners’ technologies to integrate them and support them effectively.
Service management: To make this complex framework deployable and easy to manage, the service provider needs to have the capability to be the single point of contact for the customer, simplifying the overall application environment. The service provider must be able to put all responsibility under one roof, from support to a single bill for the service to the resources of both a Network Operations Center (NOC) and a Security Operations Center (SOC).
Because different enterprises will have different levels of expertise, management models should be flexible as well, from self-service to a fully managed service. As SASE providers improve their operational proficiency across these foundational areas, their ability to deliver on the unified vision of SASE increases greatly.
Trusted advisor role
When we think of SASE as a journey – not a product or a single deployment event – we must reckon with the evolution of the framework. Customers begin at different places on that journey based on their business needs and existing architectures. Their needs will change over time and new technologies will become available. A trusted advisor must play the role of guide on this journey.
A trusted advisor has the experience to know where a given customer is at on this journey and assess the next steps to take from that point. Because technology is fundamental to organizing business models and customer interaction today, this advisory role goes beyond architectures and technologies. New capabilities might create new opportunities for organizing the business. It might change the types or configuration of IT teams as silos around security or cloud operations are broken down.
As this eBook stated earlier, most SASE discussions today center on human access to resources. But, that will rapidly change as fleets of IoT devices are deployed and greater automation drives machine-to-machine (M2M) and application-to-application communication. These areas are emerging today and will mature in the next two to four years.
Many vendors will make claims about their products as they market their wares. For instance, a zero-trust approach will have to apply to these accesses as well or they become new avenues of attack.
The trusted advisor will evaluate these new technologies as they come to market and assess them for quality and architecture so the customer can have confidence in the integrity of their SASE framework.
The natural choice for this trusted advisor is the service provider who builds and supports the SASE framework. That adds a new layer of sophistication for selecting the service provider. The service provider needs to understand the customer’s business as it evolves, solving for specific use cases as they appear on the horizon.
The Fourth Industrial Revolution is upon us. The opportunities are immense. Yet, the threats of bad actors and security breaches are daunting if the digital environments we build are not secure or capable of supporting our next-generation technologies.
SASE was envisioned as a way of approaching both the promises and the concerns of the 4IR. The vision is becoming a reality. Yet, SASE is neither a static idea nor a single product easily purchased and deployed.
SASE is a journey, with many milestones, starting points, and tangents. Lumen stands ready as your service provider, trusted advisor, and fellow traveler on this journey.