A recent survey Opens a new window revealed the network insights from 1,350 global enterprises across industries. Among the main observations was an uptick in coupling and networking (SD-WAN) and security (SASE). This article by David Ginsburg, vice president, product and solutions, Aryaka, explores how enterprises can implement SASE in the near- and mid-term.
How does all the discussion, and in some corners, confusion around the Secure Access Service Edge (SASE) relate to a cloud-first architecture and service delivery model? First off, the very concept of SASE, delivered at the cloud edge, is best delivered as part of a managed service. One could call this ‘Managed SASE’ if that does not sound too redundant. And, given that connectivity via SD-WAN is one of the key elements of a SASE architecture, what has been called network-as-a-service (NaaS) also points to this direction.Â
To complete the picture, another relevant term falling out of use since SASE appeared is Security-as-a-Service (SECaaS) instead of SaaS for obvious reasons. Lastly, some use the term Managed Security Service or MSS. In any case, the concept is the same – a fully managed networking and security service delivered from the cloud edge to HQs and branches, remote workers, and into the multi-cloud fabric.Â
So, what is the ideal architecture to realize these capabilities? And how do enterprises expect to implement SASE, at least for the near- to mid-term? This is where ‘cloud-first’ comes into play.
Learn More: 5 Most Common Security Gaps Every Organization Struggles With
The Cloud-Edge Services PoP for SASE
Figure 1: SASE Capabilities Architecture
The ideal way to implement this is via what we call a Services Point-of-Presence (PoP), a termination and aggregation point for sites, users, and even devices (i.e., IIoT), and that includes the required processing and storage to instantiate SASE capabilities (Figure 2).Â
Figure 2: Services PoP Architecture
This is a ‘cloud-firstOpens a new window ‘ approach that leverages what many term the “cloud consumption model,†based on OPEX versus CAPEX and delivers the agility, scalability, and simplicity that have become so critical over the past year. But cloud-first is not just a Cloud Service Provider (CSP) by another name. It is a service delivery approach predicated on the cloud and, in fact, aligns with enterprise digital transformation initiatives. And, you probably have read about enterprises making the statement that they are “cloud-first.â€
Note that this Services PoP is different from a basic routing and switching transport hub since although the managed Customer Premises Equipment (CPE) may have some security capabilities, that is not the essence of a SASE deployment. Nor is a cloud-delivered overlay approach that cannot deliver Service Level Agreements (SLAs). The managed CPE at the “Services Edge†must therefore handshake with a Services PoP that instantiates the different services, connects to the orchestration platform, and offers secure handoffs to CSPs and SaaS applications.
Learn More: Rise of the Network Edge: New Approaches Needed To Secure the Edge
Addressing Complexity
This managed offer also addresses many, if not all, of the issues identified by IT. As the WAN and the number of applications deployed grow, IT is looking to invest in solutions to resolve barriers that include complexity, performance, agility, cost and, of course, security, items covered in the 5th Annual State of the WAN SurveyOpens a new window (Figure 3). The enterprise’s SASE approach must therefore not be short-sighted given market momentum, with over three-quarters stating that they are either deploying today or will deploy in the next two years (Figure 4). It must be based on an architecture that does, in fact, address these issues. What is this approach?
Figure 3: State of the WAN, WAN Challenges
Figure 4: State of the WAN, SASE Momentum
A Managed Approach
Looking at the capabilities requested as part of an SD-WAN and SASE deployment, a co-managed service is the most logical path forward. The set of capabilities requested to end themselves to an offer based on software-defined workflows that tightly integrate the various features. This is made possible via the Services PoP approach described above. How do enterprises expect to implement SASE?Â
With both security and connectivity keys to success, it is not a surprise that over half expect to rely on both the networking and security vendors for the next few years. A lesser percentage plan to leverage only their SD-WAN or their security vendors. As the market becomes more mature, and as SD-WAN vendors further enhance their security offerings, or as security vendors build out their WANs, the market is expected to converge.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!