Feature

Developing a SASE offering

How should MSPs develop a SASE offering? Nav Chander, senior director at Silver Peak, shares his roadmap.

One of the hottest emerging topics in networking is the emerging secure access service edge (SASE) model, an architectural framework conceived by Gartner that details a roadmap towards transforming legacy WAN and security technologies toward a cloud-managed edge.

SASE combines WAN edge capabilities with cloud-delivered security functions to support both the optimisation and secure access needs of today’s digital enterprises. SASE security functionality is typically a balance between on premises and as-a-service and is based upon the identity of the entity, real time context and security or compliance policies.

Given the emergence of SASE technology, managed service providers (MSPs) are poised to formalise and deliver an expanded set of managed services that can support both network and security enterprise transportation. This is easier said than done, and there are a number of criteria that have to be met to ensure delivery of a high-quality SASE service.

Foundations

Some MSPs will already have a distinct advantage in becoming leading providers and integrators of networking and security. This will rely on having dedicated technical expertise and resources in both areas to design, build and implement either a turnkey managed security service or a managed networking service.

In essence, top MSP service delivery models already align well with the bespoke nature of well-integrated SASE. Dynamic and forward thinking MSPs will look to open up a world where managed services are defined, refined, and deployed on demand, allowing cost-efficiencies, scalability, and simplicity.

Many MSPs will likely need to revamp their existing siloed organisational structures to be able to deliver integrated managed networking and security services to enterprise customers, which are, after all, the fundamentals of SASE.

To provide a top SASE offering, ambitious MSPs must partner with their networking and security technology vendors to provide open APIs, automation, provisioning/deployment integrations and service chaining. This collaboration and resulting integration are the foundation of the path towards SASE.

Advanced SD-WAN

To realise the promise of a SASE architecture, traditional networks and even basic software-defined (SD-WAN) solutions with limited edge capabilities simply will not be able to deliver. After all, when engaging in cloud-first transformation – such as SASE – enterprises expect predictable application performance and a high quality user experience.

MSPs looking to offer a high-level, optimised SASE solution must integrate an SD-WAN partner with some essential capabilities that are indicative of an advanced networking platform. First, the SD-WAN must provide first-packet application identification and classification to enable granular, automated traffic steering. This allows application traffic to be steered through proximity-based cloud-delivered security services, while also minimising latency, enabling direct and secure connectivity from branch and remote sites.

An advanced SD-WAN must also provide automated, daily application definition and TCP/IP address table updates to all sites across your network along with automated orchestration with cloud-delivered security services from best-of-breed cloud security vendors.

The SD-WAN offering should also provide the freedom of choice to avoid vendor lock-in, enabling organisations to adopt new security innovations as their requirements change.

Adaptability

MSPs will need to adapt and deliver hybrid cloud solutions to meet a wide variety of enterprise use cases on the path toward SASE, necessitating partnerships and integrations with the major public cloud providers. This being the case, MSPs must decide which technology vendor partners are best positioned to deliver the solutions to support a SASE architecture. This includes assessing the internal development and system integration investment required to launch new SASE managed edge services.

There are also some common pitfalls in delivering SASE. For instance, some vendors market and offer an “all-in-one” SASE solution promising seamless integration, simplicity, and the benefit of having a “one-throat-to-choke” business model. While this may sound enticing on the surface, it routinely results in vendor lock-in and compromises. This can lead to either compromising the advanced networking or security functionality to fully optimise SASE architecture, or potentially exposing the MSP and enterprises to new threats that require rapid intervention.

SASE lies at the heart of both networking and security digital transformation. Forward-thinking MSPs are well positioned to seize this opportunity, but to do so will rely upon dynamic footing and a calculating selection of networking partners.