Today’s distributed enterprises face several challenges to deliver connectivity, application performance, and security, including physical corporate locations, end users working from anywhere, and third parties that require business access. The pandemic, IT migration to the cloud, and new and emerging digital transformation workflows have amplified these requirements even more. Additional challenges faced by enterprise IT include:
- Customer education and migration strategies
- Multi-vendor environment
- Trained and certified personnel and lack of test, certification, and other tooling
- Lack of industry standards / common definitions and terminology
SASE: Connectivity and security with cloud-like experiences
The term “Secure Access Service Edge” (SASE) emerged in late 2019. SASE combines network security functions and WAN capabilities (e.g., SD-WAN) to support the dynamic, secure access needs of organizations. These capabilities were meant to address enterprise challenges, while being delivered by a utility-type model based on modern cloud principles. An ever-growing range of users, devices, and applications require access from anywhere to all types of private or public cloud services to conduct business beyond their corporate walls. This serves to create an increasingly complex, expanded attack surface. SASE provides secure access and secure connectivity for a given subscriber’s users, devices, and applications to targeted resources of all types (e.g., clouds) independent of its location. Authorization is determined according to policies set by the subscriber. Inherent in SASE are a plethora of security functions—Zero Trust authentication and authorization, user-centric connectivity, and application performance assurance—all delivered from the nearest edge cloud. The user, device, or application can be anywhere, and security and network functions can be accessed at the nearest SASE edge cloud while delivering low latency, high-availability, and high-performance capabilities.
SSE: An interim step on the path to SASE
More recently, the term Security Service Edge (SSE) was also introduced. SSE decouples the primary security capabilities of SASE from the WAN capabilities (e.g., SD-WAN). It is a subset of SASE focused solely on security services that address the needs of very large enterprises—typically with separate networking and security departments—to decouple networking and cybersecurity in a quest for best-of-breed solutions. However, not all enterprises want this separation of connectivity and security. For example, small and medium businesses (SMBs) often do not have the expertise internally to manage both networking and security and instead depend on managed providers to deliver a comprehensive SASE solution while ensuring the best possible experiences, outcomes, and behaviors. While the end goal is SASE, finding a single vendor or managed provider that can deliver the very best of security and networking has been challenging, hence the creation of SSE.
As discussed, SASE combines connectivity and network security services, one of which is Zero Trust, a fundamental principle used in both SASE and SSE. Zero Trust removes the assumption of trust from users, applications, and devices, evaluating access requests and network traffic behaviors in real time over the length of active sessions while continually and consistently recalibrating access and associated policy actions. SASE makes it easier to enforce Zero Trust and consistently apply role-based, identity-centric controls, and granular policies for data movement across the entire network.
Modernizing the network with standardization
With IT migrating to the cloud, new digital transformation workflows, and support for legacy IT applications, managed services are evolving quickly to frictionless anywhere connectivity and application assurance that is always secure. New technologies like SD-WAN and SASE have modernized networking, but at the same time, the lack of standards has led to market confusion. Standardized SASE services offer common language, service definitions, and policies to help simplify offerings and speed up adoption and time to revenue. Enterprise customers can more quickly and easily evaluate, implement, and manage SASE solutions.
The benefits of standardization for the enterprise include:
- Mainstream adoption with service velocity
- Common language and interoperability
- Predictable and deterministic outcomes
- Opportunities for competitive differentiation from vendors, managed providers, and others
MEF is paving the way to eliminate market confusion and grow markets faster via standardization and professional and service training and certification. With comprehensive SD-WAN standards and with the introduction of the industry’s first standard definition of SASE and Zero Trust services coming soon, MEF is creating a blueprint for modern secure network standardization and full automation capabilities for the enterprise industry to utilize.
Depending on the needs of the customer, both SASE and SSE can deliver benefits to enterprise IT. For enterprises that want an "easy button" with less complexity, SASE, with its cloud-like experience, combined network connectivity (e.g., SD-WAN), and security functions with Zero Trust principles, delivered as a single cloud service, may be the desired path. Other larger enterprises may desire a more complex solution with separate cybersecurity and connectivity services, such as SSE. One thing is certain, as these markets evolve as an efficient way to manage enterprise networking and security designed for distributed workforces and applications, the need to standardize on service and policy definitions will be key to success.
Pascal Menezes is CTO of MEF. Read his other Network Computing articles and view his full bio here.
(Editors note: This is the first in what will be a regular series of articles from the industry experts at MEF.)