One of the challenges with any new technology is the dearth of enterprise expertise in bringing solutions based on new technologies together and the lack of standards and best practices that provide guidance.
For zero trust and SASE, that is about to change. MEF, the global industry association of network, cloud, and technology providers, has published the industry’s first Secure Access Service Edge (SASE) standard defining SASE service attributes, a framework and common definitions, and a zero trust framework that together allow organizations to implement dynamic policy-based actions to secure network resources for faster decision-making and implementation for enterprises.
The MEF SASE service standard and zero trust framework have been developed by the industry’s top managed security and service providers to make it easier to bring to market robust, easy-to-understand, easy-to-manage SASE services for the enterprise. The new standards include the following:
MEF’s SASE provides enterprises and providers with common terminology and service attributes to help them when buying, selling, and delivering SASE services. The group says this makes it easier to interface policy with security functions for cloud-based cybersecurity from anywhere. Additionally, MEF’s Zero Trust framework defines service attributes to enable service providers to implement and deliver a broad range of services that comply with zero-trust principles.
Filling an enterprise need
Today, the edge is more than just the demarcation point between on-premises and public connectivity services. The edge extends into each user’s home and to every device (e.g., consumer smart appliances, industrial IoT devices, and more). And as such, securing the edge is harder than ever before. Specifically, the challenge in protecting the enterprise today is that the edge, which must be defended, is nebulous.
This comes at a time when there is a growing concern about cybersecurity. Earlier this year, we released The 2022 State of the Network Management Report, based on a survey of 300 information technology professionals, and not surprisingly, security was the top concern. Eighty-one percent of those surveyed were concerned or very concerned about cyberattacks. And half of the respondents rated network security as one of their most pressing network management priorities for the next 12 to 24 months, making it the top priority.
For most, the path to security modernization requires new thinking. For years, security was added on, as an overlay to networking solutions. But because networks and threats have changed, so too must security evolve as well.
In today’s network-connected devices and work-from-anywhere world, users and devices move between on-premises locations, interconnected branch locations, home offices, and temporary locations during travel. So, enterprises are looking for solutions that integrate networking and security. Many are adopting new technologies that include zero trust, SD-WAN, and SASE. These security approaches shift the focal point of security to the user or device.
SASE service attributes and service framework standard
Why is this needed? According to the July 2022 SASE & SD-WAN 5-Year Forecast Report from Dell’Oro Group, the SASE-related technologies market will exceed $13 billion by 2026. SASE has quickly gained traction due to its work-from-anywhere cloud approach to security and networking.
Enterprises need help evaluating their options when selecting services. That’s where the MEF standard can help. The standard specifies service attributes to be agreed upon between a service provider and a subscriber for SASE services, including security functions, policies, and connectivity services. The standard defines the behaviors of the SASE service that are externally visible to the subscriber irrespective of the implementation of the service. A SASE service based upon the framework defined in the standard enables secure access and secure connectivity of users, devices, or applications to resources for the subscriber. MEF’s SASE standard (MEF 117) includes SASE service attributes and a SASE service framework.
Zero Trust framework for MEF services
The new Zero Trust Framework for MEF Services (MEF 118) defines a framework and requirements of identity, authentication, policy management, and access control processes that are continuously and properly constituted, protected, and free from vulnerabilities when implemented and deployed. This framework also defines service attributes, which are agreed upon between a subscriber and service provider, to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.
“With SASE still at an early stage and generating confusion, I applaud MEF’s standardization efforts. In the near-term, they are contributing vocabulary and aligning conceptual frameworks that are vital to getting the industry to rally behind common, interoperable approaches,” said Mauricio Sanchez, Research Director for Network Security & SASE/SD-WAN research at Dell’Oro Group. “In the long-term, I see the resulting standards help make multi-vendor SASE a reality and accelerate overall adoption.”
“Enterprises are challenged to compare feature sets and solutions when selecting SD-WAN, SSE, and SASE services, including Zero Trust Network Access, which can result in incomplete service offerings that don’t meet needs and expectations. At the same time, service providers want to offer a complete, unified SASE service that includes networking and security under a single pane of glass,” says Pascal Menezes, MEF Chief Technology Officer. “MEF’s new SASE standard and zero trust framework, firsts in the industry, provide clarity and simplify the selection of SASE managed services for enterprises.”
The bottom line is that enterprises can look for MEF-based SASE services knowing that they are based on industry-standard service attributes, frameworks, and common definitions. That allows for easier evaluation and faster decision-making and implementation.
(Also, read the Network Computing series of articles from MEF experts.)