How does SASE Impact Managed Service Offerings?
By Lee Doyle | FierceTelecom
The large market for managed network and security services is highly competitive and rapidly evolving. Network and security technologies are converging and moving to a cloud-based model. This convergence, which is called Secure Access Service Edge – or SASE – will have a significant impact on associated managed service offerings and the managed service providers (MSPs) themselves over the next five years.
MSPs and communication service providers (CSPs) will need to revamp their organizational structure to deliver integrated networking and security services. They should take advantage of the rapid innovation available from technology partners both large and small. MSPs will also need to deliver hybrid (premise and cloud solutions) to meet a wide variety of customer requirements. They will need to decide which supplier, or suppliers, are best positioned to provide the SASE architecture, and how much internal development they should invest to differentiate their offerings.
Defining the SASE Architecture
SASE is an architecture for the convergence of networking and security at the network edge such as branch and remote offices. The driving forces behind SASE are:
- Rapid increases in IaaS (infrastructure-as-a-service) and SaaS (software-as-a-service) usage have changed network traffic patterns to direct Internet access, which requires a fundamental change in how network and security intelligence is delivered.
- Advances in software and cloud intelligence have enabled integrated network and security solutions, such as SD-Branch, which enable application prioritization, cloud acceleration, and centralized management
- Organizations with critical IoT applications require low-latency network/security intelligence to be delivered in a cloud-based model.
SASE combines premise and cloud-based services to deliver a broad range of network/security functionality, including SD-WAN, SD-Branch, firewall, software-defined perimeter (SDP), zero trust, and data loss protection.
SASE as a Managed Service
Distributed organizations have long benefited from outsourcing networks such as WAN, and security services to MSPs and CSPs. The developing SASE architecture provides new options for service providers (SPs) to enhance their managed services with more comprehensive, integrated offers. Most customers will require a combination of on-premise and cloud-based intelligence to meet their network and security requirements. Delivery options for SPs include SD-Branch and virtual customer premises equipment (vCPE.)
SD-Branch, which combines LAN, Wi-Fi, SD-WAN, routing, and security functionality in an integrated solution, is a prime example of a SASE architecture. Vendors continue to enhance their SD-Branch solutions by improving integration between technology elements and offering end-to-end quality of service, security policies, and unified management.
SD-Branch-as-a-service offerings are in a nascent stage of development and delivery. Many SD-Branch suppliers offer solutions that are strong in one or two areas – LAN/Wi-Fi, SD-WAN, or network security – but are weak in others.
CSPs are deploying virtual customer premise equipment (vCPE) on x86 servers to provide flexible delivery of network and security services including SD-WAN, routing, VPN, and firewall functionality. The advantage of vCPE is its ability to provide flexible hardware at the customer location combined with cloud-based intelligence that can power a range of SASE functionality. CSPs can easily deploy new business services via software updates without changing the physical platform at customer locations.
vCPE is generally associated with a best-in-breed or multi-vendor supplier strategy to deliver managed services. SPs are challenged to integrate the management offerings from the various suppliers. Most SPs find vCPE solutions expensive to deploy and challenging to manage.
Technology Supplier Options
SPs planning to deliver SASE as a managed service will be able to select from dozens of network and security supplier offerings. Large IT suppliers, such as Cisco, HPE Aruba, and VMware, are developing SASE architectures through a combination of acquisitions and integration of their portfolios of network and security technologies. Network security suppliers are expanding their offerings to include SD-WAN and SD-Branch solutions.
The convergence of network and security with cloud-based intelligence is impacting the architectural options for MSPs to deliver managed networking and security services. Current SASE solutions are immature and have limitations (such as weak functionality or poor integration) across the range of technologies required for the complete SASE architecture. Over the next five years, the depth and breadth of SASE functionality will significantly improve.
The complexity and diversity of organizational requirements for network and security at the edge challenge any single supplier to deliver on the complete SASE vision so technology supplier selection will be critical for MSPs. MSPs will need to invest in education and training for their technical staff and to gain experience to deliver converged edge solutions as a service.