SASE as a Service: The role of managed services in the world of network security convergence

May 26, 2021 | Skyler King

The next iteration in the history of technology convergence emerged with Gartner’s Secure Access Service Edge (SASE). Networking and security vendors have been integrating capabilities for decades, and market adoption of these integrations has only accelerated due to innovations such as virtualization and cloud computing. From a networking perspective, routing of traffic extends far beyond IP and MAC addresses to now include application steering and transport-agnostic overlay networks. From a security perspective, the next-generation firewall brought together a full stack solution capable of inspecting packets, URLs, and macro address information with unified threat management (UTM).

 SASE brings together these two areas in a manner which revolutionizes the way IT, network, and security organizations will manage their respective domains as well as interoperate cross-functionally. With revolution comes disruption to standard operating procedures; and, that disruption can bring confusion, complexity, and cost in the near term to achieve long-term savings and scalability. That said, transformation does not have to occur in a vacuum. Bringing in an expert, such as a managed services provider (MSP) to assist with the adoption and transition to SASE, can help achieve organizational success throughout the convergence of networking and security solutions.

Historical precedent

This makes sense when you think about the role MSPs have played throughout the internet era. Early networks were a foreign concept that some even considered a fad, and those disruptive enough to embrace them at the time were faced with complex management of costly systems. Dedicated teams were stood up to manage mainframes that became the first IT organizations. Eventually as these teams became more skilled, businesses emerged loaded with these experts with the acumen to help other organizations build out their own networks. By doing this, these early MSPs sped up the adoption of networking technologies by flattening the learning curve required to turn up a solution and scale their acumen to others as they completed builds for new companies.

Noticeably absent (in hindsight) from these early networks was security, which was not even a consideration based on the initial framework of the ARPANET. Network security first started to take shape in 1988 after a student at Cornell University launched the first computer worm to access other connected devices. This resulted in the establishment of the Computer Emergency Response Team (CERT) at Carnegie Mellon University, the world’s first security operation center (SOC), to prevent these sorts of attacks from occurring in the future.

As networking technologies evolved over time—along with the need to secure them—the MSPs managing legacy equipment adapted to these evolutions quickly, and helped organizations transform their infrastructures as well. In parallel, the role of the SOC expanded and network security technologies such as the firewall, intrusion detection system, and web application firewall emerged to help combat these threats. Managed security services providers (MSSPs) were spun up to manage these technologies as well as enable them to help protect other businesses. By taking on these evolving technologies, the onus for quickly understanding the evolution fell to network and security MSPs rather than on the organizations they served.

The migration to SASE follows this precedent. Managed network and security providers have adept background in their respective domains and the ability to rapidly understand how technologies and architecture must evolve as the areas converge. Moreover, MSPs also have foresight into where the technology is headed. Further innovations such as 5G, IoT, and quantum computing bring additional variability and challenges to both networking and security. MSPs with an understanding of these innovations can account for them in SASE deployments, resulting in future-ready solutions for the organizations they support.

Delivery & management of SASE components

 As mentioned in the previous section, MSPs have existing network and security operations centers and manage network and security solutions today. With these embedded resources, MSPs can deliver and manage the full SASE technology stack, whether utilizing a single vendor for the full solution or point products from multiple vendors. Network and security policies are like their own language, and each vendor has their own syntax and structure with which organizational stakeholders are familiar. Robust MSPs have subject matter experts across the wider SASE vendor landscape to assist organizations with their policies no matter who they use for the SASE components.

components of SASE

The challenges presented by SASE for MSPs exist primarily in aligning the network and security teams to manage the converged solutions. This is more of a people and process issue rather than a technical acumen issue. Meaning, an astute MSP will be able to align their work centers to resolve a holistic ‘SASE as a Service’ offering to their customers. This structure resolves an expedient and effective path to convergence when compared to the disparate vendor technologies that must be integrated for seamless compatibility and boast a ‘single pane of glass’ for management.

And, regarding ‘single pane of glass’ management plane, MSPs can help support this common customer requirement while vendors integrate their internal technologies into a single solution. First, MSPs mitigate the need for most visibility depending on the level of service that they are providing. If an MSP is managing all aspects of the service and providing reports to the end customer, the end customer might not even need access to the disparate portals of the underlying SASE components. This use case is especially applicable to those customers using multiple vendors to resolve all the SASE components since the vendor integration will likely never go beyond API integration between the portals, rendering ‘single pane of glass’ almost certainly unattainable. Secondly, MSPs often invest in their own overlay portals where customers can access their information for billing, ticketing, etc. that offsets the need for a vendor-based management plane. While this overlay does not have significant added functionality, it provides a singular interface for customers to then access the components of the service and get assistance from the MSP.

Customers might be wary of MSPs due to a lack of control. Customers have developed an increased desire for co-management and want direct access to their policies without the need for opening a ticket or having the provider implement the change on their behalf. The rationale is sound from a customer perspective (“They’re my policies, and I should be able to change it whenever and however I want to!”). Flexible management models such as customer policy management allow for direct access to policies on the infrastructure while MSPs deliver and maintain that solution infrastructure which can be achieved either by limited read-write access to the portal(s) for the solution or API connectivity to the MSP portal for self-service change capabilities.

Like all networking and security technology solutions, SASE is a journey that is just beginning. MSPs have been an integral part of the evolution of technology throughout history and are best equipped to help organizations seamlessly migrate to SASE by serving as a trusted advisor in the transformation both through cross-functional delivery and management as well as converged visibility.  

Skyler King

About the Author: Skyler King

Skyler W. King, CISSP has served as a Lead Product Marketing Manager within AT&T Cybersecurity since 2019. In this role, he operated as a subject matter expert for AT&T'S secure access service edge (SASE) market strategy and solutioning approach; including vendor analysis selection, product roadmap and forecasting, collateral development, and seller education. Skyler has also been responsible for cybersecurity product activities associated with AT&T Secure Web Gateway with Palo Alto Networks, AT&T Secure Remote Access with Palo Alto Networks, and AT&T SD-WAN with Cisco. Prior to his role in cybersecurity product management, Skyler was a member of AT&T's Technology Development Program.

Read more posts from Skyler King ›

‹ BACK TO ALL BLOGS

Get price Free trial