Pascal Menezes, CTO, MEF - Why SASE is Such a Hot Area of Interest
Secure Access Service Edge (SASE) has become one of the hottest topics in the industry where SD-WAN meets security delivered in a cloud-centric offering. While Gartner introduced the SASE term in 2019, the general principles behind SASE have been brewing for some time as enterprises have been observing a fundamental shift in how their users access business and workflow systems. The well-defined, static, and finite network edge of the past is being replaced by business users who are working outside of their corporate walls and accessing business information systems that are beyond their corporate data center. This could not be more evident than with the massive growth in the cloud market, with IDC projecting that worldwide spending on public cloud services and infrastructure will double from $229 billion in 2019 to almost $500 billion by 2023. Adding to this trend, businesses worldwide are seeing an inversion of the norm at the network edge, with greater fluidity and mobility driving us toward an infinite network edge as the new norm in terms of both challenges and opportunities.
This leads us to the value of SASE, which ties together SD-WAN, network security, and the Multi-access Edge Computing (MEC) network edge.
The SD-WAN market is one of the fastest growing sectors in the communications industry, projected to generate tens of billions of dollars of revenue during the next five years. The global managed SD-WAN services market is expected to reach nearly $6.4 billion by 2023 (CAGR of 42% during 2018-2023), according to Frost & Sullivan. The US managed SD-WAN services market alone is projected to be $4.5 billion by 2023 (CAGR of 74% during 2018-2023), according to Vertical Systems Group. The main drivers of this market growth are enterprises seeking (1) better support for SaaS applications, multi-clouds, and hybrid clouds (2) easier management of WAN connectivity to improve application performance, and (3) a better end-user experience delivered via a software-defined paradigm of centralized application policies with visibility and control.
Security is top of mind for many CEOs, CISOs and CIOs. Cybercrime represents the fastest-growing type of crime in the United States and the world. A report by Bromium and McGuire estimates that cybercrime created more than $1.5 trillion in revenue for criminals in the year 2018 alone. According to Fortune Business Insights, the global network security market is projected to reach $54 billion by the end of 2027. It is only natural that integrating managed security with managed SD-WAN services is the likely evolution of the SD-WAN market, with many vendors already leading the way.
MEC Network Edge
Commercialization of autonomous self-driving vehicles, AI-assisted video analytics, AR/VR, etc. are driving the need to deploy lower-latency MEC in many service provider Points of Presence (PoPs) and Central Offices (COs), cable operator head ends, and hyperscale cloud provider co-lo sites worldwide. With the emergence of MEC well underway, we see a growing trend of service providers shifting to cloud-centric networking, with the service edge connecting end user sites to public/private clouds, the Internet, and other sites. This delivers incredible value as the MEC edge becomes a collection of many MEC edges that form a geographical SASE cloud in which the nearest, lowest latency MEC is chosen as the gateway to many destinations, regardless of where user traffic needs to flow.
The SASE figure below illustrates how all three of these pillars come together. First, users, devices, and applications get access to anywhere in the SASE cloud via identity and access control. User traffic flows are segmented with all kinds of access control rules depending on the user’s identity and context in combination with the access control policy enforced by the SASE cloud. Second, SD-WAN is the access on-ramp to the SASE cloud with a thin CPE model that runs the bare minimum functionality at the edge. The SD-WAN edge on-ramp can be in the way of software on the user’s device or an inexpensive, small form factor appliance designed for the home office. Finally, most security functions run in the SASE MEC network edge, where the security functions are built using cloud native principles, including microservices, multitenancy, and containers enabling Cloud Native Functions (CNFs).
SASE Model – SD-WAN, Network Security & MEC Network Edge
A very good low latency example of SASE is at the MEC network/building edge, where all traffic – including Internet traffic – must first traverse the SASE cloud to ensure that the traffic is processed for security vulnerabilities and access policy rules. To ensure the best customer experience, delays to the clouds can be mitigated to a few milliseconds by placing the user’s traffic flow to the nearest SASE MEC edge within a metro, where various kinds of cloud digital services can reside, instead of within a larger regional area where very high latency could occur.
Today, most SD-WAN and security vendors deliver a SASE service to customers where vendors themselves provide a managed offering in many co-lo data centers worldwide using their own technologies and solutions. So, if an enterprise today is doing a DIY (Do It Yourself) deployment of SD-WAN, it is most likely that their SD-WAN vendor is also offering a SASE service that can enable them to seamlessly migrate to SASE. Alternatively, if an enterprise is using a managed SD-WAN service offering, most service providers and MSPs already are evolving towards a SASE delivery model that integrates SD-WAN, security, and the MEC edge together in a much more comprehensive multivendor service offering.
One of the biggest challenges for SASE is the lack of standardization, which can cause a lot of market confusion for an enterprise buying a SASE service. This was seen in the early days of SD-WAN, when concepts, labels, vocabulary, use cases, etc. all lacked a common language that leveled the playing field so that apples-to-apples comparisons could be made by buyers of a managed SD-WAN service.
MEF emerged as the world’s leading industry organization defining SD-WAN services, and we are now heavily shaping the direction and growth of the SD-WAN market through standardization and certification of services, technologies, and professionals.
MEF is now planning to also standardize SASE, with a framework and service definition, by expanding upon all of our SD-WAN work over the past few years. During the MEF Annual Members Meeting at the end of July, we formally launched our SASE Services Framework (MEF W117) project, which introduces the concept of a SASE Service that connects users with their applications in the cloud while providing connectivity performance and security assurance determined by policies set by the user.
Some of MEF’s current related SD-WAN, security, and automation initiatives are listed below:
- SD-WAN Service Attributes & Service Framework (MEF 70 and MEF W70.1)
- Application Security for SD-WAN Services (MEF W88)
- Zero Trust Framework and Service Attributes (MEF W118) - new
- Universal SD-WAN Edge (MEF W119) - new
- Performance Monitoring and Service Readiness Testing for SD-WAN Services (MEF W105)
MEF has just published a new SASE Services Framework white paper that describes how MEF proposes to bring together the existing MEF work in software defined networking, security, and policies in order to advance standardization of a SASE framework and services. The SASE Services framework proposed in the paper is depicted below. This SASE Services framework also supports the very important MEC use case discussed in this article where service provider PoPs, COs, and cable head ends are used to implement what is depicted as (4) SASE Service Provider Edge.
SASE Services Framework
MEF’s new SASE Services work is an important opportunity for SASE solution providers, telecom and MSO service providers, SD-WAN vendors, security vendors, hyperscale cloud providers, and many others to come together to drive this standardization of abstracted services and their support for many use cases, including that of MEC, and accelerate the market adoption of SASE.