Secure Access Service Edge (SASE) has become one of the hottest topics in the industry where SD-WAN meets security delivered in a cloud-centric offering. While Gartner introduced the SASE term in 2019, the general principles behind SASE have been brewing for some time as enterprises have been observing a fundamental shift in how their users access business and workflow systems. The well-defined, static, and finite network edge of the past is being replaced by business users who are working outside of their corporate walls and accessing business information systems that are beyond their corporate data center. This could not be more evident than with the massive growth in the cloud market, with IDC projecting that worldwide spending on public cloud services and infrastructure will double from $229 billion in 2019 to almost $500 billion by 2023. Adding to this trend, businesses worldwide are seeing an inversion of the norm at the network edge, with greater fluidity and mobility driving us toward an infinite network edge as the new norm in terms of both challenges and opportunities.
This leads us to the value of SASE, which ties together SD-WAN, network security, and the Multi-access Edge Computing (MEC) network edge.
SD-WAN The SD-WAN market is one of the fastest growing sectors in the communications industry, projected to generate tens of billions of dollars of revenue during the next five years. The global managed SD-WAN services market is expected to reach nearly $6.4 billion by 2023 (CAGR of 42% during 2018-2023), according to Frost & Sullivan. The US managed SD-WAN services market alone is projected to be $4.5 billion by 2023 (CAGR of 74% during 2018-2023), according to Vertical Systems Group. The main drivers of this market growth are enterprises seeking (1) better support for SaaS applications, multi-clouds, and hybrid clouds (2) easier management of WAN connectivity to improve application performance, and (3) a better end-user experience delivered via a software-defined paradigm of centralized application policies with visibility and control.
Network Security Security is top of mind for many CEOs, CISOs and CIOs. Cybercrime represents the fastest-growing type of crime in the United States and the world. A report by Bromium and McGuire estimates that cybercrime created more than $1.5 trillion in revenue for criminals in the year 2018 alone. According to Fortune Business Insights, the global network security market is projected to reach $54 billion by the end of 2027. It is only natural that integrating managed security with managed SD-WAN services is the likely evolution of the SD-WAN market, with many vendors already leading the way.
MEC Network Edge Commercialization of autonomous self-driving vehicles, AI-assisted video analytics, AR/VR, etc. are driving the need to deploy lower-latency MEC in many service provider Points of Presence (PoPs) and Central Offices (COs), cable operator head ends, and hyperscale cloud provider co-lo sites worldwide. With the emergence of MEC well underway, we see a growing trend of service providers shifting to cloud-centric networking, with the service edge connecting end user sites to public/private clouds, the Internet, and other sites. This delivers incredible value as the MEC edge becomes a collection of many MEC edges that form a geographical SASE cloud in which the nearest, lowest latency MEC is chosen as the gateway to many destinations, regardless of where user traffic needs to flow.
The SASE figure below illustrates how all three of these pillars come together. First, users, devices, and applications get access to anywhere in the SASE cloud via identity and access control. User traffic flows are segmented with all kinds of access control rules depending on the user’s identity and context in combination with the access control policy enforced by the SASE cloud. Second, SD-WAN is the access on-ramp to the SASE cloud with a thin CPE model that runs the bare minimum functionality at the edge. The SD-WAN edge on-ramp can be in the way of software on the user’s device or an inexpensive, small form factor appliance designed for the home office. Finally, most security functions run in the SASE MEC network edge, where the security functions are built using cloud native principles, including microservices, multitenancy, and containers enabling Cloud Native Functions (CNFs).
SASE Model – SD-WAN, Network Security & MEC Network Edge
A very good low latency example of SASE is at the MEC network/building edge, where all traffic – including Internet traffic – must first traverse the SASE cloud to ensure that the traffic is processed for security vulnerabilities and access policy rules. To ensure the best customer experience, delays to the clouds can be mitigated to a few milliseconds by placing the user’s traffic flow to the nearest SASE MEC edge within a metro, where various kinds of cloud digital services can reside, instead of within a larger regional area where very high latency could occur.
Today, most SD-WAN and security vendors deliver a SASE service to customers where vendors themselves provide a managed offering in many co-lo data centers worldwide using their own technologies and solutions. So, if an enterprise today is doing a DIY (Do It Yourself) deployment of SD-WAN, it is most likely that their SD-WAN vendor is also offering a SASE service that can enable them to seamlessly migrate to SASE. Alternatively, if an enterprise is using a managed SD-WAN service offering, most service providers and MSPs already are evolving towards a SASE delivery model that integrates SD-WAN, security, and the MEC edge together in a much more comprehensive multivendor service offering.
One of the biggest challenges for SASE is the lack of standardization, which can cause a lot of market confusion for an enterprise buying a SASE service. This was seen in the early days of SD-WAN, when concepts, labels, vocabulary, use cases, etc. all lacked a common language that leveled the playing field so that apples-to-apples comparisons could be made by buyers of a managed SD-WAN service.
MEF emerged as the world’s leading industry organization defining SD-WAN services, and we are now heavily shaping the direction and growth of the SD-WAN market through standardization and certification of services, technologies, and professionals.
MEF is now planning to also standardize SASE, with a framework and service definition, by expanding upon all of our SD-WAN work over the past few years. During the MEF Annual Members Meeting at the end of July, we formally launched our SASE Services Framework (MEF W117) project, which introduces the concept of a SASE Service that connects users with their applications in the cloud while providing connectivity performance and security assurance determined by policies set by the user.
Some of MEF’s current related SD-WAN, security, and automation initiatives are listed below:
SD-WAN Service Attributes & Service Framework (MEF 70 and MEF W70.1)
Application Security for SD-WAN Services (MEF W88)
Zero Trust Framework and Service Attributes (MEF W118) - new
Universal SD-WAN Edge (MEF W119) - new
Performance Monitoring and Service Readiness Testing for SD-WAN Services (MEF W105)
MEF Services Model - Information Model for SD-WAN Services (MEF 82)
Orchestrating SD-WAN services (MEF W100)
Business language for specifying SD-WAN services and policies (Intent)
SD-WAN Certification Test Requirements for services and technologies (MEF 90)
SD-WAN Certified Professionals (MEF-SDCP)
MEF has just published a new SASE Services Framework white paper that describes how MEF proposes to bring together the existing MEF work in software defined networking, security, and policies in order to advance standardization of a SASE framework and services. The SASE Services framework proposed in the paper is depicted below. This SASE Services framework also supports the very important MEC use case discussed in this article where service provider PoPs, COs, and cable head ends are used to implement what is depicted as (4) SASE Service Provider Edge.
SASE Services Framework
MEF’s new SASE Services work is an important opportunity for SASE solution providers, telecom and MSO service providers, SD-WAN vendors, security vendors, hyperscale cloud providers, and many others to come together to drive this standardization of abstracted services and their support for many use cases, including that of MEC, and accelerate the market adoption of SASE.
August 03, 2020
CenturyLink's Pugaczewski Herds MEF 82 Standard to Finish Line
In June 2020, MEF announced that eight leading service providers were on track to be production-ready in 2Q 2020 for deploying MEF 3.0 LSO Sonata APIs to automate ordering of MEF 3.0 Carrier Ethernet Access E-Line services. Their collective efforts represent a major leap forward in accelerating industry transformation to dynamic, assured, and certified services across a global federation of automated networks.
MEF plans a series of Q&A interviews with service providers who have implemented or are in the process of implementing LSO Sonata APIs. In the first of this series, we sat down with Frederick Chui, Chief Commercial Officer, and Divesh Gupta, VP Technology and Sales Operations, PCCW Global, to discuss their experience and expectations going forward.
What LSO Sonata APIs has PCCW Global implemented and why?
FC: We at PCCW Global are very pleased to be one of the first few service providers to have production-ready LSO Sonata APIs for serviceability, quoting, and ordering of Ethernet services. These APIs are proving to be very useful when it comes to dealing with high volume transactional elements of the telecoms business.
LSO Sonata APIs are vital in an inter-carrier, automated services environment where our customers are expecting to order and consume network services in real-time and on-demand, such as that offered by Console Connect. We foresee that wider adoption of these standardized Sonata APIs would help the ICT community as a whole and pave the path to common information modeling and automated commercial settlements among them.
Can you elaborate on how LSO Sonata APIs fit with your on-demand strategy?
DG: Our digital transformation journey started back in 2017 with our acquisition of Console Connect. Since that time, we have transformed a lot of our services to make them fully on-demand and available through the Console Connect portal, with a focus on software-defined interconnection of data centers, partners, and clouds.
We became interested in LSO Sonata APIs from both a buy and sell perspective – to extend the reach of our on-demand services beyond our own network footprint by leveraging the automated networks of LSO Sonata-enabled partners and also helping our wholesale customers extend their service reach to locations on our network.
What can your customers buy today using LSO Sonata APIs?
DG: We now offer the ability for customers to order Access E-Line services in Hong Kong using LSO Sonata APIs, without ever touching our portal.
What are the biggest drivers for LSO Sonata API adoption?
DG: Internally, the biggest benefit is the operational efficiency achieved by cutting down on a lot of manual work like fetching quotes and turning them around, which can all be automated using these APIs. Our API strategy also helps us break down silos between different departments, unlock data, gain more visibility across the organization, and be more agile.
Externally, the most important factor is to generate new revenue through improved customer experience. We’re looking at improving time-to-market and getting more revenue more quickly. I’ve seen that the portfolio activity actually picks up when you can replace a manual process with an automated one. I’m seeing a significant increase in the amount of requests coming in, and we’re targeting to convert them into orders.
How do you see LSO Sonata APIs impacting the industry as a whole?
DG: I think one good aspect about everyone using very similar data models and standard APIs is to create a marketplace where you can have multiple partner relations on both the buy and sell sides. Realizing the vision of having potentially hundreds of service providers coming in, providing services, and doing settlements in an automated fashion would only be possible if we have standards-based APIs. That’s why we are transitioning away from our own proprietary APIs.
What comes next?
DG: I think it will be a real game-changer when LSO Sonata APIs are adopted to a substantial degree across the service provider community.
In the short term, the benefits to the customers include faster turnaround of quotes, online placement of orders, and faster service delivery.
But if we extend that – if we have LSO Sonata-enabled automation across the full lifecycle, combined with automated settlements enabled by distributed ledger technology (DLT) – then we can have fully on-demand services across multiple providers. So, I think that’s where we are headed with this.
We’re very happy to work with other carriers across the globe to create awareness and spur rapid adoption of these APIs.
July 14, 2020
Analyst Perspective: AT&T Uses Cisco Secure SD-WAN Technology To Fulfill Growing Digital Workforce Demands But Now Must Get SASE