Standardising SASE: ‘SD-WAN meets security at the network edge’

The advancement of SD-WAN has been transformative for enterprise networking. From an outsider technology just a few years ago, software-defined networks are gradually reaching a tipping point in the end user world – 22% of enterprise respondents at the WAN Summit in London had already implemented SD-WAN on parts of their network, up from just 3% as recently as 2016.

With the above adoption, the value of corporate networking being based on Software Defined Networks (SDN) has enabled a new concept called SASE. In brief, SASE (secure access service edge) brings network and security functions inside a unified cloud-native service – a ‘thin-branch, thick-cloud’ model that allows improved network performance, security and identity based access control.

“SASE is when SD-WAN meets security at the network edge,” Pascal Menezes, CTO of MEF, told Layer123. “Instead of a thick uCPE appliance located at the customer premises with a lot of VNFs on it, we see a thin uCPE model with minimal footprint and minimal security functions– most of the security functions sit at the service provider edge, which is cloud-native and multi-tenant, and all the virtualized security functions are at the nearest point of entry at the service provider cloud-native network edge.”

A benefit of this for end users is smarter security policies where all applications, even low-risk internet traffic, goes through the SASE cloud.  SASE allows organisations to profile their users based on access levels, job function, position within the company, and either permanent or temporary location, implementing access rules based on identity.

But with both end user adoption and the vendor landscape increasing exponentially, this brings a need for interoperability, standardisation, and a set of clear definitions that service providers can work with and end users can trust. Right now, according to Menezes, most SASE offerings are being driven from vendors looking to get a toehold in the emerging space, selling SASE solutions not just to managed service providers but also to end-user enterprises. “The service providers have been really interested in a SASE standardisation like what MEF did for SD-WAN. It’s what the industry has been saying for a while – we need standards to allow the enterprises to understand what they are getting in SASE services from the various managed offerings emerging.

“By achieving consensus on what a converged networking and security framework and associated SASE services should look like, MEF can empower technology and service providers to focus on providing a core set of common capabilities and then building their own innovative, differentiated offerings beyond those core features,” said Nan Chen, president of MEF.

As with any new technology there is a danger that various different vendors take their own interpretation on what an offering should look like – producing divergence instead of convergence. This is the basis of MEF’s standardisation work within SASE, with the newly-published SASE Service Framework White Paper (July 2020) defining an outline framework for SASE services that could be standardised based on existing MEF work on SD-WAN services and application security – to define key terms, specify policy criteria, and create as much interoperability as possible.

The SASE Service Framework is just one focus area of an upcoming webinar, organised by MEF and Layer123, entitled SD-WAN Security & SASE. The webinar will examine the key building blocks for the convergence of software-defined networking and security, not just for SASE but on the SD-WAN side as well, with individual sessions looking at:

 

  • MEF’s foundational industry standard that defines SD-WAN Service Attributes and Services;
  • MEF’s emerging, well-progressed Application Security for SD-WAN standard that specifies the policy criteria needed to add application security to SD-WAN;
  • A Zero Trust Framework, which aims to ensure that users and applications are properly authenticated before granting them access to network resources
  • The SASE Services Framework discussed above.

The webinar will take place on 26 August – for more information on who is speaking and session abstracts, visit the website here.