Diving into Secure Access Service Edge E-Book

Diving into Secure Access Service Edge

A technical leadership guide to achieving success with SASE at market speed

Jeremiah Ginn

BIRMINGHAM—MUMBAI

Diving into Secure Access Service Edge

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Associate Group Product Manager: Mohd Riyan Khan

Publishing Product Manager: Shrilekha Malpani

Senior Editor: Shazeen Iqbal

Senior Content Development Editor: Adrija Mitra

Technical Editor: Nithik Cheruvakodan

Copy Editor: Safis Editing

Book Project Manager: Neil D’mello

Proofreader: Safis Editing

Indexer: Subalakshmi Govindhan

Production Designer: Alishon Mendonca

Marketing Coordinator: Ankita Bhonsle

First published: November 2022

Production reference: 1141022

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

978-1-80324-217-0

www.packt.com

To my mother, Rachel Ginn, who taught me that every problem can be solved with hard work, kindness, and a genuine relationship with Jesus Christ.

– Jeremiah Ginn

Foreword

I had the privilege of meeting and working closely with Jeremiah Ginn in the successful deployment of a large SD-WAN solution for a top-tier AT&T customer. His forward-looking and thinking are unparalleled in this industry, and his leadership in the development process was exactly what we required to get this huge success. Jeremiah spends his time investing heavily in people both within the workplace and with his passions outside of the work environment.

Secure Access Service Edge (SASE) is one of the most widely used acronyms in the digital realm of all businesses and industries today. CEOs desire to understand it, CTOs desire to implement it, and security and network executives are working to deploy it. At the same time, engineering management and staff are actively creating lab scenarios and preparing for the upcoming shift they see coming at them. This book is directed at both those looking to be involved in SASE and those already heading down the path of SASE deployment.

Jeremiah is one of the leading and likely the most pervasive voices in the definition, design, and success of SASE. In this book, Jeremiah reveals the detailed success criteria necessary to meet the new level of challenges SASE creates, including the substantial executive support required and the paradigm shift in the training, implementation, maintenance, and support.

David H. Brown

Principal Architect at AT&T

Contributors

About the author

Jeremiah Ginn is a husband, father, teacher, engineer, architect, author, Cybersecurity Evangelist, children's advocate, advocate of Military Veterans and their families, and Service-Disabled Veteran who proudly served in the US Army. He currently has 11 children 3 biological, 6 adopted, and 2 in guardianship. Leading SDN evangelism efforts across many global organizations, his recent experience is in SD-WAN, SASE, NFV, multi-tenant cloud edge compute, and network infrastructure architecture, helping more than 3,000 organizations over the past 25 years. He contributes to the development of SDN, SD-WAN, and SASE solutions at AT&T. He is an IEEE member and contributes to The MEF Forum's W117 SASE Service Attributes and Service Framework.

Thank you to everyone that invested in me and my career. You know who you are! Thank you Meredith Ginn for the privilege of your hand in marriage for almost three decades. In five more decades, we should know enough about marriage to make an educated decision, but until then, I am happy to hold your hand. I love all of my children, regardless of how they came into my life, and regardless of what document signifies our relationship.

This is a technical book, a life book, an education book, a perspective book, and a lessons learned book. Thank you to David Brown, my technical reviewer and friend. Without David, this book could not have offered long-term value to those of us who learned engineering the old way.

Thank you to my team at Packt, who have worked incredibly hard to get this book to you. They probably all still have concerns about my approach to teaching as I am sure you will, but I hope this book helps you, your team, and your organization achieve the success that you truly deserve! Thank you for investing your personal time into reading this book as I wrote it to invest in you, the reader. May you be a perpetual learner and invest in other humans.

About the reviewer

David H. Brown is a Principal Architect at AT&T with decades of experience developing, managing, deploying, consulting and selling leading edge technologies to private and public companies. His professional experience as a trusted advisor has focused on enterprise solutions, deployment of information systems, and technology integration solutions for enterprise and government.

Previous to AT&T, David was a Principal Architect for VeriSign and has many years of experience working for small and large corporations and government organizations in full-time and consulting roles.

David holds multiple certifications, including CCIE #6231, CISSP #28504, GSEC #42081, and GCED #2487, and he also earned a master’s degree (MBA) from McColl School at Queens University of Charlotte and a bachelor’s degree in Computer Science from Le Moyne College.

David is a husband, father, and grandfather based in Charlotte, NC. Soli Deo Gloria.

I would like to heartily thank Jeremiah, the author of this book, for trusting me to review his work, and also my wife, Amy, for supporting me throughout my career to be in a position where my input matters.

Table of Contents

Preface

Part 1 – SASE Market Perspective

1

SASE Introduction

Define SASE

Market SASE

Value SASE

Embrace SASE

Present SASE

Summary

2

SASE Human

Human Issue

Human Problem

Human Behavior

Human Solution

Human Patterns

Summary

3

SASE Managed

SASE Self

SASE Co-managed

SASE Managed

SASE Operational

SASE Success

Summary

4

SASE Orchestration

SASE Manual

SASE Template

SASE Integrate

SASE Orchestrate

SASE Automate

Summary

5

SASE SD-WAN

SD-What

SD-Why

SD-How

SD-When

SD-SASE

Summary

Part 2 – SASE Technical Perspective

6

SASE Detail

Service Definition

Service Components

Service Roles

Service Requirements

Service Flight

Summary

7

SASE Session

SASE Session

SASE UNI

SASE Actors

SASE Flow

SASE Lifecycle

Summary

8

SASE Policy

SASE Policy

SASE Quality

SASE Dynamic

SASE Trust

SASE Effective

Summary

9

SASE Identity

Access Identity

Dimensional Identity

Context Identity

Situation Identity

Integrate Identity

Summary

10

SASE Security

Secure Overview

Secure Details

Secure Session

Secure Automation

Secure Summary

Summary

11

SASE Services

Services Overview

Services Core

Service Options

Services Expanse

Services Explain

Summary

12

SASE Management

Management Overview

Management Systems

Management Templates

Management Automation

Management Simplified

Summary

Part 3 – SASE Success Perspective

13

SASE Stakeholders

Stakeholders Overview

Stakeholders Business

Stakeholders Technical

Stakeholder Users

Stakeholder Success

Summary

14

SASE Case

Case Overview

Case Insight

Case Examples

Case Design

Case Value

Summary

15

SASE Design

Design Overview

Design Theory

Design Function

Design Support

Design Communication

Summary

16

SASE Trust

Zero Overview

Zero Framework

Zero Feed

Zero Trust

Zero Explained

Summary

Part 4 – SASE Bonus Perspective

17

SASE Learn

Learn Overview

Learn Model

Learn Perpetual

Learn Timing

Learn Explain

Summary

18

SASE DevOps

DevOps Overview

DevOps Fervor

DevOps Continuous

DevOps Act

DevOps Impact

Summary

19

SASE Forward

Forward Overview

Forward Present

Forward Future

Forward Measured

Forward Concept

Summary

20

SASE Bonus

SD-WAN Overview

SD-WAN Design

SD-WAN Failure

SD-WAN Experience

SD-WAN Practice

Summary

SASE Conclusion

Appendix SASE Terms

Index

Other Books You May Enjoy

Preface

The SASE concept was coined by Gartner after seeing a pattern emerge in cloud and SD-WAN projects where full security integration was needed. The market behavior lately has sparked something like a "space race" for all technology manufacturers and cloud service providers to offer a "SASE" solution. The current training available in the market is minimal and manufacturer-oriented, with new services being released every few weeks. Professional architects and engineers trying to implement SASE need to take a manufacturer-neutral approach..

This guide provides a foundation for understanding SASE, but it also has a lasting impact because it not only addresses the problems that existed at the time of publication, but also provides a continual learning approach to successfully lead in a market that evolves every few weeks. Technology teams need a tool that provides a model to keep up with new information as it becomes available and stay ahead of market hype.

With this book, you’ll learn about crucial models for SASE success in designing, building, deploying, and supporting operations to ensure the most positive User Experience (UX). In addition to SASE, you’ll gain insight into SD-WAN design, DevOps, zero trust, and next-generation technical education methods.

Who this book is for

This book has been written for technology and security leaders, specifically CTOs, CSOs, CISOs, and CIOs who are looking for an executive approach to SASE for their organization. This book will help anyone implementing SD-WAN, SASE, and SASE services for cloud, network, and security infrastructure. It has been written with a market-central, vendor-agnostic approach beyond Gartner’s ideas of SASE. SASE services are the path forward for secure communications for people, devices, applications, and systems to and from anywhere. This book is a challenge and call to action for anyone looking to improve their security, networking, and cloud success.

What this book covers

Chapter 1, SASE Introduction, introduces the term SASE, which was recently coined by Gartner and has been dominating IT projects to ensure cost savings and provide the needed security. The overall book provides a comprehensive foundational-level understanding of what SASE is, how to use SASE for success, how to learn through each evolution, where to find more information, and what the future of integrated secure access solutions looks like.

Chapter 2, SASE Human, discusses how understanding SASE requires a mix of skills not commonly found in one person. Due to the DevOps methodology’s acceleration of software releases, a rapid approach to learning just-in-time prior implementation within two to six weeks is required for success. Miss the mark on this requirement and your employer ends up in the news for having the latest security failure in the market. Using a managed service provider that has multiple teams in lockstep with the developers allows an organization to pivot on demand, transfer liability, and meet the urgent needs of the organization on demand.

Chapter 3, SASE Managed, discusses how SASE is a different approach that requires the experience level of even the best engineers to be reset to zero. Once at zero, it can take 6 weeks or 6 months to achieve basic proficiency with design, implementation, and troubleshooting skills. This “retooling” of the engineering team within a non-technology-focused enterprise offers little value to shareholders or customers. Outsourcing to the right managed services partner allows the technology to provide business value much more quickly and change at the speed of the market.

Chapter 4, SASE Orchestration, looks at automated service management across potentially multiple operator networks, including fulfillment, control, performance, assurance, usage, security, analytics, and policy capabilities, which are achieved programmatically through APIs that provide abstraction from the network technology used to deliver the service.

Chapter 5, SASE SD-WAN, discusses SD-WAN, which provides a virtual overlay network that enables application-aware, policy-driven, and orchestrated connectivity between SD-WAN user network interfaces and provides the logical construct of an layer three, virtual private, routed network for the subscriber that conveys IP packets between subscriber sites.

Chapter 6, SASE Detail, deep dives into what makes a service SASE.

Chapter 7, SASE Session, looks at SASE sessions, which are the core component of a SASE solution. Connecting the target actor to the subject actor, regardless of connection type, in a secure session is the heart of SASE.

Chapter 8, SASE Policy, looks at SASE policies, which are sets of rules applied to the SASE session that can be integrated into SASE connectivity quality mechanisms as well as other SASE service inputs. In the past, policy-based firewall or routing solutions have been prescriptive, requiring a comprehensive understanding of the five Ws prior to implementation. The policy was written in stone to guarantee specific results. With SASE, a dynamic environment that allows machine interaction on demand is required for the service to offer a relevant value proposition. This environment is precursive to AI and has to be designed in a manner that allows for AIOps.

Chapter 9, SASE Identity, discusses how a multidimensional approach is required to integrate IAM, context, situational components, time of day, location, and many other factors to deliver sub-millisecond active security that is continuously relevant.

Chapter 10, SASE Security, discusses how each software product developer uses security vertically. In SASE sessions, these vertical solutions must integrate to form the pervasive security that is required for the solution.

Chapter 11, SASE Services, looks at how there are many services that can be included in a SASE service. Every service is not mandatory for a solution to be considered SASE, but every SASE service should have the ability to be integrated into an overall comprehensive solution for a secure connective solution. Potential example services for inclusion are listed in this chapter and are expected to evolve as this market matures.

Chapter 12, SASE Management, looks at establishing, monitoring, and enforcing the configuration, policy, and performance of any given component of or the overall SASE solution.

Chapter 13, SASE Stakeholders, discusses how the foundation for SASE solutions requires identifying all stakeholders in the end solution. Each stakeholder contributes to the cross-functional matrix approach in the project planning phase to qualifying security requirements.

Chapter 14, SASE Case, provides examples for educational purposes, but they are by no means “recipe cards” for implementation strategies or architectural blueprints. The Use Case in turn provides a model that allows for templated approaches that are necessary for scaling the ultimate solution.

Chapter 15, SASE Design, discusses how designing for SASE involves concepts relating to DevOps, security, SD-WAN, and the cloud, and displaces legacy LAN/WAN design principles primarily due to the disaggregation of data plane and control plane activity.

Chapter 16, SASE Trust, discusses the Zero Trust Framework, which is a cybersecurity architecture where all actors are authenticated, authorized, and continuously validated before subjects are granted access, maintain access to, or perform operations on targets.

Chapter 17, SASE Learn, discusses how SASE is a moving target that does not stop evolving. How do you learn something that is perpetually becoming more complex daily? How do you get ahead of the requirements? Where can you independently research this subject? We will provide answers to these questions in this chapter.

Chapter 18, SASE DevOps, discusses the DevOps mindset, which is a rigorous systematic, fervent approach to continual improvement through secure development iteration. Through iteration, the production release of code improves in security, reliability, and user experience.

Chapter 19, SASE Forward, discusses how the future of SASE will be completely different from today. But like the history of x86 computer hardware, it is somewhat predictable, and therefore, a pattern emerges that allows us to stay diligent and ahead of the next change.

Chapter 20, SASE Bonus, discusses how designing SD-WAN solutions is much more complex than a routed WAN with an identical scale. Multiple circuits across routers may be integrated by configuring a dynamic routing protocol that uses all available routes. In contrast, each SD-WAN path must be considered independently, and policies should be designed to give the orchestrator as much autonomy as possible in selecting the ideal path for each packet or flow.

To get the most out of this book

Software-defined technologies such as SD-WAN, SASE, and SDN are significantly different from the past four decades of network engineering. If you can accept this truth prior to reading this book, you may get more out of its content. This book is for those that want to deliver successful projects faster, further, and more cost-effectively than the market standard.

Conventions used

Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “SD-WAN stands for software-defined wide area network.”

Tips or Important Notes

Appear like this.

Get in touch

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts

Once you’ve read Diving into Secure Access Service Edge, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Download a free PDF copy of this book

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

https://packt.link/free-ebook/9781803242170

Part 1 – SASE Market Perspective

Part 1 provides a basic understanding of SASE from the market perspective. This perspective is the required baseline prior to considering a SASE-related project. In this section, there are the following chapters:

1

SASE Introduction

Recently coined by Gartner, Secure Access Service Edge (SASE) has been dominating Information Technology projects for both cost savings and needed pervasive security. This book provides a comprehensive foundational level understanding of what SASE is, how to leverage SASE for success, how to learn through each evolution, where to find more information, and what the future of integrated secure access solutions looks like.

We will begin this by introducing the concept of SASE for those who are still trying to clarify what SASE is or what it is not. In this chapter, we will cover how the market is defining SASE, what the actual market is for SASE, why we need to embrace SASE, and how to present SASE to your organization in a comprehensive manner.

In this chapter, we're going to cover the following main topics:

Define SASE

SASE is pronounced sassy. Andrew Lerner at Gartner coined the phrase in a blog post on December 23, 2019. That post can be found at https://blogs.gartner.com/andrew-lerner/2019/12/23/say-hello-sase-secure-access-service-edge/. He explains that Software-Defined Wide Area Network (SD-WAN) needed a security package. SD-WAN effectively replaces router-based WAN solutions in a next-generation software based package.

The SD-WAN solution varies from vendor to vendor but incorporates secure data forwarding with policies that leverage application specifications to guarantee the best handling of traffic for each application. This improves the User Experience (UX) as well as the network's resilience.

We now refer to SASE as a framework. SASE leverages multiple security services into a framework approach. Not all services offered as SASE solutions are required to be compliant, but adherence to a comprehensive security framework approach is expected. Currently, there is no SASE certification; instead, most of the SASE hype comes from intense competition through effective marketing.

The idea of SASE was not far from what security consultants were already doing by integrating multiple security solutions into a stack that ensured a comprehensive, layered, secure access solution. This approach is something I was already doing for my customers in ensuring Next-Generation Firewall (NGFW), Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and other necessary security solutions were a part of every SD-WAN installation. By calling it a SASE framework, the approach to a comprehensive solution somehow felt more focused than what the industry recognized as just a best security practice.

Commonly, SASE services include SD-WAN, Zero-Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), NGFW, Secure Web Gateway (SWG), unified management, and orchestration. Just what constitutes a real SASE solution varies greatly by source. Several organizations, such as the Metro Ethernet Forum (MEF), are trying to establish neutral industry standards for SASE. These standards will pave the way for a universal understanding, the ability to integrate multiple manufacturers into a solution, and a method for teaching SASE.

Most network communications and security vendors have been working to create a full SASE framework under their brand. Their marketing presents the idea that a full SASE solution from a single vendor is the way to ensure security. Current customer feedback from the Fortune 500 class of NCE link" businesses is that two to three Original Equipment Manufacturer (OEM) vendors will need to be integrated to allow for best-of-breed solutions. This provides an opportunity for a Managed Service Provider (MSP) to give orchestration across multiple platforms to achieve optimal security.

To summarize, SASE is a new, next-generation secure communications services framework that combines many different services to close previous gaps in security. In the next section, we will define the market as it pertains to SASE services and solutions.

Market SASE

In the market today, a few different manufacturers offer self-proclaimed SASE products. The potential list of services across their portfolios that may be a part of a complete SASE service could be in the dozens, depending on their market approach. Calling a service SASE does not make it so, and as there is no SASE certification for solutions at the time of writing this book, no vendor or MSP is exclusively accurate in their marketing of what is or is not SASE. The standards for SASE have not been published at this time.

Gartner started a fire with that simple blog post in 2019. Overnight, every SD-WAN solution in the market offered a path to SASE. The SASE idea itself multiplied the SD-WAN market's potential revenue of over $11 billion United States Dollars (USD) by 2028. The global secure access service edge (SASE) market size is expected to reach $11.29 billion USD by 2028, registering a CAGR of 36.4%, a ResearchAndMarkets report reveals. The source of this quotation can be found at the following link: https://www.helpnetsecurity.com/2021/08/17/sase-market-2028/.

The reality is that an $11 billion-dollar market is only the core SASE product offering for the market. Hardware, software licensing, hosting, maintenance, and support make up the core products, whereas managed services and professional services can multiply the market impact by up to 25 times the core product revenue.

Market Challenge

The market challenge for realizing revenue potential will be primarily impacted negatively by a lack of skilled labor for design, build, and deploy services. This skills gap and the operational expenses preference of most Chief Information Officer/Chief Financial Officer (CIO/CFO) strategies will drive more than 70% of the market to contract SASE as a managed services offering. In the market, there is a trend of up to 78% of SD-WAN contracts leveraging managed services as opposed to utilizing in-house engineering teams. The primary reason for this change is not tied to SASE as CIO and CFO focus has been to rely on technical services as Operating Expense (OPEX) as opposed to Capital Expense (CAPEX). OPEX has been the goal for what is considered by an organization as non-business value cost. Generally, the CIO direction of the largest organizations is to convert operational support staff costs in order to leverage the cost savings on Software Development combined with IT Operations (DevOps) staff costs, which can offer a business Return On Investment (ROI). Support teams are a cost center, whereas the DevOps team can provide the potential to be a profit center to the company.

The complexity of SASE services is driving the need for technology engineering careers to move to a continual learning path. The time has passed where an engineer could rest on traditional education or certification paths. Traditional academic education can provide perspective, historical knowledge, foundational knowledge, and soft skills required for functioning in an organizational environment, whereas industry and manufacturing certifications provide core technical knowledge for functional understanding in a vertical role within an organization. Both educational methods are beneficial for building a foundational understanding of a skill set and both are effective filters when recruiting for a specific role. Unfortunately, neither can move at a market pace, which is today at an average of three DevOps or Software Development combined with Security and IT Operations (DevSecOps) sprint cycles from being out of date and ineffective.

Software development follows a continual improvement path, and so must its practitioners. The goal of the DevOps mentality is to leverage iterative development in a modular fashion as opposed to legacy, ground-up development and Go-To-Market (GTM) practices. DevOps practitioners continually develop, improve, and release. Scrum sprint cycles vary by organization, but an average of 2 weeks can be used as a model to understand the phases of development. New network and security software releases are no longer tied to hardware releases as they can function as a Virtual Machine (VM), Virtual Network (VNet) function, cloud-native function, application, or service independent of a platform. The entire GTM process could be as little as one Scrum sprint cycle or 2 weeks. Network and security practitioners operate on a New -1 ( N-1) basis, N-1+validated, or wait for a triggering event to validate a new software release. The market average for consumption of new software releases is moving to an average of three sub-versions of code, which could average 6 weeks between the last production upgrade of software and the next production upgrade.

The market has been slow to admit that network or security engineering is no longer a discrete skill set from software development. In fact, SASE services will receive major software updates every 2 to 6 weeks, depending on the development cycle or security issues with each independent SASE service within the overall solution. Minor updates may occur in real time. Education for engineering teams must align with software release cycles.

In summary, the market's perception of SASE varies according to the beholder's skill set. As a result of rapid product development, the market for SASE is likely to grow exponentially, creating the issue of rapid evolution that needs to be managed. The next section clarifies the value proposition of a SASE framework for secure communication solutions.

Value SASE

Effective security is inherently valuable, but how do we accurately estimate that value? How do we quantify the value of a solution for an unknown risk impact? Former President of the US, Ronald Reagan, was quoted as saying: "Information is the oxygen of the modern time. It seeps through the walls topped by barbed wire; it wafts across the electrified borders." If information is oxygen, what is the accurate value of oxygen to human life? Effective security pays for itself in reducing risk, liability, and loss of unknown quantities by protecting that oxygen or—in this case—non-public information.

To evaluate SASE in a value proposition or ROI, the investment should be first quantified. Steven Ross, Executive Principal of Risk Masters Inc., points to the Return on Security Investment (ROSI), which is a calculable assessment as a way of identifying the monetary value of the security investment. This may be important to the CFO or investors as a model for understanding financially the inherent value of secure IT investments. More information can be found at the following link: https://www.isaca.org/resources/isaca-journal/past-issues/2011/what-is-the-value-of-security#1.

Without effective security solutions, an organization will cease to achieve a primary ROI for time and capital invested. A recommended value proposition for security is the ability to conduct, without obstruction, the primary business of the organization on whose behalf the secure solution is employed. SASE provides cost-effective security and builds value by reducing inefficiencies in previously developed generations of secure communications. Cost reductions can be achieved by reducing labor, time, capital, focus, outages, performance issues, and educational requirements for staff members trying to build their own perfect technology. Simply speaking, the investment required to develop secure technology solutions in-house with homegrown or best-of-breed market solutions has been providing a negative ROI, which has driven the market to leverage an MSP that specializes in a specific technology. This method also allows for the transfer of liability to the MSP, which provides some relief for executives not choosing to develop their own secure communications solution in-house.

Leveraging SASE with SD-WAN prepares networking and security solutions for a future of automated and secure IT provisioning with real-time operations remediation. To eliminate the inefficiencies that every network has experienced, the solution starts with abstracted components and the disaggregation of data and control-plane activity (separating components). By leveraging a deconstructive process, smaller changes may be made, reducing the risk of any one change causing a major impact to secure network communications. The smaller the change, the quicker the change can provide business value. The target process is analogous to a garden-pruning process that makes small changes until the overall desired effect is achieved. Unlike physical garden pruning, small changes in SASE can be reversed quickly if a negative outcome is realized. Overall, this methodology allows IT organizations to move much quickly than we could even 5 years ago, which allows us to do more with less at the pace of the market.

Orchestration allows for solutions to be templated. The orchestrator allows templates to be overlain upon any of the logical components in the overall solution or service. The creation of a template-based design offers rapid deployment across the abstracted solution. An additional benefit of orchestration is that template continuity may be enforced by the orchestrator and any variance in behavior be reported to security operations systems for tracking and mitigation. This process allows the achievement of compliance with approved network or security designs and immediately identifies violations for action.

SASE provides value in efficiencies, scale, automation, enforcement, and orchestration over similar secure communications technologies in production today. The overall value reduces the design, build, deploy, and operate labor required to keep an organization communicating securely.

Overall, the value of a SASE solution lies in its ability to reduce productivity losses caused by security risks or threats. SASE integrates independent security solutions for a holistic approach that can be automated, reducing the amount of human labor required while taming a mission that was once near impossible.

In the following section, I hope that you will learn to embrace SASE for the inherent benefits it provides to your organization.

Embrace SASE

SD-WAN adoption was extremely slow from inception and into 2021. The main reason for the slow adoption was due to a lack of education prior to intense market demand, based on inflated cost-savings estimates over Multiprotocol Label Switching (MPLS) and other legacy network types. Gartner defined the Gartner Hype Cycle as a method for evaluating when to leverage a New-to-Market (NTM) technology. In their five phases, they identify levels of understanding a shiny new market idea prior to consumption. The benefit of this approach is that it gives the perspective necessary to make an educated decision. More information is available at the following link: https://www.gartner.com/en/research/methodologies/gartner-hype-cycle.

Educated decisions require available educational material, which doesn't materialize in the market until the Trough of Disillusionment. Phase three is roughly where the lessons learned are documented and an effective curriculum is developed, allowing training to start. At the time of writing this book, the Hype Cycle for SASE is still effectively in phase one, where there is much more excitement than factual data.

The promise of SASE is tied to the value; faster, easier, more secure, more automation, and rapid deployment. Better, faster, and cheaper is the market's battle cry. A well-designed SASE can deliver on all these when paired with the right resources. The correct mindset is that security is done in layers, and the best security leverages as many layers as is productionally sound. The best security does not come from a product but through best-practice frameworks implemented correctly. The qualified resource can come from networking, security, or software backgrounds, but is the continually self-educating resource that is concerned about being right for the sake of those served, as opposed to being right for the sake of righteousness. There is no silver bullet for solving the resource/ market/skills gap; however, the right resources will self-educate perpetually, allowing themselves to be wrong in knowledge so that they can remediate their gap and their solution will be right in production.

In conclusion, SASE helps organizations reduce their ongoing labor investments in security operations after initial design and implementation. While embracing SASE will take a significant investment of time, it will provide significant returns.

The next section will provide you with an outline for a comprehensive presentation on SASE that can be tailored to your target audience.

Present SASE

Presenting SASE to executive, administrative, or technical audiences requires a framework for discussion, of which a sample is provided in the following list of items, with a key understanding of each topic that may be further detailed or placed into a slide format with speaker notes:

Presenting SASE requires a balance between the past, present, and future, as well as between many independent technology focus areas. This outline provided a framework for bringing the entire audience into a SASE mindset, regardless of skill set. 

Summary

In this chapter, we've provided an overview of SASE with a definition of it, as well as the original concept that was coined by Gartner. We evaluated the market for SASE services. SASE's value was discussed, as well as the importance of embracing SASE to obtain returns on security investments. Toward the end of the chapter, we offered an outline by which SASE can be presented as a whole concept to an audience.

In the next chapter, we will be covering SASE as it relates to the Human element. We will cover the Issue, Problem, Behaviors, Solution, and Pattern of Humans in the SASE world. The SASE Human chapter will help leaders form thought leadership as it relates to their staff and SASE programs for their organization.