Drive Deeper MSP Customer Engagement with SASE

A Technology Recap

In the earliest days, when a company expanded their network into multiple locations, they put a router in front of their local area network (LAN) and connected it to their other locations with leased datacom lines. The router was managed using software running on a “console” computer.

Then, as network evolution continued, some began to trust the public internet with their network traffic. They’d put a firewall in front of each router at each location, and use that to transport their data to remove the leased line costs. More recently, large corporations uncomfortable with the internet have used Multiprotocol Label Switching (MPLS) connections.

The next great evolution came when we put the management software and intelligence into firmware installed directly inside the router. This was to provide much greater efficiency.

Much more recently came yet another evolution, with a 180-degree reversal. Manufacturers removed the software and intelligence from their router appliances and returned it to its original home on computers. This software-driven management dramatically improved flexibility, agility, upgradability and scalability over firmware-driven appliances. It was simply much easier to make changes in software.

This is how software-defined networking (SD-WAN) came to be. Now, network managers could combine MPLS with other circuits of varying kinds and costs, and shape and re-shape the traffic as their applications required.

Perfect Timing

SD-WAN arrived just as the wave of transition to cloud computing was reaching its crest. Data workloads were being migrated from on-premises networks to cloud-service-providers (CSP). Monolithic applications were being transformed into cloud-native versions using microservices in containers. Soon, the Covid-19 pandemic sent users to start working-from-home. By necessity, networks became more complex. At the same time, data and networking security came under greater assault.

What was needed were security solutions as agile, flexible and scalable as the networks, applications and workloads had become.

Let’s Put It All Together

Secure Access Service Edge (SASE) was created by combining SD-WAN with secure web gateways (SWG), cloud access security brokers (CASB), zero-trust network access (ZTNA) and firewall-as-a-service (FWaaS) to provide the necessary robustness of security without compromising technology, features, or agility.

The first thing partners should note about this powerful mix is that it successfully combines networking and security, two of the most important services today’s managed service provider (MSP) provides. In fact, it’s the addition of a qualified MSP to the mix that gives customers choice – which is terrific news for partners.

That MSP will help the customer select the best choice in each of the SASE components, and will then deploy and continuously manage the entire solution for them. When an MSP is managing a customer’s network, taking care of their network security, and also helping to enforce policies to support governance, that MSP becomes an indelible part of that customer’s network.

The inclusion of Zero-Trust assures that SASE, which is cloud delivered as a service, focuses on the identity of entities on the network including the user, the device they’re using to access the network, their real-time context, and their active security and compliance policies. FWaaS is included to inspect and analyze incoming and outgoing IP packets, but Zero-Trust extends analysis to the applications, the data, and the user community. This is far more encompassing than any previous strategy.

SASE provides continuous risk versus trust assessments, tracking people, groups, specific devices, applications, IoT and edge locations, and other services.

Right for the Cloud

Since it delivers all security services from a single platform, users no longer need to locate firewall hardware at any of their locations. This reduces the initial price for the equipment and software, and also removes the need to manage and administer any of that infrastructure. Since it integrates threat prevention, sandbox, DNS protection, web filtering, identity theft, credential theft, data loss prevention (DLP), full content inspection, and next generation firewalls (NGFW), it will no longer be needed to purchase point products for these functions.

Being managed in the cloud means the MSP can manage the service for all the customer’s locations from a single control point rather than having to travel to multiple sites to upgrade, update, patch, or service individual units.

Ideal for Hybrid Workplaces

As we begin to emerge from the pandemic, enterprises will start making decisions regarding who continues working from home, who returns to the office, and who splits their time between the two.

Users will be connecting from home using residential internet access. Road warriors now equipped with lighter, thinner laptops; Bluetooth keyboards, mice, and headsets; and readily available MiFi access will also fall within the enterprise security threat surface, as will their tablets and smartphones. Zero-trust has never been more important, as these users and their client devices are accessing the network from everywhere. Are they who they say they are?

In short, the biggest concerns will be the operation of a far more diversified network, security across such an enormous threat surface, and how to possibly enforce policies that were difficult to enforce even when everyone was in the same building.

MSPs can now offer resolution for those concerns with comprehensive monitoring and centralized control by proposing, deploying, and managing SASE for them.

Even those returning to the office benefit. It’s very possible those who return to the office, or especially those who work a hybrid environment between home and the office, will find themselves not returning to their own cubicle or office. Instead, they will choose the next available “hoteling” space, which is completely ready to connect them to the network. Wherever they end up, SASE enables the IT department to enforce all security and compliance policies to ensure safety for all data and all users.

What Every User Wants

Perhaps the most important advantage gained by using SASE is the ability to give users what they want most: highly responsive support. Since SASE can be controlled from anywhere, an MSP support specialist need not be in their support center to respond to calls for help. They can make the changes the user needs to solve their problem with their laptop, tablet, or smartphone.

SASE is the next logical step after you’ve moved your customer’s workloads, applications, resources, and users to the cloud – it moves security and compliance to the cloud as well. This makes SASE an MSP’s logical next offering.