• Technologies
    • Black Lotus Labs
    • Cloud
    • Edge Compute
    • Collaboration
    • Managed Services
    • Network
    • Security
  • Business Advice
    • 4th Industrial Revolution
    • Business Continuity & Disaster Recovery
    • Customer Experience
    • Data Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Healthcare
    • Gaming
    • Manufacturing
    • Media and Entertainment
    • Pharmaceutical
    • Public Sector
    • Retail
    • Technology
  • About Us
    • Leadership Perspectives
    • NewsRoom
  • Technologies
    • Black Lotus Labs
    • Cloud
    • Edge Compute
    • Collaboration
    • Managed Services
    • Network
    • Security
  • Business Advice
    • 4th Industrial Revolution
    • Business Continuity & Disaster Recovery
    • Customer Experience
    • Data Driven Business
    • Operational Efficiency
    • Tech Trends
  • Industries
    • Financial Services
    • Healthcare
    • Gaming
    • Manufacturing
    • Media and Entertainment
    • Pharmaceutical
    • Public Sector
    • Retail
    • Technology
  • About Us
    • Leadership Perspectives
    • NewsRoom

Grow As You Go With A Modular SASE Architecture

Darren Wolner Posted On December 5, 2022
0


0
Shares
  • Share On Facebook
  • Tweet It

Woman working on a laptop from a remote location

Driven by the growth of hybrid workplaces, the promise of emerging technologies and an explosion in cloud-based applications, enterprises are seeking new methods to enforce consistent security across their expanding network perimeters. And they want to accomplish this while maintaining high performance and a seamless experience for their users. Enter SASE, short for Secure Access Service Edge—offering a flexible, modular approach to network and security that’s quickly moving to the top of many IT leaders’ project lists.

A major shift in IT infrastructure

SASE brings together Wide Area Networking and network security functions into a single cloud-based framework that makes networks more visible, secure and easier to manage. This represents a major shift in IT infrastructure that helps to bridge many of the security, management and performance gaps common in distributed enterprises. IT decision-makers find SASE’s unified approach compelling because it equips them to quickly adapt to new or unexpected scenarios—promising greater agility, productivity, security and even cost reduction.

However, while SASE architecture consolidates an array of security technologies into a single “service-as-a-service,” each one is still a standalone function. This modular structure means that rather than ripping and replacing their entire infrastructure, organizations are more likely to start by solving for a specific use case, such as secure remote access, and adopt additional security services based on their changing needs and priorities.

Designed For Flexibility

One of the biggest misconceptions is that SASE is a single product in a “box” that can be bought and deployed immediately when it is really a collection of individual solutions that work together. Its modular architecture makes it easy to implement the right tools to meet your needs now and add or scale components as your network and security requirements evolve. Think of it as a journey to an ideal state of security, access and end-user experience you can manage all in one place.

Right now, two types of customers are driving SASE adoption: organizations focused on defending and protecting their branch locations with SD-WAN—and work-from-anywhere businesses where employees log in from a variety of locations. Each model needs a different approach.

  • Branch locations: If this describes your business, then you need to manage a single online experience for your in-office users accessing resources over a corporate network behind a firewall. If you’re running SD-WAN, then you’re already well on the way to SASE, which integrates SD-WAN with other core services for a holistic and integrated network and security framework.
  • Work-from-anywhere employees: With so many employees working remotely, you probably realized that routing all your traffic to your on-prem data center no longer offers the performance and security required to support your expanding perimeter. You need security that is identity-driven rather than site-based—using device and location to assign access and policies. So now the question to ask is not “What should the security policy be for my branch office in Chicago?” but “What is the security policy for Jane?,” who works from multiple locations, including home, her favorite coffee shop and occasionally the office.

Network traffic flowing to a single data center for inspection Figure 1: Network traffic flowing to a single data center for inspection

As hybrid work becomes the norm rather than the exception, you need to provide different types of security for different types of applications. For example, you may need a secure web gateway (SWG) for users who need a constant connection to browser-based apps like YouTube.

On the other hand, software-as-a-service (SaaS) apps like Office 365 and cloud-based development environments require a cloud access security broker (CASB) and zero trust network access (ZTNA) for identity and location-specific access control.

Callout: Think of it as a journey to an ideal state of security, access and end-user experience you can manage in one place

Ultimately you want the flexibility to manage SD-WAN for your branch locations and secure users working from anywhere in a single online experience—and to do it all from a centralized location with visibility across your entire network.

A modular SASE architecture is the path forward to manage your disparate services at scale effectively, but because few networking or security providers offer a complete, single-vendor SASE solution today, many IT decision-makers are taking a slightly different approach.

Secure Service Edge: The First Step On Your SASE Journey

When Gartner coined the term SASE, the idea was to pull all the network and security pieces together under one umbrella. Since then, a clear separation has emerged between SD-WAN for branch location connectivity and protection and the remote user security piece.

While the end goal is still SASE, finding a provider that can deliver every security and networking component can be challenging, hence the creation of Secure Service Edge (SSE). This subset of SASE architecture is a collection of integrated, cloud-centric security capabilities that makes up half of the SASE architecture and enables secure access to websites, software-as-a-service applications, and proprietary apps.

The four primary SSE security functions are:

  • Cloud Access Security Broker (CASB)
  • Secure Web Gateway (SWG)
  • Firewall-as-a-Service (FWaaS)
  • Zero Trust Network Access (ZTNA)

The connected SASE services architecture with core network and security functions

Figure 2: The connected SASE services architecture with core network and security functions

It’s important to understand that SSE isn’t a replacement for SASE—SSE is merely a subset of the SASE architecture that makes it easier to get the unified security tools you want if you don’t need (or already have) SD-WAN.

Some enterprises will opt for the full SASE framework, while others will approach their journey in phases by starting with SSE and adding the SD-WAN layer if needed. Selecting an SSE solution that is part of an integrated SASE platform opens for future network transformation, operational simplicity and lower total cost of ownership (TCO).

Flexible, Cloud-Native SASE Powered By The Lumen Network

Whether you’re prioritizing SD-WAN or security with your SASE strategy, Lumen can help you create the ecosystem you need today, with the flexibility to scale it as your business and workforce evolve.

The Lumen Platform, with its combination of network capabilities, cloud integration, low-latency edge computing and a deep roster of security components, is uniquely positioned to deliver on the promise of SASE. Powered by the #1 peered global network, 1 it’s an ideal foundation for Lumen® SASE Solutions, which integrate SD-WAN and network security functions to simplify, control and scale application delivery in a single cloud-based service.

Thanks to our vendor-agnostic partner ecosystem and digital purchase path, we can reduce the complexity typically associated with multi-vendor SASE solutions. With offerings from best-in-breed network and security vendors such as Fortinet and VMware, we give you the ease and flexibility to add sites, apps and users for fast, cloud-based scalability. Plus, we give you the option to manage it yourself or take advantage of our 30+ years of network management experience to handle it all for you so you can focus on managing your business.

Find out how you can simplify network access, security and management with SASE solutions on the Lumen Platform.

Learn More

1The Center for Applied Internet Data Analysis, AS Rank, August 2022.

This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue.

Related posts:

  1. What is SASE and What Problems Does it Address?
  2. SASE: Defining Traits & Common Use Cases
  3. 10 Common SASE Misconceptions
  4. 12 Questions You Should Ask a SASE Provider
0
Shares
  • Share On Facebook
  • Tweet It


Digital TransformationInfrastructureNetworkSASESecuritySSE


Author

Darren Wolner

Darren Wolner leads Lumen’s SASE, SD-WAN, and Edge Gateway product portfolios, which includes setting vision, goals, and agile initiatives to drive the product roadmap to innovate and align with market trends to meet the demands of our customers in the Enterprise, Mid-Market, and Public Sectors. In this role, Darren leads a product team that is focused on delivering Software Defined Networking and cloud-based security solutions, including SD-WAN, Secure Web Gateway (SWG), Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), and Cloud Access Security Broker (CASB). He and his team enjoy helping our customers navigate their business transformation journey with fully managed, all-digital, on-demand experiences, all while helping them to protect their environments from the largest and most recent cyber threats.

Trending Now
Digital-First Starts With Your Network Provider
Shannon Lynch February 7, 2023
5 Observations from Lumen on 2022 Attack Trends
Kaitlin McIntyre February 6, 2023
You may also like
Digital-First Starts With Your Network Provider
February 7, 2023
From the smart factory to the smart manufacturing enterprise
January 17, 2023
What is Social Engineering?
January 10, 2023
What is Managed Endpoint Detection and Response (MEDR)?
Read Next

What is Managed Endpoint Detection and Response (MEDR)?

  • Categories

    Adaptive Networking

    Connected Security

    Hybrid Cloud

    Communications and Collaboration

    Edge Computing

    SASE


  • Lumen is guided by our belief that humanity is at its best when technology advances the way we live and work. With 450,000 route fiber miles serving customers in more than 60 countries, we deliver the fastest, most secure platform for applications and data to help businesses, government and communities deliver amazing experiences.

Services not available everywhere. ©2022 Lumen Technologies. All Rights Reserved.
Press enter/return to begin your search