Grow As You Go With A Modular SASE Architecture

Driven by the growth of hybrid workplaces, the promise of emerging technologies and an explosion in cloud-based applications, enterprises are seeking new methods to enforce consistent security across their expanding network perimeters. And they want to accomplish this while maintaining high performance and a seamless experience for their users. Enter SASE, short for Secure Access Service Edge—offering a flexible, modular approach to network and security that’s quickly moving to the top of many IT leaders’ project lists.
A major shift in IT infrastructure
SASE brings together Wide Area Networking and network security functions into a single cloud-based framework that makes networks more visible, secure and easier to manage. This represents a major shift in IT infrastructure that helps to bridge many of the security, management and performance gaps common in distributed enterprises. IT decision-makers find SASE’s unified approach compelling because it equips them to quickly adapt to new or unexpected scenarios—promising greater agility, productivity, security and even cost reduction.
However, while SASE architecture consolidates an array of security technologies into a single “service-as-a-service,” each one is still a standalone function. This modular structure means that rather than ripping and replacing their entire infrastructure, organizations are more likely to start by solving for a specific use case, such as secure remote access, and adopt additional security services based on their changing needs and priorities.
Designed For Flexibility
One of the biggest misconceptions is that SASE is a single product in a “box” that can be bought and deployed immediately when it is really a collection of individual solutions that work together. Its modular architecture makes it easy to implement the right tools to meet your needs now and add or scale components as your network and security requirements evolve. Think of it as a journey to an ideal state of security, access and end-user experience you can manage all in one place.
Right now, two types of customers are driving SASE adoption: organizations focused on defending and protecting their branch locations with SD-WAN—and work-from-anywhere businesses where employees log in from a variety of locations. Each model needs a different approach.
- Branch locations: If this describes your business, then you need to manage a single online experience for your in-office users accessing resources over a corporate network behind a firewall. If you’re running SD-WAN, then you’re already well on the way to SASE, which integrates SD-WAN with other core services for a holistic and integrated network and security framework.
- Work-from-anywhere employees: With so many employees working remotely, you probably realized that routing all your traffic to your on-prem data center no longer offers the performance and security required to support your expanding perimeter. You need security that is identity-driven rather than site-based—using device and location to assign access and policies. So now the question to ask is not “What should the security policy be for my branch office in Chicago?” but “What is the security policy for Jane?,” who works from multiple locations, including home, her favorite coffee shop and occasionally the office.
Figure 1: Network traffic flowing to a single data center for inspection
As hybrid work becomes the norm rather than the exception, you need to provide different types of security for different types of applications. For example, you may need a secure web gateway (SWG) for users who need a constant connection to browser-based apps like YouTube.
On the other hand, software-as-a-service (SaaS) apps like Office 365 and cloud-based development environments require a cloud access security broker (CASB) and zero trust network access (ZTNA) for identity and location-specific access control.
Ultimately you want the flexibility to manage SD-WAN for your branch locations and secure users working from anywhere in a single online experience—and to do it all from a centralized location with visibility across your entire network.
A modular SASE architecture is the path forward to manage your disparate services at scale effectively, but because few networking or security providers offer a complete, single-vendor SASE solution today, many IT decision-makers are taking a slightly different approach.
Secure Service Edge: The First Step On Your SASE Journey
When Gartner coined the term SASE, the idea was to pull all the network and security pieces together under one umbrella. Since then, a clear separation has emerged between SD-WAN for branch location connectivity and protection and the remote user security piece.
While the end goal is still SASE, finding a provider that can deliver every security and networking component can be challenging, hence the creation of Secure Service Edge (SSE). This subset of SASE architecture is a collection of integrated, cloud-centric security capabilities that makes up half of the SASE architecture and enables secure access to websites, software-as-a-service applications, and proprietary apps.
The four primary SSE security functions are:
- Cloud Access Security Broker (CASB)
- Secure Web Gateway (SWG)
- Firewall-as-a-Service (FWaaS)
- Zero Trust Network Access (ZTNA)
Figure 2: The connected SASE services architecture with core network and security functions
It’s important to understand that SSE isn’t a replacement for SASE—SSE is merely a subset of the SASE architecture that makes it easier to get the unified security tools you want if you don’t need (or already have) SD-WAN.
Some enterprises will opt for the full SASE framework, while others will approach their journey in phases by starting with SSE and adding the SD-WAN layer if needed. Selecting an SSE solution that is part of an integrated SASE platform opens for future network transformation, operational simplicity and lower total cost of ownership (TCO).
Flexible, Cloud-Native SASE Powered By The Lumen Network
Whether you’re prioritizing SD-WAN or security with your SASE strategy, Lumen can help you create the ecosystem you need today, with the flexibility to scale it as your business and workforce evolve.
The Lumen Platform, with its combination of network capabilities, cloud integration, low-latency edge computing and a deep roster of security components, is uniquely positioned to deliver on the promise of SASE. Powered by the #1 peered global network, 1 it’s an ideal foundation for Lumen® SASE Solutions, which integrate SD-WAN and network security functions to simplify, control and scale application delivery in a single cloud-based service.
Thanks to our vendor-agnostic partner ecosystem and digital purchase path, we can reduce the complexity typically associated with multi-vendor SASE solutions. With offerings from best-in-breed network and security vendors such as Fortinet and VMware, we give you the ease and flexibility to add sites, apps and users for fast, cloud-based scalability. Plus, we give you the option to manage it yourself or take advantage of our 30+ years of network management experience to handle it all for you so you can focus on managing your business.
1The Center for Applied Internet Data Analysis, AS Rank, August 2022.
This content is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. All third-party company and product or service names referenced in this article are for identification purposes only and do not imply endorsement or affiliation with Lumen. This document represents Lumen products and offerings as of the date of issue.