MEF survey reveals top SD-WAN and SASE challenges
The Metro Ethernet Forum (MEF) conducted a survey which showed that the top SD-WAN and SASE challenges are focused on coping with operating a multi-vendor environment. That’s to be expected since there are no standards for multi-vendor interoperability for either of those technologies. MEF surveyed 36 worldwide service provider experts to obtain its results.
The complexity of operating and managing multi-vendor SD-WAN, integrating security options and defining end-to-end service level agreements (SLAs) were the top three challenges.
The top Secure Access Service Edge (SASE) challenges focus more on education and standardization. The top challenges service providers face with SASE are the lack of industry standards, customer education and migration, vendors not offering a complete solution and operating in a multi-vendor environment.
MEF’s research also shows that both SD-WAN and SASE markets are on track to hit analyst expectations. “The global SD-WAN services market should hit double-digit revenue growth in 2022, while most providers who offered SASE in 2021 expect 50%-plus revenue growth in 2022 due to a significant uptick in rollout of SASE services and features,” MEF Principal Analyst Stan Hubbard told SDxCentral via email.
All service providers surveyed already have elements of a SASE offering or plan to introduce a SASE solution in 2022, according to this MEF survey.
“The top SD-WAN and SASE service provider challenges are in line with expectations for the different stages of these markets, On the SD-WAN front, one of the biggest aggravations for providers is the complexity of operating a multivendor environment, which is primarily due to the absence of interoperability among SD-WAN technology vendors. Providers have told us that their need to develop and maintain expertise on various SD-WAN vendor solutions increases skills and training burdens, creates operational inefficiencies, and adds costs. The situation is made worse today because the terminology, architectures, performance metrics, etc., of vendors differ since they do not all adhere to common standards,” Hubbard wrote.
“The SASE services market is in its very early days, confusing, and full of a host of challenges related to customer education, customer migration, lack of industry standards, the lack of complete SASE vendor solutions and more. Multiple service providers agreed the organizational challenge of integrating networking and security is ‘huge’ for customers migrating to a SASE solution. As a large service provider stated, “SASE will be a failure without organizational change” within both customers and service providers,” Hubbard added.
Shift from SDN to SD-WANs to SASE Explained; Network Virtualization’s important role
4 thoughts on “MEF survey reveals top SD-WAN and SASE challenges”
Verizon said in its guide for the “right approach” to secure access service edge (SASE) – the Gartner-coined infrastructure that combines cloud-native network and security stacks- that managing and securing an increasingly complex environment poses “significant challenges.”
In 2021 Verizon Business launched SASE solution with a multi-vendor approach that combines SD-WAN and network security capabilities from Versa Networks and Zscaler into a single managed service. Rival AT&T had rolled out its own solution earlier that year in partnership with Fortinet.
Verizon cites the COVID-19 pandemic, virtualization and the move to the cloud, increased security threats, and a shift away from the network appliance box as the primary factors that drove the “SASE frenzy” in recent years.
By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018, according to the Verizon guide.
“Getting SASE right may be a complex proposition that presents significant challenges,” the provider said. “For one thing, it is a still-evolving technology target.”
The SASE architecture combines network edge capabilities like SD-WAN and a set of security capabilities Gartner dubbed the security services edge (SSE) – a cloud-delivered suite that includes zero-trust network access (ZTNA), cloud-access security broker (CASB), secure web gateway (SWG), and firewall-as-a-service (FWaaS).
The major elements that make up SASE have been around in some form or another for “at least 10 years,” Verizon pointed out.
For this reason, a critical component of getting SASE right is cross-technology integration. “There’s no one-size-fits-all SASE solution, which means enterprises will need to be comfortable working with a variety of technologies in order to build an effective implementation that solves a given organization’s specific challenges,” the provider said.
Enterprises adopting SASE need to be able to integrate a broad range of network technologies from physical transport – like private IP and MPLS – up through the virtualization SDN layer in order to build an integrated SD-WAN capability with traffic routing, prioritization, and bandwidth optimization.
Another “key ingredient” to SASE is edge computing like content delivery networks, multi-access edge computing (MEC), or an IoT gateway. “Managing security across these complex and distributed systems will be essential and require a deep understanding of how edge computing fits into the SASE model,” Verizon explained.
Orchestrating SASE Infrastructure
How the technology components of SASE come together is critical.
Verizon recommends enterprises implement service chaining as a key component of SASE because it is a “way of automating and optimizing the service delivery experience.”
In an environment where many vendors are still unable to provide a complete end-to-end SASE solution, organizations likely need to combine technologies and products to create their desired solutions. “Being able to optimize new and already-deployed technology components so each is functioning and contributing at its full potential will be important,” Verizon said.
The ability to conduct testing to make sure SASE is properly integrated and performing at necessary levels will also be critical. Verizon indicated this requires the “proper tools to conduct the integration, performance, and stress testing needed to ensure that functions have been deployed in the optimal order and the most efficient configuration.”
Service chaining and other orchestration in a virtual network requires expertise, which has led to challenges for many organizations in the midst of a global skill shortage. However, this can be mitigated in part through organizational restructuring that sees networking and security teams – which have traditionally operated separately – merge their administration and management from the organizational perspective.
Lastly, Verizon suggested that because SASE is still a work in progress, “CIO and CISO groups will need to rethink their respective roles in supporting enterprise infrastructure operations.”
“Proper governance will be key to success as these changes percolate down through the organization, as they will eventually touch the network architects, security architects, application architects and others that need to work together to execute on a company’s SASE strategy,” Verizon added.
MEF, a global industry association of network, cloud, and technology providers accelerating enterprise digital transformation, today announced it has published the industry’s first Secure Access Service Edge (SASE) standard defining SASE service attributes, a framework and common definitions, and a Zero Trust framework that together allow organizations to implement dynamic policy-based actions to secure network resources for faster decision making and implementation for enterprises.
MEF’s SASE standard aligns stakeholders on common terminology and service attributes when buying, selling, and delivering SASE services, and makes it easier to interface policy with security functions for cloud-based cybersecurity from anywhere. MEF’s Zero Trust framework defines service attributes to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.
According to the July 2022 SASE & SD-WAN 5-Year Forecast Report from Dell’Oro Group, the SASE-related technologies market will exceed $13 billion by 2026. SASE has quickly gained traction due to its work-from-anywhere cloud approach to security and networking. The MEF SASE service standard and Zero Trust framework have been developed by the industry’s top managed security and service providers to make it easier to bring to market robust, easy-to-understand, easy-to-manage SASE services for the enterprise. The new standards include:
SASE Service Attributes and Service Framework Standard
This standard specifies service attributes to be agreed upon between a service provider and a subscriber for SASE services, including security functions, policies, and connectivity services. The standard defines the behaviors of the SASE service that are externally visible to the subscriber irrespective of the implementation of the service. A SASE service based upon the framework defined in the standard enables secure access and secure connectivity of users, devices, or applications to resources for the subscriber. MEF’s SASE standard (MEF 117) includes SASE service attributes and a SASE service framework.
Zero Trust Framework for MEF Services
The new Zero Trust Framework for MEF Services (MEF 118) defines a framework and requirements of identity, authentication, policy management, and access control processes that are continuously and properly constituted, protected, and free from vulnerabilities when implemented and deployed. This framework also defines service attributes, which are agreed between a subscriber and service provider, to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.
“With SASE still at an early stage and generating confusion, I applaud MEF’s standardization efforts. In the near-term, they are contributing vocabulary and aligning conceptual frameworks that are vital to getting the industry to rally behind common, interoperable approaches,” said Mauricio Sanchez, Research Director for Network Security & SASE/SD-WAN research at Dell’Oro Group. “In the long-term, I see the resulting standards help make multi-vendor SASE a reality and accelerate overall adoption.”
“Enterprises are challenged to compare feature sets and solutions when selecting SD-WAN, SSE, and SASE services, including Zero Trust Network Access, which can result in incomplete service offerings that don’t meet needs and expectations. At the same time, service providers want to offer a complete, unified SASE service that includes networking and security under a single pane of glass,” said Pascal Menezes, MEF Chief Technology Officer. “MEF’s new SASE standard and Zero Trust framework, firsts in the industry, provide clarity and simplify the selection of SASE managed services for enterprises. MEF-based SASE services allow organizations to make choices based on industry-standard service attributes, frameworks, and common definitions which allow for easier evaluation and faster decision making and implementation. On behalf of MEF, I would like to thank all the members who worked tirelessly to progress these efforts for the benefit of the entire industry.”
MEF also offers technical training on SD-WAN and related security for professionals through its MEF-SDCP certification.
Explore MEF SASE, Zero Trust and SD-WAN resources. Download the market brief, “Tackling SASE and SD-WAN Managed Service Provider Challenges,” which summarizes MEF market research indicating the two greatest challenges faced by SASE providers to date are customer education and lack of industry standards.
Security Service Edge vs. SASE: What Is the Difference?
Secure Access Service Edge (SASE) is a category of networking solutions defined by Gartner in 2019, which combines traditional network security functions with wide area networking (WAN) capabilities. The goal of SASE is to provide secure and reliable connectivity for users and devices, regardless of their location or the type of network they are connected to.
Gartner defines SASE as a cloud-delivered, network security as a service platform that provides secure network connectivity and network security functions in a unified offering, delivered through a common infrastructure and management. SASE combines network security functions, such as zero trust networking, firewalls, and intrusion prevention systems (IPS), with cloud-based networking services like SD-WAN (software-defined wide area networking) and internet connectivity.
Secure Services Edge (SSE) is a set of integrated, cloud-delivered secure services that use identities and policies to establish secure connections between authenticated users and business resources. First introduced by Gartner in 2021, SSE is a security category that will secure connectivity in the future of hybrid environments and remote work.
As more employees work outside corporate boundaries, SaaS applications become the norm, and applications move to the public cloud, organizations cannot continue to backhaul user traffic to corporate networks. Many IT organizations are replacing their existing network security appliances, such as firewalls, VPN gateway appliances, and web gateways, with cloud-based options that can better protect data, provide a better user experience, and reduce costs.
SSE platforms provide cloud services that extend secure connectivity to user locations, without connecting users to corporate networks, exposing IT infrastructure to the public internet, or requiring complex network segmentation. Instead, SSE allows IT to provide secure access from anywhere to on-premise applications, secure access to the internet, and fast access to the cloud and SaaS applications.
Security Service Edge vs. SASE: What Is the Difference?
The main difference between Secure Access Service Edge (SASE) and Security Service Edge (SSE) is the focus of the solutions. SASE combines traditional network security functions with wide area networking (WAN) capabilities, while SSE focuses specifically on security functions.
SASE solutions are designed to provide secure and reliable connectivity for users and devices, regardless of their location or the type of network they are connected to. This can include traditional networking functions like VPNs and SD-WAN (software-defined wide area networking), as well as security functions like firewalls, intrusion prevention systems (IPS), and other controls. SASE solutions are often used by organizations with remote and hybrid workforces to ensure secure access to corporate resources and protect against cyber threats.
From Fierce Telecom January 12, 2023:
Randy Anders is VP of North American sales with HughesNet for Business. He said HughesNet has been providing SD-WAN to enterprise customers for several years, using its GEO satellite connectivity.
The company works with VMware, Cisco Meraki and Fortinet for the SD-WAN technology.
“We have over 52,000 SD-WAN locations and over 100 customers in the U.S. over retail, healthcare, banking, energy, restaurants and government customers,” said Anders. For instance, it connects about 2,000 gas stations in far-flung locations with SD-WAN.
He did concede that with GEO “you have the latency issue because the satellite is so much further from earth” than with LEO. But HughesNet and its partners use compression software “to make the user experience better.”
Hughes is also establishing a partnership with the LEO satellite company OneWeb. Together they’ll be able to provide LEO and GEO connectivity to suit a customer’s specific needs.
“We’ve been involved with OneWeb for a few years,” said Anders. “We’ve actually done deals where they bought 10,000 of our electronically steerable antennas.”
There’s a huge difference in the number of satellites needed for GEO as opposed to LEO.
Starlink has more than 3,000 satellites in orbit and has recently received FCC approval to launch 7,500 more. As if that’s not enough Starlink wants to launch about 20,000 more on top of that.
In comparison, Hughes needs only a handful of satellites — it uses a few of its own and has hosted payloads on a few others.
The FCC is very concerned about space debris from all the companies that are entering the satellite business.
RELATED: How does SpaceX remove old, obsolete satellites from space?
SpaceX has developed technology that can control the de-orbiting of its satellites once they reach the end of their life. Once the satellites de-orbit, they pass through the earth’s atmosphere and burn up.
But it’s different for GEO satellites. First, there are far fewer of them. Once they reach the end of their life, they move out of their operating orbit and drift further out into space.
Comments are closed.