If you've been involved in the WAN/IT infrastructure space for the past few years, you've probably heard about SASE, or Secure Access Service Edge.
The enterprise market is just beginning to integrate this new technology into network security strategy and many professionals are still broadly unfamiliar with it. As a result, it's common for WAN speakers and writers to repeatedly clarify what SASE is (and speculate on whether vendors are “SASE washing”).
In fact, our 2021 WAN Manager Survey found that only one-third of enterprises had adopted either SASE or Zero Trust. And one in ten respondents had never even heard of SASE.
Our 2021 WAN Manager Survey found that only one-third of enterprises had adopted either SASE or Zero Trust. And one in ten respondents had never even heard of SASE.
Enter Diving into Secure Access Service Edge by Jeremiah Ginn. This new book—published by IT publisher Packt—helps bring clarity to an often confusing market.
I first met Ginn when I recruited him to be an end-user speaker at a WAN Summit. He was a network manager at the time, but has since moved on to AT&T where he has helped many enterprise customers sort out their WAN and cybersecurity strategies.
In this role, Ginn saw a need for a comprehensive book educating cybersecurity and network professionals on how to navigate the emerging SASE world.
Having experience on both sides of the table has helped this author write a clear, informative, and useful book on SASE. While the book is geared toward readers on the end-user side, it is certainly useful for anyone in the cybersecurity/IT infrastructure space, whether vendor, MSP, carrier, or enterprise.
The Book
Diving into Secure Access Service Edge is broken out in four sections:
-
SASE Market Perspective: Why organizations need to adopt a SASE framework and how they should approach that process.
- SASE Technical Perspective: A somewhat technical (but readable level for anyone in the networking business) explanation of the products and policies that make up SASE and how they are deployed.
- SASE Success Perspective: Identifying SASE stakeholders, how to coordinate design, and details on the zero trust networking framework as a foundation for SASE.
- SASE Bonus Perspective: Advice on upskilling the IT workforce for SASE, how to include DevOps, and what SASE will look like going forward.
Defining SASE and Its Elements
Ginn manages to overcome a serious challenge, which is clearly and concisely defining what we should mean when we say SASE.
As the book explains, "SASE is a new, next generation secure communications services framework that combines many different services to close previous gaps in security."
SASE is not a product itself, but rather a framework made up of several products and concepts. Fortunately, Ginn is very clear in defining and explaining these separate elements.
Anyone with a background in telecom or networks will come away from this book understanding what industry players mean (or should mean) when they are using these terms. He does this throughout the book—not just in the opening chapters—so that readers can jump around to relevant sections without getting lost in a sea of jargon.
Ginn even breaks down definitions by relevance to the audience. For example, he shows how one might explain SASE differently to executives than to network or security IT professionals.
One feature I think readers will find particularly useful is the clear listing and explanation of the various key elements or products associated with SASE—such as Cloud Access Security Brokerage, Secure Web Gateway, Firewall-as-a-Service, and the Zero Trust Framework.
IT professionals cannot wrap their heads around a SASE framework until they understand what products it entails, and what individual roles those products play in a broader network security strategy.
IT professionals cannot wrap their heads around a SASE framework until they understand what products it entails, and what individual roles those products play in a broader network security strategy.
Ginn also provides a useful explanation of how SD-WAN—not generally thought of as a security product itself—is integral to most SASE deployments and outlines the logical differences between Security Service Edge services and full SASE.
Key Challenges in SASE
Malicious actors never rest, and they are working across timezones to find vulnerabilities in corporate IT infrastructure.
Ginn emphasizes that the constantly changing nature of threats leads to a punishing 2-6 week update cycle in modern cybersecurity. He convincingly warns how humans simply cannot keep up with this timescale unaided.
The book outlines the broad need for AI/automation in security as the solution to an endlessly changing landscape. It also emphasizes the importance of service management in a world where security features are so finely tuned that only a handful of experts in the world may truly understand them.
It is not only difficult but likely a bad business decision, Ginn argues, to try and continually educate internally rather than look to the existing experts for outside managed services.
Industry Standardization
Ginn himself has joined in the industry effort to define and standardize SASE through his participation in MEF. (In fact, I agreed to review this book while talking with the author at a MEF event.)
Throughout the book, there are frequent references to emerging MEF SD-WAN and SASE standards which serve as useful examples of how vendor neutral industry standards can bring clarity to emerging technological frameworks.
Furthermore, Ginn makes a convincing case that this kind of standardization is crucial in the quickly evolving cybersecurity space.
The Upshot
Ginn has distilled a complex and often confusing topic into human language that will leave any reader (at least somewhat familiar with corporate cybersecurity and networks) well-informed on the need for and process of adopting a SASE framework.
The book uses thoughtful analogies and examples to clearly illustrate network security concepts. It can be read straight through, or digested in relevant chapters or sections.
I would recommend that anyone in the WAN or cybersecurity business—end-user or vendor—check out this useful and thought-provoking read.
Click here to view the book listing.
Learn more about SASE and Zero Trust:
- MEF 117: SASE Service Attributes and Service Framework
- MEF 118: Zero Trust Framework for MEF Services
Greg Bryan
Greg is Senior Manager, Enterprise Research at TeleGeography. He's spent the last decade and a half at TeleGeography developing many of our pricing products and reports about enterprise networks. He is a frequent speaker at conferences about corporate wide area networks and enterprise telecom services. He also hosts our podcast, TeleGeography Explains the Internet.