Will MEF's definition give SASE its groove back?
Much of the SD-WAN industry has flocked to Gartner's SASE acronym like flies to honey, but some confusion remains over what constitutes a SASE service.
MEF hopes to clear the air by fleshing out a definition for Secure Access Service Edge (SASE) services – dubbed MEF W117 – and deliver a framework to standardize SASE services based on MEF's current standardization work on SD-WAN, security and automation.
The MEF SASE Services Framework white paper defines a SASE Service as "A service connecting users (machine or human) with their applications in the cloud while providing connectivity performance and security assurance determined by policies set by the Subscriber." The networking and security functions within a SASE service include routing, VPN, path selection, traffic shaping, firewall, threat prevention and more.
The lack of industry agreement on service attributes and definitions for SASE could create market fragmentation and confusion, says MEF. During the emergence of the SD-WAN and Carrier Ethernet markets, MEF stepped in to lead the charge in standardizing these services to provide the industry with common ground to clarify these technologies for vendors, service providers and their enterprise customers.
Gartner coined the term SASE in 2019 to describe the convergence of SD-WAN with cloud-based security functions; Gartner research VP Andrew Lerner says SASE combines "network security functions (such as SWG, CASB, FWaaS and ZTNA), with WAN capabilities (i.e., SD-WAN) to support the dynamic secure access needs of organizations. These capabilities are delivered primarily aaS (as a service) and based upon the identity of the entity, real time context and security/compliance policies."
"SASE is Gartner's label for something that's been going on in the industry for years," says MEF CTO Pascal Menezes. "We see a lot of security vendors migrating to it." Menezes says MEF isn't diverging from Gartner's definition of SASE, but working on defining SASE service policies, defining reference points and providing clarity on the concept of SASE.
Is this the end for SD-WAN?
While SD-WAN suppliers are increasingly re-branding as SASE vendors, that doesn't mean SD-WAN is passé.
"SASE is SD-WAN meets security and is done at the cloud edge," explains Menezes. "It's about the multi-access edge compute edge – that is where SASE will prevail. It's all about doing security and SD-WAN in a cloud offering, done at the edge."
Menezes further describes SASE as a "thin CPE model with security in the cloud," which could look like a low-cost client on a user's desktop – an appealing option for remote workers teleworking during COVID-19.
Menezes says MEF will continue its SD-WAN standards work and the industry can expect to see the next iteration of the current standard for SD-WAN services and attributes (MEF 70) later this year.
Coming up is MEF 70.1, which will define service attributes for application flow performance, SD-WAN service topology, application security and more. MEF is also developing MEF W88, Application Security for SD-WAN Services, which Menezes likens to a sibling of MEF 70 because MEF W88 will expand on security functions and policies for SD-WAN.
Contributors to SASE standards
MEF member companies, including Fortinet, VMware, Juniper, Nuage Networks from Nokia, Versa Networks, Cisco, Ciena, CMC Networks and Datavision, contributed to the MEF SASE Service Framework white paper. In addition, employees from those companies as well as AT&T, Bell Canada, CenturyLink, Fujitsu Network Communications, Silver Peak and more have contributed to MEF's efforts to develop standards around SD-WAN, security and SD-WAN service automation.
MEF adds that its SASE Services Definition (MEF W117) project will build upon current standardization work, including:
- SD-WAN Service Attributes & Service Framework (MEF 70 and MEF W70.1)
- Application Security for SD-WAN Services (MEF W88)
- Zero Trust Framework and Service Attributes (MEF W118) – new
- Universal SD-WAN Edge (MEF W119) – new
- Performance Monitoring and Service Readiness Testing for SD-WAN Services (MEF W105)
- MEF Services Model: Information Model for SD-WAN Services (MEF 82)
- LSO Legato Service Specification – SD-WAN (MEF W100)
- Intent Based Orchestration (MEF W71)
- Policy Driven Orchestration (MEF W95)
— Kelsey Kusterer Ziser, Senior Editor, Light Reading