With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data.
SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn:
-Why SASE should be less complicated than many vendors are making it
-What to look for when evaluating a migration to a SASE platform
-A 3 month, 6 month, and 12 month roadmap for implementation
-How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits
5. Secure access service edge defined
SASE is best described as a convergence of network and security capabilities into a single
platform that enables organizations to provide both security and accessibility for their
users and data. It should achieve this regardless of location, while maintaining visibility
and control, and reducing complexity.
Understanding SASE SASE Defined
8. Network-as-
a-Service
SASE ZT Edge
Software
Defined
Perimeter
SDP
Zero Trust →
Adaptive
Trust
Zero Trust
ZTNA
Cloud native and software defined, centralized
policy enforcement, a single management and
data plane, robust visibility and logging
On-premise technologies shifted to a public
cloud, a portfolio of disparate acquisitions
The Industry has recognized this evolution
Understanding SASE
9. Secure access service edge components
5 Key Technologies:
● Zero Trust Network Access (ZTNA
● Secure Web Gateway (SWG
● Firewall-as-a-Service (FWaaS
● Cloud Access Security Broker (CASB
● Network-as-a-Service (NaaS
Understanding SASE SASE Defined
10. SASE Platform Migration
What should you look for when evaluating SASE platforms &
solutions?
Succeeding with SASE
11. Secure access service edge
Gartner, describing SASE in “The Future of Network Security is in the
Cloud”:
“Digital business transformation inverts network and security service
design patterns, shifting the focal point to the identity of the user
and/or device — not the data center. Security and risk management
leaders need a converged, cloud-delivered, secure access service
edge to address this shift.”
SASE Platform Migration
12. Secure access service edge
What to look for:
1. Current capabilities
2. High level of innovation
3. Integrated platform
4. Robust edge network
5. Scalable pricing model
SASE Platform Migration
13. Cloudflare One
A purpose-built platform designed to deliver on the promise
Network Transformation with a Secure Access Service Edge
15. Cloudflare One: Underlying Network
Every
Cloudflare
service
Runs over
every
Cloudflare
server
In every
Cloudflare
data center
Across 200
cities in
100
countries
15
25M
200
76B
99%
51 Tbps
16. Cloudflare One: Connect and secure applications and users
Encrypt user traffic Regardless of your users’
location, all traffic from their device is encrypted and
sent privately to the nearest endpoint.
Build and enforce policies Enforce device
authentication, enabling you to build user-specific
policies.
Audit device and user traffic Audit specific user and
device traffic for detailed tracing in case of a breach or
audit.
Block web-based threats Protect against known and
unknown threats by blocking known threats and
isolating unknown threats with Browser Isolation.
Provide granular access controls Create granular
role-based access rules to internal and SaaS apps,
including MFA enforcement.
Secure remote workers with Cloudflare One
17. Cloudflare One: Secure your corporate network
Our battle tested network stack. In front of your corporate network.
17
DDoS Protection
Near-Instant TTM
IP Firewall Traffic
acceleration
18. Cloudflare One improves network
performance and security while
reducing cost and complexity.
26. ● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
SWG
MPLS
SDWAN
SDWAN
MPLS
SWG
M
PLS
MPLS
SDWAN
SDWAN
SWG
SWG
M
PLS
SWG
MPLS
ZTNA
RBI | SWG
FWaaS | CASB
27. ● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
ZTNA | SWG
FWaaS | CASB
MPLS
SWG
MPLS
SWG
M
PLS
SDWAN
SDWAN
28. ● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
MPLS
SWG
MPLS
SWG
M
PLS
ZTNA
RBI | SWG
FWaaS | CASB
29. 6 to 12 Months - Protect
your corporate network
Step 3
30. Cloudflare Network
Interconnect
● Move DDoS protection to
the edge
● Improves security
● Reduces need for onsite
appliances for DDoS
● Directly peer DC’s to
Cloudflare
● Improve performance
and reliability
MPLS
SWG
MPLS
SWG
M
PLS
Cloudflare rack
Customer rack
ZTNA
RBI | SWG
FWaaS | CASB
31. ● Move more applications to
Cloud to reduce DC
footprint
● Apply consistent cloud
security policies across all
traffic
Cloudflare Network
Interconnect
MPLS
SWG
MPLS
SWG
M
PLS
Cloudflare rack
Customer rack
CNI
ZTNA
RBI | SWG
FWaaS | CASB
32. ● Move more applications to
Cloud to reduce DC
footprint
● Apply consistent cloud
security policies across all
traffic
SWG
MPLS
SWG
CNI
ZTNA
RBI | SWG
FWaaS | CASB
33. ● Eliminate need for security
appliances in HQ and DC
locations
● Apply consistent cloud
security policies across all
traffic
● Single pane of glass to
view all activity globally
● Reduce cost and
complexity of network
performance and security
SWG
MPLS
SWG
CNI
ZTNA
RBI | SWG
FWaaS | CASB
34. ● Eliminate need for security
appliances in HQ and DC
locations
● Apply consistent cloud
security policies across all
traffic
● Single pane of glass to
view all activity globally
● Reduce cost and
complexity of network
performance and security
MPLS
CNI
CNI
ZTNA
RBI | SWG
FWaaS | CASB
35. Three major priorities across all business segments
Succeeding with SASE Defining Success
37. Next Steps:
Succeeding with SASE
1. Read more about Cloudflare One:
cloudflare.com/cloudflare-one/
2. Set up a Cloudflare for Teams account (Zero Trust and Remote
Worker Security): dash.cloudflare.com/sign-up/teams
3. View the Cloudflare SASE Whitepaper:
Cloudflare SASE Whitepaper
38. Thank you
Succeeding with SASE
Be sure to check out the links in the Handouts
section.
David McClure
dmcclure@cloudflare.com