Next stop on the SASE journey: Establishing a plan and team for success
Mike Spanbouer, Juniper Networks
In this second blog of the three-part series on the journey to Secure Access Service Edge (SASE), the focus will be identifying team members and developing a plan that will help ensure SASE success.
In the previous post, we determined that no two SASE journeys are the same and it is up to the individual organisation to determine what questions they should ask as they prepare for this transition. SASE is a technology shift and consumption model that promises to change how we view and access our digital environments – whether through data centre-hosted apps or apps and services in the cloud.
Setting the team up for success
Most organisations today have IT operations team(s) tasked with keeping their on-premises network running securely. These teams will likely be heavily involved in onboarding the SASE transition and beyond.
When an organisation selects a new tool or capability, the assessment criteria are based on the technology and efficacy of the tool. Therefore, we lose sight of the impact on the team supporting the solution. Think of a project where the solution had post-deployment production implications, due to rushed planning, blind spots or scope creep. SASE presents a unique opportunity for organisations to clean up aged policies and approaches and look at how the capabilities integrate and work together to support both the transition to SASE and the future secure client to cloud workforce.
What should the team be responsible for?
Part of the industry buzz and excitement around SASE stems from the promise of its architecture to integrate many disparate technologies in a cloud-native environment, simplifying deployment and ongoing maintenance. The convergence of the network and security will continue to streamline complicated processes and provide teams with a simpler operational model, freeing up time spent on the administration and tuning of multiple consoles.
SASE has the potential to present an ideal set-up, once the capabilities are configured, processes updated and workflow established and embraced by the operational teams. Even in that perfect world, where the documentation is flawless and the organisation has an accurate application, client and service inventory, the planning and staging must still be a deliberate process that requires time and patience.
The project team’s creation and charter must include process, policy and responsibility for managing services in the product. Here are some questions to consider about this team: Are there current operations staff members on the project team? Or, is this a brand new team tasked with building out the new service architecture?
In my experience over the last 10-15 years, the successful cloud and distributed services projects required a great deal of planning and continuous iterations and process improvement to enhance production. It takes a skilled team to achieve success together.
“Do the best you can until you know better. Then when you know better, do better. – Maya Angelou
Once the initial objectives are clearly defined, the next steps are prioritisation and assigning capabilities to suit the organisation’s goal. This process is one of the benefits of SASE, offering flexibility and using parts of the security stack based on business needs.
Organisations should firmly believe in following what has worked in the past and continue to improve it, as new information is learned or new data points received. Operations teams must start the work with the information they currently have at their disposal. While documentation gaps often exist and challenges may arise, at a minimum, documentation accuracy and gaps must be taken into consideration at the planning stages to help the project team prioritise accurately and identify where the operational demands will be during deployment and initial production.
As the project team begins to plan, start with what is known and build a decision tree or project workflow from there. Determine which objectives are critical for phase one and identify the dependencies. Ask the team: Are these objectives required for remote access security and performance? What about branch and remote office secure cloud access? What do the application requirements look like, both today and over the next 24-36 months? Are there any major platform or capability migrations that are to occur? Once the key questions are answered, the objectives setting is easier.
With the objectives in hand, the organisation can make the next choice in the SASE journey. Knowing these answers will help the team establish a vendor shortlist that will be helpful when it comes time for the contract negotiations. Service expectations, coverage, break/fix remediations, SLA’s, etc. are all factors of negotiation and stem from the business and operations teams’ requirements. It is entirely possible that it will take the next one to three years to ramp SASE into production across the organisation, and more staffing will be required. Ultimately, SASE should reduce the workloads for the operations teams. There are many, many steps in-between for even moderately complex organisations who weren’t “born in the cloud.”
Take this opportunity to look at the organisation’s existing capabilities. What is working well? What isn’t? Is this the time to add a new capability vs. migrate an existing capability that is no longer doing the job as effectively as you would like? While SASE can effectively address most capabilities through a cloud-native delivery, there are many operational decision points along the way that will ensure business continuity and help maintain the operational sanity of the business. This will help organisations avoid any offline episodes during the deployment of the new SASE service. Also, for those applications that will remain in the on-premises data centre, operational benefits will arise from common policy models, common workflow processes and a well-documented operational response plan for the team for any incidents that may occur.
The journey continues
As an industry, we are just beginning the journey to SASE. The fact remains that every business will depend on its operations team for their security and infrastructure technology deployments, which will help the organisation achieve a future SASE state.
While there are many paths offered, the best approach is to know where the organisation is starting from and try to eliminate or avoid surprises where possible. SASE has the potential to be an organisational gamechanger. Organisations should ensure preparedness by engaging with IT operations teams early in the process and getting them invested in this project to ensure the success of this transition.
In the next blog, we present an architectural choice: They key to a successful SASE journey.