Note: This blog is solely based on my work experience and research. This is NOT an official Cisco document. All the details and recommendations in this blog is my personal opinion.
SASE is becoming the new buzzword in the IT industry. Secure Access Service Edge (SASE) architecture is a converge of network & network security delivered as-a-Service model. As per Gartner, by 2023, 63% of global MSPs will gain their revenue through digital business infrastructure operations (DBIO) [1]. SASE brings various opportunities and helps Infrastructure MSPs to monetise the new architecture.
Note: In this blog word “MSP” and word “Infrastructure MSP” mean the same.
To support the customer’s digital transformation, Infrastructure MSPs have to step into new arenas. Today, Enterprise IT are built on hybrid-cloud network with workloads in multiple private and public cloud. New applications demand decentralisation of data processing (computing power), which brings the processing closer as much as possible to the customer for low latency and high performance. This change forces MSPs to consider its focus on not only “what” to manage but also to deem “where” to manage.
Cisco can greatly help infrastructure MSPs to start their Journey to capture the changing market and build new DBIO for SASE Managed Services. For security services, Cisco is backed with their industry-leading security portfolio with 100% cloud-based service deployment. For connectivity, everyone knows Cisco is a pioneer in this field. To highlight, one of the recommendations from Gartner, SASE is to have all the services (both network and network security) ideally from one vendor. All this unsurprisingly make Cisco an ideal choice for SASE managed services.
SASE consists of different components, Figure: 1 shows a high-level view of a SASE managed service. Tiers, vaguely to show the different focus areas in the SASE managed service layers. Layers roughly represents each component required to build a SASE managed service. Components provide the flexibility to deploy each layer one-by-one on top with the choice of customer phase. This may make the MSPs to choose their existing managed SD-WAN customers as their primary choice to start the SASE offer.
Layers can also use as a reference to create different SASE packages. Example, Base package may include Services and Connectivity components, whereas Advanced package may include Base package plus Telemetry & Analytics component.
In short, For a SASE managed service.
· Infrastructure MSPs may have to own the underline physical hardware
· Connectivity solutions can co-create with Cisco and managed by MSPs
· Security services are hosted in Cisco cloud and consumed as SaaS
· Optional services (cloud based) can layer on top to differentiate the SASE offer
· Purpose built administrative consoles for MSPs for management
· Integration with MSP’s existing platform to reduce operational complexity
Managed Tier
Traditional managed services or Infrastructure out-sourcing focus is to reduce the IT cost. The infrastructure MSP manage the physical boxes on behalf of their customer’s IT department which includes maintaining the physical availability of the boxes, stacking and racking, managing the life cycle of hardware and software, applying the configuration and policies etc. Though the physical boxes may own and reside in the premises of the customer, this model provides an abstract of a Network-as-a-Service or an Infrastructure-as-a-Service outcome for the customer.
Value-add Tier
The focus on value-add tier is the need of the hour for the infrastructure MSPs. With the proliferation of public cloud, customer’s on-prem workloads are shifting to public cloud. Limiting to manage the end-customers infrastructure and workload may not help to grow the business. As per Gartner, “Infrastructure MSPs that only offer operational management for internal IT environments will fail to grow” [2].
A high percentage of infrastructure MSPs are adapting to the new public cloud environment by helping to manage on-prime legacy infrastructure and cloud applications, operate, migrate legacy applications to cloud. But only few MSPs are brainstorming to leverage the capabilities of cloud technologies & services to create new business opportunities [3]. It is important for the MSPs to move their primary focus from managing a box to providing an outcome-based service, this is the key differentiator. More than keeping customer’s IT infrastructure operational, MSPs should evolve as true business enablers.
Helping customers in their digital business transformation by co-creating new solutions and leading with differentiated offers in the MSPs service catalogue.
Cisco security products have great features, by enabling one and then combining with other advance features may help to create a new offer itself. To provide you an example, A large enterprise on average use 1200+ cloud services and 98% of those are shadow IT apps [4], and 27% of discovered shadow IT apps are classified as high risk [5]. Cisco Umbrella is one of the main products in SASE, has shadow IT feature (depends on the package), MSP can use this feature to create a monthly based report (Eg. Application visibility & Risk audit report) for an extra fee to show the level of cloud service activities and risk associated with each application in a customer organization. Report may help the customer to manage cloud adoption in a secure and organized fashion. In short, it is like turning the humble egg (approx. $1) into a gourmet omelette (approx. $12).
Cisco SD-WAN edge devices are packed with security features. MSPs can use and enable them to differentiate from others. Example, Enable AMP for Network feature, which is the only network-based malware defence in the industry. Having this feature enabled on all SD-WAN edge routers helps to extend the malware threat defence capability from endpoints to the network edge.
Add Threat Intelligence, integrate with customer security stack to provide report on in-depth analytics on threats for a premium rate. Example Using Umbrella Investigate (depends on package), gives the most complete view of the relationships and evolution of internet domains, IPs, and files — helping to pinpoint attackers’ infrastructures and predict future threats [6].
Operational efficiency Tier
Operational efficiency is one of the key tiers in the SASE managed services. Improving operational efficiency helps to increase margins. Most MSPs has the concern about scaling the business mainly due to talent shortage [7] and with pressurize on budget. Keep adding the headcounts is not the only way to manage the scalability problem.
Especially, when the MSP has to deal with multi-vendor platforms and cutting-edge technologies. Hiring experts on every vendor platform or technology may not go well with the profit margins. On top of this, end-customers may demand with unique requirements on different report types, request access privileges and other services may result in having some headcounts dedicated for each account. With all these the MSPs has to keep their pricing very competitive to win new business as well.
Network Operations Centre (NOC) or Security Operations Centre (SOC) employees may need to perform some repeatable tasks. As we all know, automation helps to increase productivity. Automating repeatable tasks helps to save money. Without automation, for a security alert, an engineer may have to login into multiple portals to verify the events to corelate and take a decision to act or to ignore. An engineer may get more such alerts in his/her eight-hour shift, almost half of the may be shift consumed by the manual process. For example, an average $35 per hour for a NOC engineer, 4 hours spend on manual task in a day ($35x4 Hours=$140), in a year ($140x365 days=$51100) per Engineer. Around $50K can be saved by integrating and automating manual tasks.
NOTE: The dollar values showed in the example is an assumption and not accurate.
Traditionally with most Infrastructure MSPs, WAN connectivity such as MPLS, VPN, Internet etc are managed and monitored in NOC and Security related services are manged and monitored in SOC. SASE is a combination of Network and Security Service, which may demand both NOC and SOC to come together with a centralised monitoring centre or tightly integrate both the teams to break the silos.
Leverage the capability of APIs and Open standard STIX/TAXII data formats to automate the exchange of the security events between different tools from both teams. Cisco has rich set of RESTful APIs and support STIX/TAXII to integrate with network and security tools, allow MSPs to automate processes, decreasing response time and gain better visibility of the network. This helps to create a new control-plane for variety of network and security functions of SASE in SOC environment.
Conclusion
SASE brings new revenue opportunities for infrastructure MSPs. Cisco has almost all the components required for an MSP to start SASE managed services Journey.
- Innovate, customize, and deliver business outcomes in ways that an MSP hasn’t been able to in the past.
- Accelerate managed service business value with new revenue streams like SASE and differentiated service offers in your service catalogue.
- Embrace an integrated architectural approach for scalability, stability and performance to deliver high quality customer service
- Gain operational excellence by improving the current operations with more integration between tools and with automation.
References
[1] Gartner, “Managed Services Are Dead, Long Live Managed Services!,” 29 Mar 2019. [Online]. Available: https://blogs.gartner.com/rene-buest/2019/03/29/managed-services-dead-long-live-managed-services/.
[2] Gartner, “Infrastructure MSPs That Only Offer Operational Management of Internal Enterprise IT Environments Will Fail to Grow,” 08 Oct 2019. [Online]. Available: https://blogs.gartner.com/rene-buest/2019/10/08/infrastructure-msps-offer-operational-management-internal-enterprise-environments-will-fail-grow/.
[3] Gartner, “Who Drives Digital Business From the Cloud Through the Edge to the Digital Touchpoint?,” 08 Sep 2018. [Online]. Available: https://blogs.gartner.com/rene-buest/2018/09/08/who-drives-digital-business-from-the-cloud-through-the-edge-to-the-digital-touchpoint/.
[4] Cisco Blogs, “Gartner Report Says Shadow IT Will Result in 1/3 of Security Breaches,” [Online]. Available: https://blogs.cisco.com/cloud/gartner-report-says-shadow-it-will-result-in-13-of-security-breaches.
[5] Help Net Security, “27% of cloud apps are high risk,” [Online]. Available: https://www.helpnetsecurity.com/2016/06/14/risky-cloud-apps/.
[6] Cisco , “Cisco Umbrella Investigate,” [Online]. Available: https://umbrella.cisco.com/products/umbrella-investigate.
[7] Gartner, “Confront the Cybersecurity Talent Shortage,” 23 June 2017. [Online]. Available: https://www.gartner.com/smarterwithgartner/solve-the-cybersecurity-talent-shortage/.
