Implementing SASE: ngena’s Connectivity Platform as a Service

Nov 4, 2020

Implementing SASE: ngena’s Connectivity Platform as a Service

ngena’s Connectivity Platform as a Service has been designed and globally implemented to respond to changing customer requirements: Digital business transformation requires anywhere, anytime access to applications and services — many of which are now located in the cloud. Therefore, the traditional network-centric architecture with a rather static and well-defined topology and enterprise data centers being the center of access requirements for users and devices, is not meaningful anymore. Our platform has been built to deliver connectivity services to support user-centric architectures and the flexible integration of SaaS and other cloud-based services, dynamically changing endpoints, flexible adaptation of routing and security policies as well as supporting remote workers. The key elements of this platform are a global cloud platform, a unique portfolio of SD-WAN services, a comprehensive set of integrated advanced security services, fully automated deployment and change processes, a hybrid network leveraging public Internet as well private transport networks and an end-to-end management across the transport underlay as well as service overlay (see Figure 1).

Implementing SASE: ngena’s Connectivity Platform as a Service

Figure 1

A newly defined concept by Gartner last summer called SASE – Secure Access Service Edge – describes the convergence of two key services in the connectivity market: Network as a Service (SD-WAN) and Network Security as a Service (see Figure 2).

Network as a Service (SD-WAN)

Figure 2

It stitches together elements of managed security, WAN, and edge compute into a single cloud-native offering. SASE was defined to especially support the growing enterprise need for edge computing capabilities that are distributed and closer to the systems, applications and devices that often also require low latency access to local storage and compute.

Why SASE?

SASE (Secure Access Service Edge) is cloud-based approach that secures WAN. It implies that instead of having network which is centered around an organization’s private and central data center, SASE approach puts cloud at the center of the network. There are number of key benefits with implementing SASE in your organization.

Security and Data protection: By implementing of data protection policies, enterprises can prevent unauthorized data access and abuse of sensitive information when within a SASE framework setting.  On the other hand, the inspection of every data flow user improves security.

Reduced costs: BY using a single platform instead of buying and managing multiple point products greatly reduces the cost and associated IT expenses

The Zero Trust: The Zero Trust approach to cloud with SASE framework provides a complete network security to user sessions irrespective of the location (if he is on or off network). The trust assumption is removed among users, sessions and networks.

Gartner expects at least 40% of the enterprises to be explicitly designing and implementing strategies to adopt SASE. Looking at the key characteristics of SASE as defined by MEF (Metro Ethernet Forum) just recently, it becomes quite obvious that ngena’s Connectivity as a Service offering is a true implementation of the SASE concept (see Figure 3).

SASE Characteristics

Figure 3

Secure Access Service Edge Solution for Enterprises

Our cloud platform is leveraging the comprehensive Cisco product portfolio and is turning it into an end-to-end managed globally available service delivered by service edges called ngena Hubs. This platform delivering the SASE offering will tie together elements of Cisco’s networking, security, and zero-trust product lines. This includes elements of Cisco’s Viptela and Meraki SD-WAN platforms to address SASE’s WAN and routing requirements. Meanwhile, for security, our connectivity platform leans on Cisco Umbrella for not only secure web gateway, domain name system (DNS), firewall, and cloud access security broker (CASB) functionality, but also integrates seamlessly the onsite advanced security capabilities of Viptela and Meraki as well as further security services provided on the ngena Hubs, like firewall and web security services. Finally, our platform integrates core elements of Cisco’s zero-trust networking portfolio — especially Duo and AnyConnect — to verify identity and enhance the overall security of the offering. Alternatively, we also support the seamless integration of the cloud security offering from Zscaler.

Today customers are at very different stages of their journey towards digital transformation. A key strength of ngena’s Connectivity Platform as a Service is that it will support customers whether they want to have a thick branch with onsite security or thin branch with edge-based security services or even a mixture of both for different geographies of their network. We can support customers with a comprehensive set of integrated networking and security services as they rotate through that transformation.

As our connectivity platform provides cloud-based connectivity services across public and private networks, the convergence of security and network domains has always been the cornerstone for us. Therefore, ngena today is already a front runner in implementing the SASE concept and will further support its adoption as global standard.

The author

Marcus Hacke

scroll up now print page now
English