Tuesday, December 13, 2022

MEF issues first SASE standard and Zero Trust Framework

MEF published the first Secure Access Service Edge (SASE) standard defining SASE service attributes, a framework and common definitions, and a Zero Trust framework that together allow organizations to implement dynamic policy-based actions to secure network resources for faster decision making and implementation for enterprises.

  • SASE Service Attributes and Service Framework Standard -- This standard specifies service attributes to be agreed upon between a service provider and a subscriber for SASE services, including security functions, policies, and connectivity services. The standard defines the behaviors of the SASE service that are externally visible to the subscriber irrespective of the implementation of the service. A SASE service based upon the framework defined in the standard enables secure access and secure connectivity of users, devices, or applications to resources for the subscriber. MEF’s SASE standard (MEF 117) includes SASE service attributes and a SASE service framework.
  • Zero Trust Framework for MEF Services --The new Zero Trust Framework for MEF Services (MEF 118) defines a framework and requirements of identity, authentication, policy management, and access control processes that are continuously and properly constituted, protected, and free from vulnerabilities when implemented and deployed. This framework also defines service attributes, which are agreed between a subscriber and service provider, to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.

MEF said its new SASE standard aligns stakeholders on common terminology and service attributes when buying, selling, and delivering SASE services, and makes it easier to interface policy with security functions for cloud-based cybersecurity from anywhere. MEF’s Zero Trust framework defines service attributes to enable service providers to implement and deliver a broad range of services that comply with Zero Trust principles.

“Enterprises are challenged to compare feature sets and solutions when selecting SD-WAN, SSE, and SASE services, including Zero Trust Network Access, which can result in incomplete service offerings that don’t meet needs and expectations. At the same time, service providers want to offer a complete, unified SASE service that includes networking and security under a single pane of glass,” said Pascal Menezes, MEF Chief Technology Officer. 

According to the July 2022 SASE & SD-WAN 5-Year Forecast Report from Dell’Oro Group, the SASE-related technologies market will exceed $13 billion by 2026. SASE has quickly gained traction due to its work-from-anywhere cloud approach to security and networking. The MEF SASE service standard and Zero Trust framework have been developed by the industry’s top managed security and service providers to make it easier to bring to market robust, easy-to-understand, easy-to-manage SASE services for the enterprise. The new standards include:

“With SASE still at an early stage and generating confusion, I applaud MEF’s standardization efforts. In the near-term, they are contributing vocabulary and aligning conceptual frameworks that are vital to getting the industry to rally behind common, interoperable approaches,” said Mauricio Sanchez, Research Director for Network Security & SASE/SD-WAN research at Dell’Oro Group. “In the long-term, I see the resulting standards help make multi-vendor SASE a reality and accelerate overall adoption.”

https://www.mef.net/news/mef-introduces-first-sase-standard-and-zero-trust-framework/

Video: Standardizing SD-WAN and (soon) SASE

SD-WAN evolved independently with a number of big players and, as a result, all of their solutions are different, notes Dave Larson, GM and CTO of Spirent.SASE, as an extension of SD-WAN, brings a new set of monetization possibilities.MEF is about using standards and APIs to level of playing field.https://youtu.be/wwWMah7y...