The document outlines strategies for successfully implementing a Secure Access Service Edge (SASE) solution, emphasizing the convergence of network and security capabilities. It discusses the components of SASE, such as Zero Trust Network Access and Firewall-as-a-Service, and provides a migration roadmap with specific steps for organizations transitioning to cloud-based networks. Key priorities for success include evaluating current capabilities and fostering innovation within a scalable platform like Cloudflare One.

1. Strategies for Building a Migration Plan
SASE Network Transformation
Succeeding with SASE
David McClure
Technical Product
Marketing Manager

2. What We’ll Cover
Succeeding with SASE
Overview:
● Understanding SASE
● SASE Platform Migration considerations
● Cloudflare One
● Roadmap for Migration

3. Three major priorities across all business segments
Understanding SASE Driving Forces

4. Understanding SASE
SASE should be less complicated than many vendors are
making it
Succeeding with SASE

5. Secure access service edge defined
SASE is best described as a convergence of network and security capabilities into a single
platform that enables organizations to provide both security and accessibility for their
users and data. It should achieve this regardless of location, while maintaining visibility
and control, and reducing complexity.
Understanding SASE SASE Defined

6. Enterprise Networks were built for 2010
Understanding SASE Driving Forces

7. MPLS/
Leased
MPLS/
Leased
How we work changed, but the network did not
Understanding SASE Driving Forces

8. Network-as-
a-Service
SASE ZT Edge
Software
Defined
Perimeter
SDP
Zero Trust →
Adaptive
Trust
Zero Trust
ZTNA
Cloud native and software defined, centralized
policy enforcement, a single management and
data plane, robust visibility and logging
On-premise technologies shifted to a public
cloud, a portfolio of disparate acquisitions
The Industry has recognized this evolution
Understanding SASE

9. Secure access service edge components
5 Key Technologies:
● Zero Trust Network Access (ZTNA
● Secure Web Gateway (SWG
● Firewall-as-a-Service (FWaaS
● Cloud Access Security Broker (CASB
● Network-as-a-Service (NaaS
Understanding SASE SASE Defined

10. SASE Platform Migration
What should you look for when evaluating SASE platforms &
solutions?
Succeeding with SASE

11. Secure access service edge
Gartner, describing SASE in “The Future of Network Security is in the
Cloud”:
“Digital business transformation inverts network and security service
design patterns, shifting the focal point to the identity of the user
and/or device — not the data center. Security and risk management
leaders need a converged, cloud-delivered, secure access service
edge to address this shift.”
SASE Platform Migration

12. Secure access service edge
What to look for:
1. Current capabilities
2. High level of innovation
3. Integrated platform
4. Robust edge network
5. Scalable pricing model
SASE Platform Migration

13. Cloudflare One
A purpose-built platform designed to deliver on the promise
Network Transformation with a Secure Access Service Edge

14. Cloudflare One: Overview

15. Cloudflare One: Underlying Network
Every
Cloudflare
service
Runs over
every
Cloudflare
server
In every
Cloudflare
data center
Across 200
cities in
100
countries
15
25M
200
76B
99%
51 Tbps

16. Cloudflare One: Connect and secure applications and users
Encrypt user traffic  Regardless of your users’
location, all traffic from their device is encrypted and
sent privately to the nearest endpoint.
Build and enforce policies  Enforce device
authentication, enabling you to build user-specific
policies.
Audit device and user traffic  Audit specific user and
device traffic for detailed tracing in case of a breach or
audit.
Block web-based threats  Protect against known and
unknown threats by blocking known threats and
isolating unknown threats with Browser Isolation.
Provide granular access controls  Create granular
role-based access rules to internal and SaaS apps,
including MFA enforcement.
Secure remote workers with Cloudflare One

17. Cloudflare One: Secure your corporate network
Our battle tested network stack. In front of your corporate network.
17
DDoS Protection
Near-Instant TTM
IP Firewall Traffic
acceleration

18. Cloudflare One improves network
performance and security while
reducing cost and complexity.

19. SASE Migration Roadmap
Planning implementation steps 3, 6, & 12 months out
Succeeding with SASE

20. ● 8,000 Employees
● Financial Services
● 3 Global Data Centers
Equinix hosted) moving
to Azure for Cloud
● 2 HQ  Chicago and
Brussels
● 42 Branch Offices
● Move more to Cloud
● Reduce overall cost
● Secure remote workers
MPLS
SDWAN
SDWAN
SWG
SWG
VPN
M
PLS
MPLS

21. 1 to 3 Months - Zero Trust
and Remote Worker
Security
Step One

22. ● First step in SASE
transformation
● Replaces VPN use cases
● Improves security
● Moves SWG/FWaaS to
the edge
● Eliminates backhauling
● Better user experience
MPLS
SDWAN
SDWAN
SWG
SWG
VPN
M
PLS
MPLS

23. MPLS
SWG
MPLS
SWG
M
PLS
SDWAN
SDWAN
VPN
● First step in cloud
transformation
● Replaces VPN use cases
● Improves security
● Moves SWG/FWaaS to
the edge
● Eliminates backhauling
● Better user experience
ZTNA
RBI | SWG
FWaaS | CASB

24. SWG
MPLS
SDWAN
SDWAN
MPLS
SWG
M
PLS
MPLS
SDWAN
SDWAN
SWG
SWG
M
PLS
SWG
MPLS
ZTNA
RBI | SWG
FWaaS | CASB
● First step in cloud
transformation
● Replaces VPN use cases
● Improves security
● Moves SWG/FWaaS to
the edge
● Eliminates backhauling
● Better user experience

25. 3 to 6 Months - Branch
Offices
Step 2

26. ● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
SWG
MPLS
SDWAN
SDWAN
MPLS
SWG
M
PLS
MPLS
SDWAN
SDWAN
SWG
SWG
M
PLS
SWG
MPLS
ZTNA
RBI | SWG
FWaaS | CASB

27. ● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
ZTNA | SWG
FWaaS | CASB
MPLS
SWG
MPLS
SWG
M
PLS
SDWAN
SDWAN

28. ● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
MPLS
SWG
MPLS
SWG
M
PLS
ZTNA
RBI | SWG
FWaaS | CASB

29. 6 to 12 Months - Protect
your corporate network
Step 3

30. Cloudflare Network
Interconnect
● Move DDoS protection to
the edge
● Improves security
● Reduces need for onsite
appliances for DDoS
● Directly peer DC’s to
Cloudflare
● Improve performance
and reliability
MPLS
SWG
MPLS
SWG
M
PLS
Cloudflare rack
Customer rack
ZTNA
RBI | SWG
FWaaS | CASB

31. ● Move more applications to
Cloud to reduce DC
footprint
● Apply consistent cloud
security policies across all
traffic
Cloudflare Network
Interconnect
MPLS
SWG
MPLS
SWG
M
PLS
Cloudflare rack
Customer rack
CNI
ZTNA
RBI | SWG
FWaaS | CASB

32. ● Move more applications to
Cloud to reduce DC
footprint
● Apply consistent cloud
security policies across all
traffic
SWG
MPLS
SWG
CNI
ZTNA
RBI | SWG
FWaaS | CASB

33. ● Eliminate need for security
appliances in HQ and DC
locations
● Apply consistent cloud
security policies across all
traffic
● Single pane of glass to
view all activity globally
● Reduce cost and
complexity of network
performance and security
SWG
MPLS
SWG
CNI
ZTNA
RBI | SWG
FWaaS | CASB

34. ● Eliminate need for security
appliances in HQ and DC
locations
● Apply consistent cloud
security policies across all
traffic
● Single pane of glass to
view all activity globally
● Reduce cost and
complexity of network
performance and security
MPLS
CNI
CNI
ZTNA
RBI | SWG
FWaaS | CASB

35. Three major priorities across all business segments
Succeeding with SASE Defining Success

36. Questions?
Succeeding with SASE

37. Next Steps:
Succeeding with SASE
1. Read more about Cloudflare One:
cloudflare.com/cloudflare-one/
2. Set up a Cloudflare for Teams account (Zero Trust and Remote
Worker Security): dash.cloudflare.com/sign-up/teams
3. View the Cloudflare SASE Whitepaper:
Cloudflare SASE Whitepaper

38. Thank you
Succeeding with SASE
Be sure to check out the links in the Handouts
section.
David McClure
dmcclure@cloudflare.com