Strategies for Building a Migration Plan
SASE Network Transformation
Succeeding with SASE
David McClure
Technical Product
Marketing Manager

What We’ll Cover
Succeeding with SASE
Overview:
● Understanding SASE
● SASE Platform Migration considerations
● Cloudflare One
● Roadmap for Migration

Three major priorities across all business segments
Understanding SASE Driving Forces

Understanding SASE
SASE should be less complicated than many vendors are
making it
Succeeding with SASE

Secure access service edge defined
SASE is best described as a convergence of network and security capabilities into a single
platform that enables organizations to provide both security and accessibility for their
users and data. It should achieve this regardless of location, while maintaining visibility
and control, and reducing complexity.
Understanding SASE SASE Defined

Enterprise Networks were built for 2010
Understanding SASE Driving Forces

MPLS/
Leased
MPLS/
Leased
How we work changed, but the network did not
Understanding SASE Driving Forces

Network-as-
a-Service
SASE ZT Edge
Software
Defined
Perimeter
SDP
Zero Trust →
Adaptive
Trust
Zero Trust
ZTNA
Cloud native and software defined, centralized
policy enforcement, a single management and
data plane, robust visibility and logging
On-premise technologies shifted to a public
cloud, a portfolio of disparate acquisitions
The Industry has recognized this evolution
Understanding SASE

Secure access service edge components
5 Key Technologies:
● Zero Trust Network Access (ZTNA
● Secure Web Gateway (SWG
● Firewall-as-a-Service (FWaaS
● Cloud Access Security Broker (CASB
● Network-as-a-Service (NaaS
Understanding SASE SASE Defined

SASE Platform Migration
What should you look for when evaluating SASE platforms &
solutions?
Succeeding with SASE

Secure access service edge
Gartner, describing SASE in “The Future of Network Security is in the
Cloud”:
“Digital business transformation inverts network and security service
design patterns, shifting the focal point to the identity of the user
and/or device — not the data center. Security and risk management
leaders need a converged, cloud-delivered, secure access service
edge to address this shift.”
SASE Platform Migration

Secure access service edge
What to look for:
1. Current capabilities
2. High level of innovation
3. Integrated platform
4. Robust edge network
5. Scalable pricing model
SASE Platform Migration

Cloudflare One
A purpose-built platform designed to deliver on the promise
Network Transformation with a Secure Access Service Edge

Cloudflare One: Overview

Cloudflare One: Underlying Network
Every
Cloudflare
service
Runs over
every
Cloudflare
server
In every
Cloudflare
data center
Across 200
cities in
100
countries
15
25M
200
76B
99%
51 Tbps

Cloudflare One: Connect and secure applications and users
Encrypt user traffic  Regardless of your users’
location, all traffic from their device is encrypted and
sent privately to the nearest endpoint.
Build and enforce policies  Enforce device
authentication, enabling you to build user-specific
policies.
Audit device and user traffic  Audit specific user and
device traffic for detailed tracing in case of a breach or
audit.
Block web-based threats  Protect against known and
unknown threats by blocking known threats and
isolating unknown threats with Browser Isolation.
Provide granular access controls  Create granular
role-based access rules to internal and SaaS apps,
including MFA enforcement.
Secure remote workers with Cloudflare One

Cloudflare One: Secure your corporate network
Our battle tested network stack. In front of your corporate network.
17
DDoS Protection
Near-Instant TTM
IP Firewall Traffic
acceleration

Cloudflare One improves network
performance and security while
reducing cost and complexity.

SASE Migration Roadmap
Planning implementation steps 3, 6, & 12 months out
Succeeding with SASE

● 8,000 Employees
● Financial Services
● 3 Global Data Centers
Equinix hosted) moving
to Azure for Cloud
● 2 HQ  Chicago and
Brussels
● 42 Branch Offices
● Move more to Cloud
● Reduce overall cost
● Secure remote workers
MPLS
SDWAN
SDWAN
SWG
SWG
VPN
M
PLS
MPLS

1 to 3 Months - Zero Trust
and Remote Worker
Security
Step One

● First step in SASE
transformation
● Replaces VPN use cases
● Improves security
● Moves SWG/FWaaS to
the edge
● Eliminates backhauling
● Better user experience
MPLS
SDWAN
SDWAN
SWG
SWG
VPN
M
PLS
MPLS

MPLS
SWG
MPLS
SWG
M
PLS
SDWAN
SDWAN
VPN
● First step in cloud
transformation
● Replaces VPN use cases
● Improves security
● Moves SWG/FWaaS to
the edge
● Eliminates backhauling
● Better user experience
ZTNA
RBI | SWG
FWaaS | CASB

SWG
MPLS
SDWAN
SDWAN
MPLS
SWG
M
PLS
MPLS
SDWAN
SDWAN
SWG
SWG
M
PLS
SWG
MPLS
ZTNA
RBI | SWG
FWaaS | CASB
● First step in cloud
transformation
● Replaces VPN use cases
● Improves security
● Moves SWG/FWaaS to
the edge
● Eliminates backhauling
● Better user experience

3 to 6 Months - Branch
Offices
Step 2

● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
SWG
MPLS
SDWAN
SDWAN
MPLS
SWG
M
PLS
MPLS
SDWAN
SDWAN
SWG
SWG
M
PLS
SWG
MPLS
ZTNA
RBI | SWG
FWaaS | CASB

● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
ZTNA | SWG
FWaaS | CASB
MPLS
SWG
MPLS
SWG
M
PLS
SDWAN
SDWAN

● Leverages same ZT
architecture
● Eliminates need for firewall
and security appliances
onsite
● Improves and streamlines
global security
● Reduces costs
MPLS
SWG
MPLS
SWG
M
PLS
ZTNA
RBI | SWG
FWaaS | CASB

6 to 12 Months - Protect
your corporate network
Step 3

Cloudflare Network
Interconnect
● Move DDoS protection to
the edge
● Improves security
● Reduces need for onsite
appliances for DDoS
● Directly peer DC’s to
Cloudflare
● Improve performance
and reliability
MPLS
SWG
MPLS
SWG
M
PLS
Cloudflare rack
Customer rack
ZTNA
RBI | SWG
FWaaS | CASB

● Move more applications to
Cloud to reduce DC
footprint
● Apply consistent cloud
security policies across all
traffic
Cloudflare Network
Interconnect
MPLS
SWG
MPLS
SWG
M
PLS
Cloudflare rack
Customer rack
CNI
ZTNA
RBI | SWG
FWaaS | CASB

● Move more applications to
Cloud to reduce DC
footprint
● Apply consistent cloud
security policies across all
traffic
SWG
MPLS
SWG
CNI
ZTNA
RBI | SWG
FWaaS | CASB

● Eliminate need for security
appliances in HQ and DC
locations
● Apply consistent cloud
security policies across all
traffic
● Single pane of glass to
view all activity globally
● Reduce cost and
complexity of network
performance and security
SWG
MPLS
SWG
CNI
ZTNA
RBI | SWG
FWaaS | CASB

● Eliminate need for security
appliances in HQ and DC
locations
● Apply consistent cloud
security policies across all
traffic
● Single pane of glass to
view all activity globally
● Reduce cost and
complexity of network
performance and security
MPLS
CNI
CNI
ZTNA
RBI | SWG
FWaaS | CASB

Three major priorities across all business segments
Succeeding with SASE Defining Success

Questions?
Succeeding with SASE

Next Steps:
Succeeding with SASE
1. Read more about Cloudflare One:
cloudflare.com/cloudflare-one/
2. Set up a Cloudflare for Teams account (Zero Trust and Remote
Worker Security): dash.cloudflare.com/sign-up/teams
3. View the Cloudflare SASE Whitepaper:
Cloudflare SASE Whitepaper

Thank you
Succeeding with SASE
Be sure to check out the links in the Handouts
section.
David McClure
dmcclure@cloudflare.com