This blog provides an in-depth overview of our recently introduced Palo Alto Networks Prisma SASE for MSPs, a scalable multi-tenant cloud management portal solution for managed service providers (MSPs) to fast track enterprise digital transformation with managed SASE services.
This blog was written by Yogesh Ranade, Sr. Director of Product Management and Ron Ronco, Sr. Manager, Product Management, Palo Alto Networks
Key Drivers for Managed SASE
In today’s rapidly changing hybrid workforce, comprehensive converged security and networking is top-of-mind for every organization. Unfortunately, these offerings are highly fragmented and offered by many different vendors. They have nuanced, subtle, or incredibly stark differences to further add complexity. While maintaining budget and “lean-IT”, navigating through these complexities makes these a nightmare for Enterprise IT administrators.
This is where an MSP comes in and provides value. With their vast experience of offering diverse services coupled with deep consulting expertise, MSPs can help tackle the majority of these complexities and help enterprises in their journey towards digital transformation while catering to the needs of their fast-evolving hybrid workforce.
How Enterprises Consume A Managed SASE from MSPs
MSPs are rapidly evolving to adapt to this new environment and augmenting their portfolios with a simple consumable Managed SASE offer that includes the latest and the most advanced threat protection and cyber security.
Most MSPs today leverage Cloud SaaS models as their primary way to deliver managed services. MSPs offer a tiered catalog of services based on the end customer type. For large enterprises, MSPs provide a rich catalog with flexibility in feature choices, whereas for mid-market or SME they offer a bundled package for ease of use. MSPs offer their customers a self-service portal for service management, visibility, troubleshooting, and ticketing. MSPs typically have two models for their enterprise customers or tenants. Note: Tenants usually represent a company, organization, or any other group of users to segregate and control the delivery & visibility of SASE services based on different sets of permissions.
Fully MSP Managed: In this model, the MSP is responsible for all aspects of the tenant’s service lifecycle including security policy configuration and operations. Typically, MSPs provide visibility into the security threats that were prevented, insights into network usage via a comprehensive set of reports generated on a monthly or quarterly basis. This model is generally well suited for mid-market, small businesses as this involves minimal IT overhead on the enterprise.
Co-managed: In this model, the MSP provides managed network and security services and provides enterprise customers with access to their managed tenant for management and operations. MSP can provide delegated access to co-manage the policies and their specific services. This model is prevalent in the large enterprise segment where the enterprise organization wants to have some level of control and visibility of their SASE services while leveraging the MSPs SASE platform to deliver them seamlessly.
MSPs provide comprehensive support and ongoing maintenance via their network and security operations centers (NOC/SOC) in both models. MSPs offer their customers a tiered set of service level agreements (SLAs) spanning delivery, operation & management, and continuous security assessment & threat management.
Prisma SASE for MSPs
Prisma SASE is the industry’s most complete SASE solution based on three foundational pillars: Security as a Service, Networking as a Service and User Experience.
Prisma Access delivers the industry’s most complete cloud-delivered security platform, consolidating security capabilities like, zero trust network access (ZTNA), cloud secure web gateway (SWG), next-generation cloud access security broker (CASB) and more. Built upon a massively scalable network with ultra-low latency and backed by industry-leading SLAs, Prisma Access ensures a great digital experience for end-users.
Prisma SD-WAN is the industry’s first Next-Generation SD-WAN solution that makes the secure cloud-delivered branch possible, delivering an ROI of up to 243%. Prisma SD-WAN leverages machine learning and artificial intelligence for IT operations (AIOps) to simplify network and security management, enable policies defined by applications to improve end-user experience and make the secure, cloud-delivered branch possible.
Additionally, Prisma SASE includes capabilities explicitly created for MSPs and large distributed enterprises.
Multi-tenant Cloud Management that includes hierarchical multi-tenancy to manage a large number of customers across different market segments powered by a highly scalable infrastructure, to scale up and scale down on a per customer basis for high performance operations with reduced cost of operation
Flexible Service Creation and Management with intuitive licensing and activation flexibility to support fully managed and co-managed deployment models
Open APIs for seamless integration and automation
Let’s take a deeper look at each of these capabilities.
Multi-tenant Cloud Management
Cloud scale hierarchical multi-tenant management portal provides MSPs with a unified and converged “single pane of glass” for MSP administrators. A sophisticated dashboard provides aggregated views of threats, applications, network connections, licenses, alarms, and more across all managed customers. In addition, two additional dashboards include specifics to “Security as a service” and “SD-WAN as a service” to represent the “security-admin” and “network-admin” persona, respectively. A “net-sec-admin” persona gets comprehensive access to both the Security and SD-WAN dashboards. The benefit to the MSP is the ability to perform granular trend analysis and create unique per tenant security policies to address security vulnerabilities in their customer environments.
The security dashboard provides comprehensive visibility, proactive monitoring, alerting, and problem isolation by aggregating rich telemetry of security and connectivity incidents allowing admins to monitor and act upon the threat landscape across all their managed customers.
The SD-WAN dashboard provides unparalleled, actionable insights into the health and performance of WAN links and applications to help with network planning, problem resolution, and analytics. With instant visibility into application performance, they can better understand their customer’s network health and usage to determine more effective policy decisions.
Flexible Service Management
Prisma SASE includes integrated license management that provides per tenant license management, aggregated visibility of licenses, license pools & consumption across all their tenants. Per tenant security services, policies, and granular application controls can be rapidly and easily configured across all managed customers.
A Security Service Lifecycle Management provides intuitive workflows to configure consistent security policy postures, threat prevention, and protection mechanisms across all managed tenants.
A Multi-Tenant Device Management supports different lifecycle stages of Prisma SD-WAN devices by allowing admins to allocate the devices to managed tenant(s) based on their roles and permissions.
Integrated Tenant and Identity and Access Management provide CRUD (Create, Read, Update, Delete) capabilities to manage tenants with sophisticated role based access control (RBAC) for delegated access.
Comprehensive Operational Lifecycle Management includes monitoring and reporting which helps networking and security teams simplify troubleshooting and accelerate incident response.
The entire solution is built on an API first architecture that enables seamless and frictionless integration of existing Operations Support Systems (OSS), Business Support Systems (BSS), Network Management Systems (NMS), including Customer Relationship Management (CRM) and billing systems. Comprehensive API lifecycle management includes version control for backward compatibility and integrated RBAC with multi-tenant support. The API framework is built on the latest RESTful JSON standards with built-in support for Authentication and OAuth2 based Authorization. The APIs support rate limiting, caching, and filtering with global support provide the best API performance with built-in load balancing and transparent routing to backend services, making it extremely easy to consume, program, and automate workflows.
Prisma SASE Delivers Business Outcomes
With Prisma SASE, MSPs can deliver comprehensive SASE solutions with rapid time to market while driving significant business outcomes.
MSPs can now:
Manage a large number of customers in an intuitive, highly scalable cloud delivered platform to fast-track enterprise digital transformation with comprehensive state-of-the-art security for the hybrid workforce
Accelerate top-line revenue growth with new differentiated security and connectivity services
Decrease COGS and improve bottom-line margins with comprehensive visibility and AI/ML driven operational excellence