This SASE (Secure Access Service Edge) Consultancy Work Package is designed to guide an organization from a fragmented legacy perimeter model to a converged, cloud-native security and networking architecture.
The objective is to consolidate networking (SD-WAN) and security (ZTNA, SWG, CASB, FWaaS) into a unified, identity-centric framework. This engagement focuses on reducing complexity, improving the remote user experience, and enforcing consistent security policies regardless of user location.
Goal: Map the current state and identify technical/operational gaps.
Infrastructure Audit: Inventory of existing MPLS circuits, VPN concentrators, and branch firewall appliances.
Identity Mapping: Review of Identity Provider (IdP) maturity (e.g., Azure AD/Entra ID, Okta) and MFA enforcement.
Traffic Pattern Analysis: Identification of "Heavy SaaS" users and latency bottlenecks caused by backhauling traffic to data centers.
Deliverables:
Current State Network & Security Map.
SASE Readiness Report (Gap Analysis)
Goal: Define the target architecture and select the right technology partner.
Use Case Prioritization: Define "Quick Wins" (e.g., replacing a legacy VPN with ZTNA for third-party contractors).
Architectural Design: Determine between a Single-Vendor approach (for ease of management) or a Dual-Vendor/Best-of-Breed approach (for specialized requirements).
Policy Logic Design: Framework for global security policies (Web Filtering, Data Loss Prevention, and Cloud Access).
Deliverables:
Target Operating Model (TOM).
Vendor Evaluation Scorecard & Selection Recommendation.
Goal: Technical blueprints for the SASE "Fabric."
Traffic Steering Strategy: Designing how traffic is routed via the SASE Points of Presence (PoPs) using GRE/IPsec tunnels or client agents.
Zero Trust Micro-segmentation: Defining application-level access rules rather than network-level access.
Security Service Edge (SSE) Configuration:
SWG: URL filtering and SSL inspection.
CASB: Shadow IT discovery and SaaS API integrations.
FWaaS: Layer 7 firewalling for branch offices.
Deliverables:
High-Level Design (HLD) & Detailed Design Document (DDD).
Goal: Controlled rollout and validation.
Proof of Concept (PoC): Deploying the SASE agent to a select group of "Power Users" and one branch office.
Migration Execution: Phased decommissioning of legacy VPNs and local breakout configuration for SD-WAN.
Integration: Linking SASE logs to existing SIEM/SOAR platforms for unified visibility.
Deliverables:
Pilot Validation Report.
Production Migration Schedule.
Goal: Ensuring long-term operational success.
Performance Tuning: Adjusting App-Aware routing to prioritize critical tools (e.g., VoIP/Teams).
Operational Training: Workshops for the SOC and NetOps teams on managing the unified dashboard.
Final Security Audit: Ensuring all "Leaked" or "Shadow" traffic is now captured by the SASE fabric.
Deliverables:
As-Built Documentation.
Operational Playbooks.
For more information on the Work Packages you can contact us in any of the following ways quoting the Work Package ID
Schedule an Appointment or for more information
Contact us on info@techstrategygroup.org
Complete our Enquiry form