This blog provides an overview of our recently introduced Palo Alto Networks Prisma SASE for MSPs. Prisma SASE is a scalable multi-tenant cloud management portal solution for managed service providers (MSPs) to fast track their enterprise digital transformation with managed SASE services. It is part 1 of a multi-part blog series that will explore enterprise network transformation with a Managed SASE.
Critical Drivers for Managed SASE
In today’s rapidly changing hybrid workforce, comprehensive converged security and networking are top-of-mind for every organization. Unfortunately, available offerings come from different vendors and are highly fragmented. They have nuanced, subtle, or incredibly stark differences to add further complexity. These challenges make it very hard for enterprises to maintain budget and “lean-IT”.
This is where an MSP comes in and provides value. With their vast experience in offering various services, coupled with deep consulting expertise, MSPs can help tackle most of these complexities.
MSPs leverage cloud SaaS models as their primary way to deliver managed services and offer a tiered catalog of services based on the end customer (or tenant) type. They typically have two models for their enterprise customers:
- “Fully Managed” is well suited for mid-market, small businesses as this involves minimal IT overhead on the enterprise. The MSP is responsible for all aspects of the tenant’s service lifecycle, including security policy configuration and operations.
- “Co-Managed” is prevalent in the large enterprise segment. The MSP provides delegated access to the customer to co-manage the policies and their specific services.
Typically, MSPs offer their customers a tiered set of service level agreements (SLAs) spanning delivery, operation & management, and continuous security assessment & threat management.
SASE architecture provides new options for MSPs to enhance their managed services with more comprehensive, integrated networking and security services to meet various customer needs. Consequently, MSPs are rapidly evolving to adapt to the unique needs of today’s organizations and augmenting their portfolios with a simple consumable Managed SASE offer that includes the latest and the most advanced threat protection and cybersecurity.
Taking Managed SASE To The Next Level: Prisma SASE for MSPs
Prisma SASE is the industry’s only complete SASE solution based on three foundational pillars: security, networking, and user experience. By enhancing the products with capabilities explicitly created for MSPs and large distributed enterprises, Palo Alto Networks enables MSPs to deliver the best experience to their customers.
- Multi-tenant Cloud Management that includes hierarchical multi-tenancy provides MSPs with a unified and converged “single pane of glass” for MSP administrators to manage many customers across different market segments with reduced cost of operation. A sophisticated dashboard provides aggregated views of threats, applications, network connections, licenses, alarms, and more across all managed customers. The “security” and “SD-WAN” dashboards provide actionable insights, aggregating rich telemetry of security and connectivity incidents to help monitor and act upon threats. The benefit to the MSP is the ability to perform granular trend analysis and create unique per customer (or tenant) security policies to address security vulnerabilities in their customer environments.
- Flexible Service Creation and Management includes intuitive licensing and activation flexibility to support fully managed and co-managed deployment models. Prisma SASE integrated license management provides per tenant license management and aggregated visibility of all licenses, license pools and consumption across all their tenants. Per tenant security services, policies and granular application controls are rapidly and easily configured across all managed customers.
- A Security Service Lifecycle Management provides intuitive workflows to configure consistent security policy postures, threat prevention, and protection mechanisms across all managed tenants.
- A Multi-Tenant Device Management supports different lifecycle stages of Prisma SD-WAN devices by allowing admins to allocate the devices to the managed tenant(s) based on their roles and permissions.
- Integrated Tenant and Identity and Access Management provide CRUD (Create, Read, Update, Delete) capabilities to manage tenants with sophisticated role-based access control (RBAC) for delegated access.
- Comprehensive Operational Lifecycle Management includes monitoring and reporting, which helps networking and security teams simplify troubleshooting and accelerate incident response.
- Open APIs provide seamless integration and automation. The entire solution is built on an API first architecture that enables seamless and frictionless integration of existing Operations Support Systems (OSS), Business Support Systems (BSS), Network Management Systems (NMS), including Customer Relationship Management (CRM), and billing systems. The comprehensive API lifecycle management includes version control for backward compatibility and integrated RBAC with multi-tenant support. The API framework is built on the latest RESTful JSON standards with built-in support for Authentication and OAuth2 based Authorization.
Empowering MSPs to Deliver on the SASE Promise
With Prisma SASE, MSPs can deliver comprehensive SASE solutions with rapid time to market while driving significant business outcomes.
MSPs can benefit from:
- Managing a large number of customers in an intuitive, highly scalable cloud-delivered platform to fast-track enterprise digital transformation with comprehensive state-of-the-art security for the hybrid workforce
- Accelerating top-line revenue growth with new differentiated security and connectivity services
- Decreasing COGS and improving bottom-line margins with comprehensive visibility and AI/ML driven operational excellence