Global SASE Scoping Document

This scoping document outlines the requirements for deploying FlexWorx Global SASE (Secure Access Service Edge) — a cloud-native security framework that converges networking and security into a unified, identity-driven architecture. The solution integrates ZTNA, SWG, CASB, FWaaS, and SD-WAN into a single platform managed through CentralIntel.

• Existing firewall and VPN infrastructure inventory
• Current remote access solution and user count
• Web filtering and proxy configurations
• Cloud application usage (SaaS inventory and shadow IT)
• DLP policies and data classification framework
• Identity provider (IdP) and MFA configuration
• Current threat detection and incident response capabilities
• Compliance frameworks in scope (PCI, HIPAA, SOC 2, CMMC)

• Zero Trust Network Access (ZTNA) user and device policies
• Secure Web Gateway (SWG) URL filtering categories
• Cloud Access Security Broker (CASB) application controls
• Firewall-as-a-Service (FWaaS) rule migration plan
• DNS security and threat intelligence feed integration
• Data Loss Prevention (DLP) policy definitions
• Remote browser isolation requirements
• IoT/OT device segmentation and security policies

• SASE PoP selection based on user/site geography
• Identity-aware access policy framework
• Application-specific micro-segmentation rules
• Encrypted tunnel configuration (IPsec/GRE/WireGuard)
• Split-tunnel vs. full-tunnel traffic routing decisions
• Integration with existing SIEM and SOC workflows
• Certificate management and PKI integration
• API integration with CentralIntel for unified visibility

• Phase 1: Security Assessment & Policy Design (Weeks 1-3)
• Phase 2: SASE Platform Configuration (Weeks 3-5)
• Phase 3: Pilot Group Deployment (Weeks 5-7)
• Phase 4: Phased Production Rollout (Weeks 7-12)
• Phase 5: Legacy VPN Decommission (Weeks 12-14)
• Phase 6: Optimization & Threat Tuning (Weeks 14-16)

• SASE architecture design document
• Zero-trust policy matrix
• Application access control list (ACL) documentation
• User migration plan and communication templates
• CentralIntel security dashboard configuration
• Incident response playbook integration
• Compliance mapping documentation

FlexWorx SASE is priced per-user/per-month with tiered pricing based on feature set (Essential, Advanced, Premium). Volume discounts available for 500+ users. Includes all cloud infrastructure, threat intelligence feeds, and 24/7 SOC monitoring.