Understanding Secure Access Service Edge
Secure Access Service Edge, or SASE, is a cloud architecture model that bundles network and security-as-a-service functions. These include advanced SD-WAN and comprehensive cloud-delivered security services like CASBs, SWGs, FWaaS and zero-trust network access (ZTNA).
SASE uses identity, context and ultra-fast networking to provide speed, reliability and security. This helps companies navigate the new perimeter-less world of remote work, rogue devices and IoT.
What Is SASE?
Secure access service edge, or SASE, combines SD-WAN and security functionality into a unified cloud solution. This approach promises simplified WAN deployments and improved security.
The benefits of SASE solutions connect users, devices and networks through a global network of points of presence (PoPs). Traffic goes to PoPs for security inspection before being optimized and delivered to its destination. This way, SASE provides secure remote access for employees, customers and third parties working from home offices or other locations away from corporate headquarters.
SASE’s unified security and networking approach reduces enterprise complexity and eliminates the need for multiple hardware appliances or software clients. Additionally, SASE offers centralized policy management that can be used to control the security of connected branches, work-from-anywhere employees and IoT devices.
However, SASE also introduces the possibility of single-vendor lock-in, meaning that organizations must choose a SASE provider with all the necessary capabilities. Some vendors only offer one component of the SASE architecture. In contrast, others offer best-in-breed tools such as firewall as a service (FWaaS), secure web gateway (SWG) and zero trust network access (ZTNA).
The combination of networking and security features in SASE solutions can create challenges for enterprise IT teams. Ideally, these functions should be coordinated by both network and security technicians. Without collaboration, there is a risk of conflict between network and security functions that can lead to misconfigurations that put the entire organization at risk.
Why Is SASE Important?
Today’s distributed workforce requires direct, uninterrupted access to cloud applications and SaaS services. Legacy network approaches and technologies must be equipped to handle these requirements. They need the performance, agility and security controls necessary for digital business transformation. SASE transforms WAN and security architectures by providing direct, secure access to cloud applications from branch locations and remote users.
SASE enables advanced network capabilities such as SD-WAN, FWaaS, ZTNA and CASB to be combined and delivered as a single service to simplify management, reduce complexity and lower costs. This convergence of networking and security is a critical step to support the user-centric demands of digital enterprises.
By delivering an identity-driven approach to network security, SASE can identify the context of users, devices and networks. This allows consistent policy enforcement that identifies malicious traffic and delivers contextual access control. SASE can also help to scale remote access infrastructure capacity, reduce the latency of a growing hybrid workforce and support initiatives such as 5G and IoT.
In addition, SASE can be deployed as a managed service to reduce operational overhead. This allows security and network teams to focus more on strategic projects such as mapping business, regulatory and application access requirements to SASE capabilities. It also enables rapid deployment of new stuff without costly hardware and software installations or the complexities of multiple management consoles.
How Is SASE Different From SD-WAN?
Unlike SD-WAN, which adds capabilities to the network, SASE integrates networking and security functions into a single solution. It is a cloud-delivered framework that consolidates best-in-breed tools into an all-in-one service and simplifies management and configuration.
In addition to lowering costs, SASE improves agility and performance for business transformation, making work from anywhere possible for employees. Legacy hub-and-spoke architectures cannot provide the bandwidth needed for distributed workforces and the proliferation of cloud services and applications. SASE delivers the flexibility and scalability necessary to support these needs while maintaining enterprise-level security across the global network.
Gartner defines SASE as a security framework that delivers converged network and security as a service capability, including SD-WAN, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Next Generation Firewall (NGFW). It enables zero trust access networks (ZTNA) by applying security policies based on identity combined with real-time context and security and compliance rules.
A global SASE network is a fabric of Points of Presence (PoPs) that deliver low latency wherever employees, offices, devices and applications are located. Traffic is routed locally within the PoPs, so it doesn’t have to traverse the public Internet or a VPN. This reduces latency, saves bandwidth costs and protects against security threats, including DDoS attacks and malware. It also allows organizations to impose granular policies for remote and mobile users while eliminating the need to reroute traffic through the corporate data center.
What Are The Benefits Of SASE?
SASE solutions provide a better way to meet distributed enterprises’ networking and security needs. By consolidating security services at the network edge via a global network of points of presence (PoPs), SASE delivers performance, WAN optimization and cloud-delivered zero trust network access (ZTNA) that supports remote work, branch offices and IoT networks.
The centralized security policy control offered by SASE simplifies networking management, reduces operational overhead and allows IT staff to focus on strategic projects. By combining SWG, DLP and CASB in a unified architecture, SASE also enables greater threat protection across all users and devices, including those connecting over public Wi-Fi.
Unlike traditional security models, SASE uses a user-centric approach that provides contextual security and access. Identity-driven policies enable this operating context from user devices, applications and locations rather than a secure perimeter or other traditional infrastructure components.
SASE also helps to reduce costs and complexity by removing the need for costly MPLS lines or other legacy networking infrastructure. By shifting security and networking capabilities to the edge, SASE enables enterprises to avoid overpaying for private connectivity to data centers. The SASE model also allows organizations to scale remote access infrastructure capacity, deliver lower latency for a mobile workforce and better enable IoT and 5G technology. Moreover, SASE can help to reduce the risk of data leaks, man-in-the-middle attacks and spoofing by tunneling traffic through the closest PoP.