What is SASE?

What is SASE? Secure Access Service Edge (SASE) is a network architecture that brings network security closer to the computing edge location via a cloud service model. The SASE model enables flexible, robust security through a single-point offering without the drawbacks of having to reroute traffic through a central mechanism.

Essentially, SASE combines network-as-a-service and network-security-as-a-service. The term “SASE” was coined by the global research and advisory firm Gartner. Gartner noted that network security architecture had to evolve to keep pace with the heightening level of cloud reliance and increase in off-premise applications and workforce. Thus, SASE was devised to combine SD-WAN with a range of security functions to serve the modern, cloud-empowered business.

The core attributes of a SASE offering:

• Identity driven nature
• Cloud-native processing
• Support for all edges
• Globally distributed PoPs (Points of Presence)

The Need For SASE

Traditionally, corporate applications and data were hosted within the enterprise premises. This centralized, hardware-focused landscape led to the rise of hub-and-spoke network architecture. In the traditional model, traffic is routed to a central hub via a VPN or a secure line. Then at which point, security controls are implemented and users can access data and applications.  

But, cloud-based computing, SaaS reliance and remote working have resulted in applications and users no longer residing within the enterprise premises. As the modern landscape evolved to be increasingly-cloud based and distributed, the traditional model could no longer keep up. The hub-and-spoke model presented two main drawbacks in this regard: latency issues and increased complexity.

Whenever a large part of the enterprise workforce accessed the central hub via a VPN, latency issues arose. This latency posed a severe hindrance to remote working, affecting both employee workflow and business operations. And, due to cloud-based applications and data, the enterprise premises were no longer the only point requiring network security controls. This was the second drawback - more complex and layered network security. With shifting computing edges and off-premise hosting increasingly prevalent in the enterprise space, a more flexible and scalable network security architecture was the need of the hour.

SASE components:

As mentioned previously, SASE offerings combine SD-WAN with a range of security controls. At a conceptual level, the components of SASE are split into three main parts - the core security components, recommended components and optional components.

Core

• Secure Web Gateways (SWG)
• Firewall-as-a-Service (FWaaS)
• Cloud Access Security Broker (CASB)
• Zero Trust Network Access (ZTNA)

Recommended

• Sandboxing
• Browser isolation
• Web Application Firewall (WAF)
• Network Access Control (NAC)
• Next-Generation Antivirus (NGAV) and Endpoint detection and response (EDR)

Optional

• Wireless local area network (WLAN) security
• Virtual Private Network (VPN)

The numerous benefits of SASE:

Cost reduction

By combining multiple point solutions and vendor offerings into a single platform, implementing and running SASE presents incredible cost savings for organizations. As opposed to regular maintenance of various siloed components and their infrastructure, a SASE platform will be less expensive to maintain as well.

Efficiency and simplicity

Many aspects of enterprise network security can be made more efficient and simpler with SASE. The one-platform approach reduces the overall workload of the IT staff and frees them up to focus more on other areas. All operations from control to maintenance to scaling are simplified manifold compared to the traditional model of running multiple point solutions. And, in place of numerous security policies and complicated frameworks, the use of a single platform enables a streamlined approach.

Robust adaptability and agility

‍Due to being cloud-based, SASE architecture is incredibly flexible. It provides robust security while enabling anywhere, anytime access to data and applications. As enterprise workloads and users’ are getting increasingly cloud-reliant, SASE offerings have a clear edge when it comes to data flow and network performance as well. Latency and scaling issues that arise from traditional models are no longer bottleneck factors that limit efficiency.

All in all, SASE represents a milestone step in the evolution of network security architecture. The one-point, one-vendor nature of SASE platforms presents incredible ease of implementation and use for enterprises. Furthermore, the utility of SASE is also cemented further by the rise and proliferation of cloud-based computing and remote working. SASE can effectively cater to the modern enterprise space. It can seamlessly combine network and security while lowering overall cost and complexity. With these numerous advantages, SASE will assuredly transform the future of digital business and boost organizational capabilities across the board.