What's SASE?

• SASE stands for secure access service edge, a cloud-based model for IT environments that converges networking and security functions to simplify network management and provide security capabilities for users in any location.
• Designed for highly distributed environments and hybrid workforces, SASE ensures fast, secure remote access for users while enabling IT teams to manage and secure networks more easily.
   

What’s SASE?

Secure access service edge, or SASE, is a cloud-based model that combines networking and security functions and provides security capabilities for users in any location. Designed for organizations with highly distributed environments and hybrid workforces, SASE ensures fast, secure remote access for users while simplifying network and security management for IT teams. Rather than installing security hardware in every location or centrally inspecting traffic to improve cybersecurity, SASE strengthens security by using real-time context to authenticate users wherever they are. As a result, organizations can provide security-as-a-service anywhere that users and devices are connecting to the network.
 

What’s SASE designed to do?

SASE is designed to improve performance and ensure security for modern IT networks and workforces. Enterprise hybrid cloud environments mean that an organization’s IT assets may reside anywhere in world, and hybrid workforces have users who need secure remote access to the network and cloud services from any location. The traditional security approach of backhauling traffic through a central data center results in too much latency and cost while leaving significant security gaps. SASE solves this challenge by focusing on authenticating identities rather than simply inspecting traffic. With cloud-based security functions available wherever users or devices are located, organizations no longer need to route traffic through central hubs. As a result, organizations get faster connections and stronger security while minimizing management burden for IT teams.

What are the principles of SASE?

SASE is a framework rather than an architectural design, and each organization may implement it in different ways. However, there are several characteristics that are key to SASE deployments.

• Converged network and security services. To improve performance and security while simplifying management, SASE-based IT environments combine networking and security functions that formerly were handled separately.
• Authenticating identities. SASE improves security in highly distributed networks by focusing on authenticating users and devices rather than simply inspecting traffic.
• Centralized control. Administrators can manage security policies for users, applications, devices and cloud data security within a single, unified framework.
• Edge-based security. To allow users to connect from anywhere while reducing latency connections, SASE environments position security functions at the network’s edge, closer to the users, devices and applications that need them.
• Cloud-native networks. SASE networks are elastic and self-healing, quickly rerouting traffic around disruptions to maintain local connectivity and ensure access to DNS and other essential services.
   

What are the components of SASE architecture?

Core SASE technologies typically include some combination of software-defined wide area networking (SD-WAN) and several security solutions that together are known as the security service edge (SSE).

• Software-defined wide area networking (SD-WAN) virtualizes the management of network connections to route traffic more intelligently and cost-efficiently across a wide area network.
• Secure web gateways (SWGs) filter internet traffic and enforce acceptable use policies to protect against malware, infections and security threats.
• Cloud access security brokers (CASBs) enforce security policies for users connecting to cloud-based resources.
• Firewall-as-a-service (FWaaS) provides firewall protection over the internet, rather than requiring organizations to install physical firewall appliances.
• Zero Trust Network Access (ZTNA) technology adopts a Zero Trust approach when authenticating users for remote access, requiring every user and device to be continuously verified.
   

What’s SASE’s greatest benefit?

SASE improves security and network performance in modern IT environments. Additionally, SASE enables:

• Better user experiences. SASE provides a better user experience by enabling direct connection to cloud resources and by moving security functions closer to users and devices.
• Integrated security. SASE integrates comprehensive technologies to protect against a wide range of internal and external cyber threats.
• Reduced costs. SASE lets organizations avoid a patchwork of expensive point solutions that are hard to manage, maintain and upgrade.
• Improved flexibility. SASE environments can scale quickly to respond to temporary spikes in demand or rapid growth.
• Integrated Zero Trust. SASE accelerates adoption of a Zero Trust framework.
• Easier management. SASE lets administrators manage security and set policies from one location.
   

What’s SASE’s biggest challenge?

Integrating systems and technologies is a major challenge when adopting a SASE framework. To avoid security gaps and to minimize management efforts, network and security solutions must be able to share information and be managed from a single interface. That’s why, when designing SASE environments, many companies avoid adopting a collection of point products in favor of comprehensive solutions that provide all the technologies required and that can manage enterprise network integration.
 

What’s SASE vs. SSE?

Gartner coined the term “security service edge” or SSE to refer to the network security services that are part of a SASE environment, including ZTNA, SWG, CASB and FWaaS. Collectively, these technologies allow organizations to deliver cloud-based security functions wherever users and devices need them.
 

What’s SASE vs. SD-WAN?

Software-defined wide-area network (SD-WAN) is a core element of SASE. SD-WAN benefits organizations by providing an easier, safer, and less expensive way to connect multiple locations in a wide area network. SD-WAN uses a variety of low-cost connections to reduce costs and provide efficient routing while making the network simpler to manage.
 

What’s SASE vs. Zero Trust?

Zero Trust and SASE are both frameworks designed to improve security and simplify management of modern IT environments. Rather than extending blanket permissions to users or devices already inside the network, organizations adopting a Zero Trust approach require all users and devices to be constantly authenticated before receiving access to IT resources within a network. Zero Trust prevents attackers who have successfully accessed one part of the network from moving laterally to other areas. While it incorporates Zero Trust, SASE is a broader framework for architecting and securing IT networks.