Secure access service edge, or SASE (pronounced “sassy”), is an emerging cybersecurity concept that Gartner described in the August 2019 report The Future of Network Security in the Cloud.
SASE is the convergence of wide area networking, or WAN, and network security services like CASB, FWaaS and Zero Trust, into a single, cloud-delivered service model.
Existing network approaches and technologies simply no longer provide the levels of security and access control digital organizations need. These organizations demand immediate, uninterrupted access for their users, no matter where they are located.
With an increase in remote users and software-as-a-service (SaaS) applications, data moving from the data center to cloud services, and more traffic going to public cloud services and branch offices than back to the data center, the need for a new approach for network security has risen.
According to Gartner, “SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions. Identities of entities can be associated with people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”
Gartner expects that, “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.”
A SASE architecture identifies users and devices, applies policy-based security, and delivers secure access to the appropriate application or data. This approach allows organizations to apply secure access no matter where their users, applications or devices are located.
SASE is used to deliver converged enterprise network and security services from a globally distributed cloud service. SASE overcomes the cost, complexity and rigidity of loosely integrated and geographically bound point solutions. When combined with a global private backbone, SASE can also address WAN and cloud connectivity challenges.
Point solutions such as SD-WAN, NGFW, SWG, and VPN address specific networking and security requirements. The need to buy, size, scale, and maintain each solution separately, makes IT infrastructure complex and costly. SASE is a transformational alternative to those legacy technological silos. It provides as a globally distributed cloud service that replaces physical and virtual point solution with a cost effective, scalable and agile alternative.
SD-WAN is a key component of the SASE platform that connects branch locations and datacentres to the SASE cloud service. SASE extends SD-WAN to address the full WAN transformation journey that includes security, cloud, and mobility at a global scale.
As a result of the move to the cloud and an increasing mobile workforce, point solutions can only deliver the capabilities the business needs at a growing complexity and costs. SASE’s converged, cloud-native, and globally distributed architecture easily delvers the capabilities the business needs to all users and locations everywhere. SASE therefore overcomes the cost, complexity and high overhead of running numerous legacy point solutions.
SD-WAN is just the first step in the WAN transformation journey. It lacks key security functions, global connectivity capabilities, and support for cloud resources and mobile users. A full SASE platform can support the entire WAN transformation journey, as it enables IT to provide the network and security functions the business needs in an agile and cost-effective way.
ASE is secured end-to-end. All communication across the SASE platform is encrypted. Threat prevention capabilities including decryption, firewalling, URL filtering, anti-malware, and IPS are natively integrated into SASE, and are globally available to all connected edges.
SASE is a cloud service that is identity-driven, cloud-native, globally distributed, and supports all edges. Alternative architectures, such as service chaining appliances, hosting appliances and virtual machines, and telco bundles, are based on point solutions not a converged software stack designed for the cloud.
SASE is important because the convergence of network and security into a cloud-native service allows IT teams to connect and secure all business locations and users in an agile, cost-effective and scalable way.