What is SASE?
Secure Access Service Edge or SASE (pronounced “sassy”) is an architecture that combines comprehensive WAN capabilities including SD-WAN, routing, and WAN optimization with cloud-delivered security services such as SWG, CASB, and ZTNA.
As users connect from anywhere and access sensitive data in the cloud, SASE brings a more secure and flexible way to connect by not backhauling application traffic to a data center. Instead, SASE intelligently steers the traffic to the cloud and performs advanced security inspection directly in the cloud.
SASE addresses the need for improved application performance and increased network security as the number of remote users increases and as enterprises continue to migrate applications to the cloud.
How does SASE work?
SASE is the combination of an advanced SD-WAN edge deployed at the branch and comprehensive cloud-delivered security services.
Traditionally, all application traffic from branch locations traversed over private MPLS services to the corporate data center for security inspection and verification. This architecture was appropriate when applications were hosted exclusively in the corporate data center. Now that applications and services have migrated to the cloud, the traditional network architecture falls short. Because internet-destined traffic must first traverse through the data center and corporate firewall before reaching its destination, application performance and user experience suffers.
With the increase in remote workers connecting directly to cloud applications, traditional perimeter-based security is insufficient. By transforming WAN and security architectures with SASE, enterprises can ensure direct, secure access to applications and services across multi-cloud environments, regardless of location or the devices used to access them.
Components of SASE
The main components of SASE are advanced SD-WAN and comprehensive cloud-delivered security (Security Service Edge or SSE).
There are key advanced SD-WAN capabilities to fully enable SASE:
- Tight integration with multiple cloud-delivered security services to avoid vendor lock-in
- First-packet application identification to enable granular steering of traffic
- SaaS acceleration and WAN optimization
- Best path selection based on business needs and quality of service (QoS)
- Tunnel bonding to combine multiple links and support automated failover
- Zero-touch provisioning to automatically deploy remote sites and seamlessly implement change
There are key SSE capabilities to fully enable SASE:
- ZTNA or Zero-Trust Network Access: assumes that no user can be trusted by default and supports least privileged access. It provides secure access to remote users.
- CASB or Cloud Access Security Broker: protects sensitive data in cloud applications by enforcing security policies
- SWG or Secure Web Gateway: protects organizations from web-based threats using several techniques such as URL filtering and malicious code detection.
- FWaaS or Firewall as a Service provides firewall functionality in the cloud to analyze the traffic from multiple sources.
- Other security services such as Data Loss Prevention (DLP), Remote Browser Isolation (RBI) and sandboxing.
Why should I consider SASE?
- SASE secures work-from-anywhere
As employees connect from anywhere and from any device, advanced SD-WAN capabilities integrated with cloud-delivered security services ensure consistent policy enforcement and access control for users, devices, applications, and IoT. They ensure that no user can be trusted by default and support least privileged access through Zero-Trust capabilities.
- SASE helps cloud-first organizations modernize their network
Cloud-first organizations must transform both their WAN and security architectures, not just one or the other, to realize the full promise of the cloud and digital transformation. An organization can start with modernizing its WAN or its security, but to realize the true value of cloud investments, both must ultimately be addressed.
- SASE augmented with an advanced SD-WAN provides the highest IoT security
SASE, the convergence of SD-WAN and cloud-delivered security capabilities enables organizations to build a secure network architecture. However, IoT devices usually include basic security features and don’t include a ZTNA agent. Advanced SD-WAN solutions can go beyond what is defined by SASE by integrating next-generation firewall capabilities. They can implement zero trust network segmentation, based on identity and access control, ensuring that users and IoT devices can only reach network destinations consistent with their role in the business.
Single vendor SASE or best-of-breed SASE?
Networking and security, while heavily interrelated, are two different and very complex domains of expertise. Security evolves rapidly to ensure protection against ever changing cybersecurity risks while wide area networking is about providing fast, robust, and flexible connections. The real power of a SASE architecture is realized when combining advanced WAN edge functions with comprehensive SSE, security services delivered in the cloud.
Enterprises should have the flexibility to choose between a single vendor unified SASE solution that combines the advanced SD-WAN and SSE (ZTNA, SWG, CASB) capabilities into a unified single stack solution that can be rapidly deployed or a multi-vendor solution consisting of an advanced SD-WAN solution that tightly integrates with multiple cloud-security vendors. The choice to select a single vendor or best-of-breed vendor solution that unify SD-WAN and cloud-delivered security can vary depending on existing security and WAN requirements. A tight integration of SSE and SD-WAN in both cases, simplifies management and creates a seamless solution that is as easy to manage as a single or multi-vendor solution but doesn’t compromise on either networking functions or security services. With the freedom of choice, enterprises build a security architecture consistent with their needs, enabling them to accelerate their journey to SASE.
Benefits of SASE
SASE isn’t just the latest buzzword. There are important business benefits enterprises realize from a SASE architecture.
- Enhanced security
At a time when organizations embrace a cloud-first model, SASE provides consistent security policy enforcement across the network and brings security inspection in the cloud. It secures remote access and protects enterprise data from malicious threats.
- Improved business productivity and customer satisfaction
By implementing a SASE architecture, organizations can streamline their network infrastructure based on advanced SD-WAN capabilities. SD-WAN removes the complexity and the rigidity of traditional router-based networks. It adds the flexibility required by digital transformation and significantly improves application performance and reliability.
- Increased IT efficiency and lower overall WAN and security costs
By adopting a best-of-breed SASE approach, organizations can improve efficiency and reduce risks. Coupled with an advanced SD-WAN solution, that provides a tight integration with leading security vendors, organizations can choose the best security functions, consolidate others, without compromising security and performance.