Secure Access Service Edge (SASE)
What is SASE?
SASE or Secure Access Service Edge is an architecture that combines necessary branch WAN edge functions including SD-WAN, routing, segmentation, zone-based firewall and WAN optimization with comprehensive cloud-delivered security services, delivered and managed in the cloud.
SASE addresses the need for improved application performance and increased network security as the number of remote users increases and as enterprises continue to migrate applications to the cloud.
How does SASE work?
SASE is the combination of an advanced SD-WAN edge deployed at the branch and comprehensive cloud-delivered security services.
Traditionally, all application traffic from branch locations traversed over private MPLS services to the corporate data center for security inspection and verification. This architecture was appropriate when applications were hosted exclusively in the corporate data center. Now that applications and services have migrated to the cloud, the traditional network architecture falls short. Because internet-destined traffic must first traverse through the data center and corporate firewall before reaching its destination, application performance and user experience suffers.
With the increase in remote workers connecting directly to cloud applications, traditional perimeter-based security is insufficient. By transforming WAN and security architectures with SASE, enterprises can ensure direct, secure access to applications and services across multi-cloud environments, regardless of location or the devices used to access them.
Digital transformation requires both WAN and security transformation. SASE is the convergence of SD-WAN edge and cloud-delivered security capabilities. Advanced SD-WAN capabilities integrated with modern cloud-delivered security services ensures consistent policy enforcement and access control for users, devices, applications, and IoT.
Cloud-first enterprises must transform both their WAN and security architectures, not just one or the other, to realize the full promise of the cloud and digital transformation. An enterprise can start with modernizing its WAN or its security, but to realize the true value of cloud investments, both must ultimately be addressed.
Components of SASE
The main components of SASE are advanced SD-WAN and comprehensive cloud-delivered security.
There are seven key advanced SD-WAN capabilities to fully enable SASE:
- First-packet application identification to enable granular steering
- Automated, daily cloud-application definition and address table updates
- Automated orchestration with cloud-delivered security services
- Automatic failover to secondary cloud security enforcement point if primary is unreachable
- Automatic reconfiguration if a closer enforcement point becomes available
- Enable enterprises to implement a SASE architecture at their own pace
- Avoid vendor lock-in to provide freedom of choice to adopt new security innovations
Benefits of SASE
SASE isn’t just the latest buzzword. There are a number of important business benefits enterprises realize from a SASE architecture.
- Improved business productivity and customer satisfaction
- Enhanced, consistent security policy enforcement across the enterprise
- Reduced risk and brand image protection
- Increased IT efficiency and lower overall WAN and security costs
- Automated deployment and management of WAN and security solutions
- Improved application performance and reliability
- Ability to evaluate and integrate new security technologies as they emerge