SASE

SASE is a WAN model that stands for Secure Access Service Edge, and the acronym was first coined by Gartner in 2019. It involves the mix of software-defined edge networking, user-focused authentication and access control, and seamless integration across the cloud. This is achieved by pointing policy and security to the user’s sessions instead of routing them through several point products. The collection of edge capabilities is delivered from the cloud as a service when needed.

SASE is the convergence of wide area networking and network security services into a single, cloud-delivered service model. This is in part to simplify network approaches and technologies unable to provide the levels of security and access control required by organizations. And the technology can address an increase in remote users and software-as-a-service applications that can increase security risks and place strains on existing networks and network administration controls.

According to a Gartner report, implementing a SASE architecture provides enterprises with the following:

• Agility—Enable novel digital business scenarios (apps, services, APIs), and data shareable to partners and contractors with less risk exposure.

• Transparency—Fewer agents per device; less agent and app bloat; consistent applicate experience anywhere, on any device. Less operational overhead by updating for threats and policies.

• Enable ZTNA—Network access based on identity of user, device, application—not IP address or physical location for seamless protection on and off the network; end-to-end encryption. Extended to endpoint with public Wi-Fi protection by tunneling to the nearest Point of Presence (POP).

• Effective network and network security staff—Shift to strategic projects like mapping business, regulatory, and application access requirements to SASE capabilities.

• Centralized policy with local enforcement—Cloud-based centralized management with distributed enforcement and decision making.

About SASE

SASE offers users a chance to reduce complexity, improve speed and agility, and offer multi-cloud networking, which is often offered in a single, integrated cloud service. This is intended to help enterprises reduce costs and complexity, provide centralized orchestration and real-time application optimization, help secure seamless access for users, offer secure remote and mobile access, restrict access based on identity, improve security through consistent policy, and increase network and security staff effectiveness with centralized management.

The SASE model is comprise of three components: SD-WAN, cloud security, and zero trust network access.

SD-WAN is a cloud-delivery wide-area network architecture that allows for cloud transformation at enterprises, and offers users a chance to have a cohesive user experience for applications and providing a seamless multi-cloud architecture. And while an SD-WAN is normally a stand-alone infrastructure, often requiring investment in hardware, the SASE version is cloud-based, defined and managed by software, and has distributed PoPs that can ensure that enterprise traffic can avoid latency and security issues.

Cloud security includes a set of technologies and applications delivered from the cloud to defend against threats and enforce user, data, and application policies. This includes a flexible, cloud-based firewall, which can be delivered as a service to protect the edges in an SASE model. This can also make it easier for enterprises to manage the security of the network, set uniform policies, spot anomalies, and make quick changes.

A zero trust network access works to verify users' identities and establish device trust before granting them access to authorized applications. This can help an organization prevent unauthorized access, contain breaches, and limit an attacker's lateral movement through a network. Zero trust network access can also make a network more adaptable for remote or mobile workers, requiring additional levels of authentication such as multi-factor authentication and behavioral analytics.

The challenges associated with SASE include some services being limited initially because the implementers of any SASE adoption could lack network or security experience. As well, some offerings may not be designed with a cloud-native mindset and there may be legacy on-premises hardware that pushes an SASE in the direction of an infrastructure dedicated to one customer at a time. Further, with the complexity of SASE, it requires providers to have integrated features, rather than features stitched together.

As well, with security, networking, and systems teams fully siloed, these teams have to agree to manage a common infrastructure in SASE systems. Especially as these networks often allow cybersecurity and network teams to manage their respective parts of a service, which can get complicated but can also save money for an enterprise as it requires a single vendor to achieve.

It can also be important that providers have well-integrated features, as endpoint agents need to be able to integrate with other agents to simplify deployments, with different kinds of cloud gateways, and with various kinds of proxies. Similarly, it can be important for enterprises to avoid do-it-yourself solutions on an ad-hoc basis rather than adopting a true SASE solution.

As enterprises and related networks increasingly rely on cloud-based applications for business operations and supporting distributed workflows for remote and mobile users, the related networks attack surface has been ever-expanding. This has been through enterprise networks expanding beyond conventional network edge, which can challenge the infrastructure. And while networks have advanced to address and support these workflows and workflows at remote endpoints, security tools have not always kept pace, and have rendered VPN-only solutions obsolete, for some. While SASE offers secured and managed endpoints, with security and network policies remaining consistent between remote and on-premise workers and infrastructure.