Secure access service edge (SASE) is a cloud-based enterprise security framework designed to address the network and security challenges caused by digital business transformation. The move to cloud coupled with increasingly mobile workforces places users, devices, applications, and data outside of the enterprise data center and network, creating an “access pattern inversion.” Introduced by Gartner, the SASE model responds to this inversion delivering networking and network security controls at the edge — as close to users as possible.

    SASE combines wide area networking and security functions into a single cloud-based architecture. With SASE, instead of having separate appliances or cloud services for SD-WAN, SWG (secure web gateway), firewall, CASB (cloud access security broker), IDS/IPS (intrusion detection system/intrusion prevention system), and VPN, you have a single holistic cloud-service that does it all.

SASE features a combination of these network and security functions:

• firewall as a service.

• malware protection.

• data loss prevention.

• intrusion detection and intrusion prevention.

• software as a service.

• secure web gateways.

• cloud access security brokers (CASBs).

• zero-trust network access.

Key Characteristics and Benefits of SASE

    The Future of Network Security Is in the Cloud, Gartner defined the secure access service edge (SASE) concept as “an emerging offering combining comprehensive [wide area network] capabilities with comprehensive network security functions (such as SWG, [cloud access security broker], [firewall

as a service] and [zero trust network access]) to support the dynamic secure access needs of digital enterprises.”

Potential business benefits of the SASE concept include the following:

» Reduce cost and complexity

» Enable secure remote and mobile access

» Provide latency-optimized, policy-based routing

» Improve secure seamless access for users

» Improve security with consistent policy

» Update threat protection and policies without hardware and software upgrades

» Restrict access based on user, device, and application identity

» Increase network and security staff effectiveness with centralized policy management

How SASE works?

    SASE merges your network architecture with network security, like SaaS or Zero Trust, to create a single, cloud-based service. The technology used within SASE has two distinct components: technology to manage network traffic and technology to manage network security.  

    When it comes to managing network traffic, SASE places the controls on the cloud edge rather than within the data center. This edge expands your network perimeter to remote users, devices, and applications while eliminating the need for VPNs. This method of network traffic control can reduce latency as the services and more integrated and streamlined.  

    In terms of network security, the sessions are typically designed to include a variety of important features such as identity-based access, zero trust policies, and more. When a connection is requested, the identity of the user or device is verified and pre-defined compliance and security policies are applied before granting access. Continuous risk assessment is run, monitoring things like the state of the device or sensitivity of the resource accessed to ensure security is maintained.