The secure access service edge (SASE, pronounced “sassy”) is an emerging technology category of products and services that converge SD-WAN with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA). SASE solutions connect and secure devices together through one global platform.
The category was first defined by Gartner in its Hype Cycle for Enterprise Networking, 2019 and later in The Future of Network Security Is in the Cloud. Below you’ll find in-depth explanation of SASE and it’s market importance:
As enterprises evolve they’re increasingly less dependent on the private datacenter. More applications run in the cloud as SaaS than on-premises. More data and workloads live in cloud data centers and IaaS platforms than in datacenters. We also work off-site with mobility being the norm and mobile users routinely accessing the cloud.
These two shifts — the cloud and mobility — have forced us to rethink how we’re going to network and secure our offices, users, and resources. If the data center is no longer the hub of enterprise activity then where we inspect traffic and apply policy also needs to change. Backhauling traffic for security inspection undermines cloud performance, as we’ve already seen on legacy MPLS networks. At the same time, pushing security inspection out to the offices fails to address the other tenant of the enterprise, the mobile user.
And if our networks are going to be built by connecting resources and users in large part outside of our offices, how do we deliver optimal network experiences? SD-WAN provided a solution for sites but not for mobile users. SD-WAN alone is also Internet-based, opening the way for unpredictable and unoptimized Internet routing to impact the user experience. This is particularly the case when running latency-sensitive applications, such as real-time sessions, across global connections.
Alongside the question of where security inspection and network control is handled. There’s another question of how we inspect traffic. Today there’s a wide array of security technologies that need to be integrated together if companies are too adequately protect themselves. It’s expensive, time-consuming, and for many companies, requires skills they lack.
Ultimately it comes to finding one way to network any kind of resource, location or user, anywhere, and do so in a way that protects them and the business against the range of emerging threats.
Back to TOC
SASE solutions are ideally delivered as services (says Gartner) but can be delivered as turn-key edge appliances. The use of networking technologies (SD-WAN, WAN optimization, Route optimization and more ) to deliver the best possible network experience to any connecting entity — group (a site), users, devices, applications, services, and IoT system — regardless of location.
At the same time, they also restrict restricted based on identity and real-time context (such as location) in accordance with enterprise security/compliance policies and continuously assessed throughout the session.
Although there are dozens of characteristics associated with SASE, four main attributes are essential:
To get a better understanding of SASE, let’s see it in action. These scenarios are based on similar cases in the Gartner reports:
Sarah, a sales executive, goes to Starbucks late one evening with his company-issued laptop. While sipping a latte, he jumps on to the public Wi-Fi and accesses his company’s CRM system while browsing the Internet.
A SASE platform connects and protects him. He might run a SASE client to establish a tunnel to the SASE platform or use clientless access. Regardless, once connected, the SASE platform would provide prioritize the ERP traffic while applying the necessary acceleration and optimization techniques to improve access. Malware inspection, DLP, and UEBA would be used to detect and prevent, potential infections, data loss, and malicious activity. Internet browsing might be given a lower priority and but still secured using DLP and SWG. Finally, Wi-Fi protection would protect Joe while sitting on Starbuck’s public Wi-Fi.
Beth, a contractor to Widget Corp, comes Widget’s offices to work for the day and uses her own laptop. During the day she needs to access the company inventory system and only that system. The inventory system is a web-enabled application hosted in the company’s on-site, data center.
A SASE platform uses ZTNS to allow Beth to access that inventory database only from that particular location. The platform uses WAAP services to protect the web-enabled application from attack and inspects the encrypted traffic stream for sensitive data loss.
SASE brings many, many benefits to the enterprise. Some of the more notable ones include:
SASE as a technology sector is far too new for drawbacks to emerge. Implementations are still far and few between. What’s more, there are different approaches to SASE, which makes it reasonable to assume that there will be different solution limitation:
As Gartner makes clear, SASE players are coming from many different vectors — SD-WAN, CDN, security appliances, firewall-as-a-Service (FWaaS). Here is a summary of the current market state. Contact us for a current, more in-depth analysis.
For additional information related to SASE and SD-WAN, check out the following: