SASE stands for secure access service edge. The term was introduced by Gartner in 2019 and it refers to a set of technologies that combines network security functions with WAN capabilities (i.e., SDWAN) to support the dynamic secure access needs of organizations. These capabilities are delivered primarily as a service and based upon the identity of the entity, real time content and security/compliance policies.
1. SASE answers the needs of the remote workforce
Combining network and security functions, including malware protection, data loss prevention and zero-trust network access, SASE’s unified policy management enables companies to quickly and efficiently secure traffic regardless of its origins or the location of resources. With more and more users working from home and connecting to resources that are highly distributed, such as multiple public clouds and SaaS applications, SASE has emerged as a viable solution compared to the traditional routing to the data center over a VPN, as it handles critical network and security functions such as authentication and policy enforcement. This cloud-native approach is thus a natural solution for managing this new distributed workforce.
2. SASE converges networking and security functions
More security brings along more complexity and slower performance. But with SASE, if implemented properly, all these aspects can be resolved. SASE supports cloud-based enterprise security vs. on-premise security and has the capacity to blend network and security functions. A cloud model enables organizations to cost-effectively apply the latest network and security features without disrupting application performance or the end-user experience, or burdening IT teams with intense refresh cycles. With SASE, organizations can easily scale their networking and security capabilities to properly protect enterprise users and corporate data.
3. SASE is scalable
Network geographies can change from week-to-week as new services come online, user communities expand, or the mix of on-premises and remote users shifts. SASE accommodates network flexibility, scaling easily whenever expansion is required. It also minimizes the need for network hardware. This cloud-based solution meets the agility required by a highly distributed, cloud-based enterprise.
SASE consolidates networking and security functions in a single, integrated cloud service. By implementing a SASE model, enterprises can:
Cloud access security brokers are on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Examples of security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
Both SASE and CASBs offer cloud and network security solutions. The biggest difference between the two is the security integration they offer with the assets they protect. To be more specific, CASB typically secures SaaS applications and can be added to an organization’s security stack, whereas SASE provides fully integrated WAN networking and security that connects remote-based users and offices to cloud applications and the public internet. SASE goes beyond CASB’s security features to optimizing SD-WAN with a highly secure next-generation firewall.
Something to keep in mind: SASE is a guiding principle, not a specific product. As digital business transformation inverts network and security service design patterns, shifting the focal point to the identity of the user or the device, security and risk management leaders should evaluate the need for a converged cloud-delivered secure access service edge to address this shift. For proper deployment, enterprises should evaluate vendors and understand their technology stack, as well as define SASE goals and requirements (i.e. clarify which technologies can fill the gaps in your organization’s current infrastructure).