SASE is a new network architecture combining networking and security functions traditionally delivered as point products. It offers a least-privileged model and consistent policy enforcement, minimizes the attack surface, and improves user experience.
SASE enables organizations to secure remote and mobile users with security features like web application protection, threat avoidance and data loss prevention. It also provides access control capabilities like CASB and zero-trust network access (ZTNA).
What Is SASE?
SASE combines networking and security options as a single service, providing a simpler network that’s less expensive to deploy, manage and run. It enables employees to access corporate systems and applications anywhere without traversing backhauled networks like MPLS.
It integrates firewall-as-a-service (FWaaS), secure web gateway (SWG) and zero-trust network access (ZTNA) into a single architecture that’s cloud-delivered to simplify operations and reduce costs. The unified security architecture makes it easy for organizations to set uniform policies and identify threats and anomalies across remote locations, data centers and the cloud.
The platform’s inspection engines are located at points of presence (PoP) rather than in data centers, reducing network congestion and latency. Traffic from branch offices, IoT devices, mobile workers and other edge points are routed to the nearest PoP for inspection.
It improves performance and eliminates backhauling, which lowers transport costs, speeds up data center aggregation and simplifies communication network operation.
SASE also offers advanced security capabilities such as encryption, multifactor authentication, threat protection, sandboxing and data loss prevention.
Leading SASE security providers like Fortinet offer integrations with leading security vendors for a consolidated architecture supporting consistent, effective, adaptive cybersecurity.
They also provide integrated behavior analytics that evaluates the context of an employee’s activity and can spot risks that would be missed in siloed systems.
As businesses move toward a cloud-native architecture, they need a SASE solution that provides the agility, security, and performance required to support a flexible work paradigm.
By consolidating networking and security functions traditionally delivered as point products into a single service, SASE reduces IT complexity and eliminates the need for separate appliances, lowering both CapEx and OpEx.
The global SD-WAN service used for SASE offers lower latency compared to traditional private WAN technologies. The inspection engines are not hosted in the data center but at points of presence (POPs).
Traffic sent to these POPs from a physical edge site or a remote device—including branch offices, mobile devices, or IoT devices with clientless access—is inspected and securely forwarded to the internet, reducing network latency and improving user experience.
The SASE platform also enables Zero Trust Network Access (ZTNA), which provides granular visibility and control of users, systems, and applications to ensure the least privileged approach. ZTNA analyzes access attempts based on identity and context, allowing or rejecting access based on pre-defined policies.
It prevents lateral threat movement, providing stronger overall network security and micro-segmentation. Unlike traditional threat intelligence, which relies on the results of attacks to give visibility and alerts, SASE proactively analyses data streams to detect and block threats before they reach the enterprise WAN.
Modern business demands a more agile and secure network, especially for remote employees who require flexibility to work anywhere. Traditional hub-and-spoke architectures don’t scale to meet these needs, but SASE makes it possible by connecting users directly to applications over the internet.
SASE offers several key benefits, including improved performance/latency thanks to route optimization and a more consistent app experience across devices and locations. The unified SASE service also reduces management complexity and cost by eliminating the need for hardware appliances in branch offices and other remote locations and software agents on end-user devices.
Additionally, it helps ensure consistency in security policy enforcement and reduces the attack surface by enabling identity-aware zero-trust access for both sanctioned and unsanctioned apps.
However, a key challenge with SASE is deep integration between networking and security functions. Cybersecurity risks evolve quickly, while wide-area networking requires reliable connections. SASE platforms incorporating advanced SD-WAN with a comprehensive suite of cloud-delivered security services deliver the best results.
Using best-of-breed SASE solutions with tight integration between networking and security features will help you break down siloes, simplify deployment, and maximize IT staff effectiveness.
It will allow you to address various business challenges, such as managing the challenges of remote work, increasing IT costs and complexity, improving application performance, and ensuring consistency in security policy enforcement.
The SASE approach combines networking and security services at the edge, delivering them as a single cloud service. That unified model reduces complexity and cost, with fewer hardware systems at each office location and a reduction in the number of agent software applications required on end-user devices.
The network and security services are deployed as cloud-delivered offerings, including firewall-as-a-service, secure web gateway (SWG), and zero trust network access (ZTNA).
These services enable enterprises to connect remote offices and users with their private cloud apps without a VPN and provide granular visibility and control of devices and connections independent of where they reside.
This new way of connecting users, devices, and apps to an organization’s network and applications also improves resilience. By directing traffic directly to the cloud, SASE eliminates backhauled traffic flows that cause performance degradation and introduce latency.
Enterprises considering a move to SASE should weigh a few potential challenges. First, it’s important to understand the capabilities of a unified solution. Some SASE providers have a strong background in networking or security, but not both, and may not deliver the features needed as a complete offering.
For example, a SASE solution from a legacy hardware vendor might not have the experience with in-line processing to handle context-dependent policies and could struggle with performance and costs.