What is a Secure Access Service Edge (SASE)?
The secure access service edge (SASE) is not one single technology. Instead, SASE (pronounced “sassy") is a framework identified by Gartner as the way to securely connect entities such as users and devices to applications and services when their locations may be anywhere. In its 2019 report, The Future of Network Security is in the Cloud, Gartner defined the SASE framework as a cloud-based security solution that offers “comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA) to support the dynamic secure access needs of digital enterprises.”
So, isn’t SASE just another buzzword?
While it’s true that SASE has received a lot of attention from vendors and media focused on networking and security, we believe that the main principle behind the SASE framework is what makes it so compelling. This principle—that network and security architectures focused on the data center have become ineffective—isn’t simply a trend or marketing catchphrase, as it has been broadly accepted in the industry. So, what does a SASE solution offer that makes it so different from the “traditional” enterprise network security that connects offices via private networks and routes traffic through secure web gateways to prevent intruders from infiltrating the network (and blocks data from leaking out)?
As Gartner pointed out in its report that described the secure access service edge as the future of network security, traditional models in which connectivity and security have been focused on the data center need to shift to focusing on the identity of users and devices. That’s because, according to the report, “In a modern cloud-centric digital business, users, devices and the applications they require secure access to are everywhere.” Today’s workflows and traffic patterns bear little resemblance to those that existed when hub-and-spoke networks were conceived. Here’s why:
- More user traffic is heading to cloud services than data centers
- More work is performed off the network than on it
- More workloads are running in cloud services than data centers
- More SaaS applications are in use than those hosted locally
- More sensitive data is housed in cloud services than inside the enterprise network
How can an enterprise enforce access controls and security while facing these common realities? That’s where a SASE platform of WAN capabilities (SD-WAN) and comprehensive security services comes in. Cloud-based SASE offers significant benefits to organizations that are eschewing traditional enterprise networking and security to take advantage of cloud services, mobility, and other aspects of digital transformation. Here are three of those benefits:
SASE reduces IT cost and complexity
To enable secure access to cloud services and protect remote users and devices, organizations have been forced to add a range of security solutions in an attempt to close gaps in their security, adding significant costs and management overhead. But even with these reinforcements, the network security model is simply ineffective in a digital world. Instead of trying to use a legacy concept to solve a modern problem, SASE flips the security model. Rather than focusing on a secure perimeter, SASE focuses on entities, such as users. Based on the concept of edge computing, which is the processing of information close to the people and systems that need it, SASE pushes security and access services close to users. Using an organization’s defined business rules, SASE dynamically allows or denies connections to applications and services.
SASE provides a fast, seamless user experience
When users were on the network and applications and infrastructure were owned and managed by IT, it was easy to control and predict user experience. Today, even with applications distributed across multiple clouds, enterprises continue to use the old VPN model for connecting the user to a network for security. But VPNs deliver a poor user experience and they increase an organization's attack surface by exposing IP addresses. SASE calls for security to be enforced close to the user—instead of sending the user to the security, it sends security to the user. The SASE solution is cloud secure, intelligently managing connections at the internet exchanges and optimizing connections to cloud applications and services to ensure low latency.
SASE reduces risk
As a cloud-native service, the SASE platform is designed to address the unique challenges of risk in the new reality of users and applications being so widely distributed. By defining security, including threat prevention and data protection, as a key component of the connectivity model and not as a separate function, it ensures that all connections are inspected and secured, no matter where users are connecting, what apps they are accessing, or any encryption that may be used. A key component of the SASE framework is zero trust network access (ZTNA), which provides remote users and devices with secure application access while eliminating the attack surface and the risk of lateral movement on the network.
Why we believe SASE is the key to digital transformation
Digital business transformation has ushered in a demand for greater agility and scalability with reduced complexity. Companies are finding that they need to provide consistent and secure, globally available access to applications and services, regardless of where users—whether they’re employees, customers, or partners—are located or what devices they are using. The SASE solution offers enterprises an entirely new model for connecting users and devices that is fast and flexible, simpler and more secure. With the help of a cloud-native SASE vendor, organizations that adopt SASE will find themselves with the speed and agility needed to transform to the digital future.
- Blog: A True SASE Solution Requires a Cloud-First Architecture
- Gartner Report: 2021 Strategic Roadmap for SASE Convergence
- Zscaler SASE At a Glance
- Blog: The Future of Network Security is in the Cloud
- Modern architecture for a cloud and mobile-first world
- On-Demand: Industry talk featuring Gartner: The future of network security is SASE
- On-Demand: How Gartner’s SASE will transform security in 2020