What is SASE?

What is a secure access service edge (SASE)?

SASE, which stands for secure access service edge and is pronounced “sassy,” is not one single technology. Instead, it’s a framework identified by Gartner as the way to securely connect entities such as users and machines to applications and services when their locations may be anywhere. In its 2019 report, The Future of Network Security is in the Cloud, Gartner defines SASE as a solution that offers “comprehensive WAN capabilities with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA) to support the dynamic secure access needs of digital enterprises.”

So, isn’t SASE just another buzzword?

While it’s true that SASE has received a lot of attention from vendors and media focused on networking and security, we believe that the main principle behind the SASE framework is what makes it so compelling. This principle—that network and security architectures focused on the data center have become ineffective—isn’t simply a trend or marketing catchphrase, as it has been broadly accepted in the industry. So, what does SASE offer that makes it so different from the “traditional” enterprise network security that connects offices via private networks and creates a secure perimeter to prevent intruders from infiltrating the network (and blocks data from leaking out)?

As Gartner pointed out in its report, traditional models in which connectivity and security have been focused on the data center need to shift to focusing on the identity of the user and device. That’s because, according to the report, “In a modern cloud-centric digital business, users, devices and the applications they require secure access to are everywhere.” Today’s workflows and traffic patterns bear little resemblance to those that existed when hub-and-spoke networks were conceived, and secure perimeters were developed to protect them. Here’s why:

  • More user traffic is heading to cloud services than data centers
  • More work is performed off the network than on it
  • More workloads are running in clouds than data centers
  • More SaaS applications are in use than those hosted locally
  • More sensitive data is housed in cloud services than inside the enterprise network
Instead of the security perimeter being entombed in a box at the data center edge, the perimeter is now everywhere an enterprise needs it to be — a dynamically created, policy-based secure access service edge.
Gartner, The Future of Network Security Is in the Cloud; 30 August 2019; Lawrence Orans, Joe Skorupa, Neil MacDonald

How can an enterprise enforce access controls and security while facing these common realities? That’s where SASE comes in, offering significant benefits to organizations that are taking advantage of cloud, mobility, and other aspects of digital transformation. Here are three of those benefits:

 
SASE reduces IT cost and complexity

To enable secure access to cloud applications and protect mobile users, organizations have been forced to add a range of services in an attempt to close gaps in their security, adding significant costs and management overhead. But even with these reinforcements, the network security model is simply ineffective in a digital world. Instead of trying to use a legacy concept to solve a modern problem, SASE flips the security model. Instead of focusing on a secure perimeter, SASE focuses on the entities, such as users, and pushes security as close to the entity as possible. Based on an organization’s defined business rules, SASE dynamically allows or denies connections to applications and services.

 

SASE provides a fast, seamless user experience

When users were on the network and applications and infrastructure were owned and managed by IT, it was easy to control and predict user experience. But even with applications distributed across multiple clouds, enterprises continue to use the old VPN model for connecting the user to a network for security. SASE calls for security to be enforced close to the user—instead of sending the user to the security it sends security to the user. SASE intelligently manages connections at the internet exchanges and optimizes connections to cloud applications and services to ensure low latency.

 
SASE reduces risk

SASE as a cloud service is designed to address the unique challenges of risk in the new reality of users and applications being so widely distributed. By defining security as a function built into the very fabric of the model and not a function that’s separated from the connectivity of services, it ensures that all connections are inspected and secured, no matter where users are connecting, what apps they are accessing, or any encryption that may be used.

Why we believe SASE is the key to digital transformation

Digital business transformation has ushered in a demand for greater agility and scalability. Companies are finding that they need to provide consistent and secure, globally available access to applications and services, regardless of where users—whether they’re employees, customers, or partners—are located or what devices they are using. SASE offers enterprises an entirely new model for connecting users and devices that is fast and flexible, simpler and more secure. We believe SASE will provide the speed and agility needed for enterprises to transform to the digital future.

By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.
Gartner, The Future of Network Security Is in the Cloud; 30 August 2019; Lawrence Orans, Joe Skorupa, Neil MacDonald