What is SASE?
Secure Access Service Edge (SASE) is an enterprise networking technology category, introduced by Gartner in 2019. Pronounced “sassy”, SASE converges current & future state network and security solutions, to reduce complexity and improve performance. The idea is to move away from siloed point solutions in favour of a unified, dynamic identity-driven SASE cloud service.
The concept of the traditional office network perimeter is becoming less relevant as enterprises embrace the flexibility of a remote and distributed workforce. SASE ensures that enterprises can meet the decentralised security and networking challenges of this new perimeter-less world.
SASE can incorporate a wide range of network and security solutions. On the networking side this includes Wide Area Network (WAN) optimisation, Software Define WANs (SD-WAN), Content Delivery Networks (CDN) and bandwidth aggregation.
On the security side, SASE can incorporate Zero Trust Network Access (ZTNA) and cloud Secure Web Gateways (SWG), as well as Firewall (FWaaS) and Web API Protection as a Service (WAAPaaS).
Rather than relying on a data centre, SASE delivers this unified service directly to the source of connection – such as end user devices, edge computing, IoT and branch offices.
SASE is not a passing fad, with Gartner predicting that 60% of enterprises will have a SASE adoption strategy by 2025.
How does SASE differ from SD-WAN?
SASE does not replace SD-WAN, rather it builds on SD-WAN to offer an all-encompassing networking and security environment.
SD-WAN is a networking solution which provides significant improvements to Wide Area Network performance, reliability and optimisation compared to traditional MPLS routing.
MPLS relies on expensive dedicated links to route traffic back via an organisation’s data centre.
Meanwhile, SD-WAN allows applications to break out to the internet and securely connect directly to the cloud, rather than backhauling all traffic back through an organisation’s data centre.
SD-WAN can dynamically route an application’s traffic based on its bandwidth and Quality of Service requirements, along with other predefined priorities. This curbs bandwidth demands, reduces latency and improves cloud application performance.
While it delivers many networking benefits, SD-WAN is not a security solution. By not backhauling traffic via a corporate data centre, it can bypass the corporate security stack.
SASE addresses this by converging SD-WAN with security deployed as a service in the cloud. This takes security out to the edge. A SASE framework allows enterprises to securely grant users and devices access to data and applications from any location.
SASE tailors security for each user session according to identity, context, policies and continual risk assessment.
Why is SASE important?
With the shift to cloud-based applications and Software as a Service (SaaS), including increasing shifts to internet-based carriage, the concept of the office network perimeter becomes less and less relevant. The perimeter has shifted to the edge, so networking and security must follow.
This is set to accelerate in a world of distributed workforces where enterprises will be supporting more staff regularly working from home or remotely.
As cyber threats continue to rise, driven in part by the vulnerabilities created by an increase in working from home, there is a need to increase defences at the edge of the network.
What are the benefits of SASE?
The benefits of SASE come from seamlessly integrating the networking strengths of SD-WAN with the protection of holistic cloud-based security which extends out to the edge.
For starters, SASE’s networking benefits reduce connectivity costs while improving performance and latency. This boosts productivity and collaboration for staff whether they are working in the office or from afar.
SASE offers a consistent user experience, delivering universal access with consistent security regardless of device, application or location. This includes zero-trust networking, which is applied based on user, device and application, not simply based on location.
Reducing the reliance on siloed point solutions for networking and security also reduces complexity and costs, simplifies deployment and streamlines management.
These benefits translate into cost savings, while freeing up networking and security teams to spend less time on the mundane and more time focusing on higher value tasks. At the same time, SASE enhances scalability, allowing organisations to more easily meet current and future challenges.
How does SASE support Zero Trust Network Access?
Sometimes referred to as the software-defined perimeter, ZTNA is an identity-driven approach to security. By default it denies access to a network, applications and data – even from within the office – rather than assuming that the user or device can be trusted.
This approach greatly improves security posture and risk management. It also decreases the likelihood of a security breach.
Should a breach occur, ZTNA significantly limits the impact by taking a granular and segmented approach to security which is not possible using access solutions like VPN. It is the way of the future, with 60% of enterprises predicted to phase out the use of VPN in favour of ZTNA by 2023, according to Gartner.
That said, ZTNA is far more than a replacement for VPNs. It’s a more holistic approach to control and visibility. For example, it ensures both network and application infrastructure is rendered invisible to unauthorised users. Once users are authenticated, it offers context-aware access with enhanced protection against lateral attacks.
As part of SASE, ZTNA helps combat security appliance sprawl, network complexity and other challenges which are created by point solutions such as VPNs. As such, ZTNA reduces costs while making secure access easier to manage and scale.
What is the business impact of SASE?
On the front end, SASE empowers remote and mobile workforces. This makes it an enabler for the modern hybrid user, brought to the fore by the COVID-19 pandemic.
The modern hybrid user relies on multiple devices, from multiple locations. They access technology services delivered via public cloud, SaaS-based workflow applications and traditional applications delivered from the data centre. This includes collaboration tools and rich video content providers.
SASE allows users to freely engage with these technologies in a secure and controlled environment.
On the back end, SASE grants visibility and control of cloud-based apps and data. It also migrates the security stack to the cloud.
The business benefits include enabling secure multi-cloud networking and providing secure Direct Internet access (DIA) broadband links for remote branches and roaming users. SASE provides access to SaaS without the performance hit – and thus productivity hit – associated with backhauling traffic to a corporate office.
As a result, SASE allows businesses to get the most from their people, wherever they are, without compromising on security.