Secure Access Service Edge, commonly known as SASE and pronounced “sassy,” is a progressive network architecture that amalgamates software-defined wide area networking (SD-WAN) with security services into a single cloud-based service. The fundamental purpose of SASE is to streamline network access, enhance security, optimize network performance, and reduce the complexity and the number of vendors and devices that IT professionals need to manage. Initially conceptualized by Gartner in 2019, SASE has evolved from being a niche option for security-first SD-WAN to becoming a significant player in the wide area network (WAN) market. Analysts predict this market will surpass $10 billion in the next few years.
SASE integrates SD-WAN with a comprehensive range of security services to help organizations safely manage their expanding network peripheries, which may include branch offices, public clouds, remote workers, and IoT networks. While some SASE providers employ hardware appliances to connect edge users and devices to nearby points of presence (PoPs), the majority leverage software clients or virtual appliances to handle these connections. Typically consumed as a singular service, SASE offerings might comprise various services from multiple partners.
Key Networking Features
The primary networking features of SASE include SD-WAN, content delivery network (CDN), caching, WAN optimization, SaaS acceleration, and bandwidth aggregation. Various service providers, including SD-WAN vendors, carriers, content delivery networks, network as a service (NaaS) providers, bandwidth aggregators, and networking equipment vendors, contribute to this aspect of SASE. SD-WAN is a critical component, providing a more flexible and cost-effective alternative to traditional WAN technologies like MPLS. It enables dynamic path selection, ensuring optimal performance and reliability. Content delivery networks and caching improve the delivery of web content and applications, reducing latency and enhancing user experience.
WAN optimization and SaaS acceleration further enhance performance by minimizing latency and improving data transfer speeds. Bandwidth aggregation combines multiple internet connections to increase overall bandwidth, ensuring consistent and reliable connectivity for all users and devices. These networking features collectively enhance user experience, making it possible for organizations to efficiently manage their broad and varied network environments. Ensuring consistent performance and reliability is crucial for enterprises dealing with hybrid and remote work scenarios, where traditional networking technologies may fall short.
Key Security Features
On the security front, SASE’s features can include encryption, multi-factor authentication, threat protection, data leak prevention (DLP), DNS security, Firewall-as-a-Service (FWaaS), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA). The security services provision encompasses cloud-access security brokers, cloud-secure web gateways, and zero-trust network access providers, among others. Encryption ensures that data transmitted across the network is secure and protected from unauthorized access. Multi-factor authentication adds an extra layer of security by requiring users to provide multiple forms of identification before gaining access. Threat protection and DLP help prevent data breaches and protect sensitive information.
DNS security, FWaaS, and SWG provide comprehensive protection against various cyber threats, ensuring that users can safely access the internet and corporate resources. ZTNA offers granular control over user access, ensuring that only authorized users can access specific applications and data. By incorporating these key security features, SASE not only enhances the overall security posture of an organization but also ensures that security policies are uniformly enforced, regardless of the user’s location. This is especially vital in today’s increasingly remote and distributed work environments, where traditional security measures may not be sufficient.
Unified Service Offerings
An ideal SASE service would offer all necessary capabilities through a single service provider, even if certain components are white-labeled from other vendors. This streamlined approach significantly simplifies management and reduces costs for enterprises. By combining networking and security functionalities and offering them as a unified service, SASE promises to cut complexity and costs. Centralized policy control remains another advantage, allowing IT executives to set user policies via cloud-based management platforms, which are enforced in distributed PoPs close to end users. This ensures consistent access experiences for users irrespective of their physical location or the location of the resources they need.
Additionally, SASE simplifies the authentication process by applying appropriate policies for whatever resources the user seeks based on initial sign-in, supporting zero-trust networking by controlling access based on user identity, device, and application rather than location and IP address. This comprehensive approach not only secures the network but also optimizes the user experience by ensuring seamless and secure access to needed resources. The ability to enforce policies centrally while maintaining distributed enforcement points is particularly beneficial for large organizations with diverse and wide-reaching network environments.
Enhanced Security and User Experience
SASE enhances security by ensuring policies are uniformly enforced, regardless of where the users are located. The service provider handles new threats, negating the need for new enterprise-level hardware. Further, it facilitates secure access for diverse user types (employees, partners, contractors, customers) without the traditional risks associated with methods like VPNs and DMZs. SASE providers can supply varied qualities of service to ensure that each application gets the necessary bandwidth and network responsiveness.
With fewer deployment, monitoring, and maintenance chores related to network and security infrastructures, enterprise IT staff can redirect their efforts towards higher-value tasks. This shift not only improves the efficiency of IT operations but also allows organizations to focus on strategic initiatives rather than being bogged down by routine network and security management. By offloading these responsibilities to SASE providers, enterprises can benefit from the latest security technologies and practices without the need to continually invest in new hardware or specialized skill sets.
Challenges and Potential Issues
Despite these advantages, organizations considering SASE may face challenges. Initially, they may encounter deficiencies in certain features as providers might lack expertise in either networking or security. Issues could arise if the all-in-one service model doesn’t align well with the organization’s needs better than a mix of best-in-breed tools. A vendor’s global footprint can also affect SASE performance, as building a global network may become too costly for some providers, resulting in uneven performance due to latency issues from some sites being distant from the nearest PoP. Transitioning to SASE might strain personnel resources, potentially resulting in turf wars between networking and security teams or necessitating IT staff retraining to handle the new technology.
Moreover, the dependency on a single provider for both networking and security can expose organizations to risks related to service outages or vendor lock-in. It is crucial for enterprises to thoroughly evaluate potential SASE providers, considering their global presence, expertise in both network and security domains, and overall service reliability. Ensuring that the chosen SASE solution aligns with organizational goals and infrastructure is key to a successful transition.
Drivers for SASE Adoption
Key drivers for SASE adoption include supporting hybrid clouds, remote and mobile workforces, IoT devices, and finding cost-effective alternatives for expensive technologies like MPLS and IPsec VPNs. Facilitated by digital transformation, many organizations aim to break down siloes, phase out outdated technologies, and automate routine networking and security tasks—objectives that SASE supports. In today’s post-COVID hybrid work environment, traditional WAN models—requiring remote users to connect via VPNs and authenticate via centralized security—are becoming increasingly obsolete. SASE addresses these issues by ensuring users and devices can securely access needed resources, protecting them with security services in nearby clouds to minimize latency.
Core security features provided by SASE include Firewall as a Service (FWaaS), which protects network edges, and Cloud Access Security Broker (CASB), which ensures consistent security policies even for SaaS applications outside enterprise control. Secure Web Gateway (SWG) protects companies by limiting employee access to harmful or unwanted websites and deploying security measures like encrypted traffic inspection at cloud scale. Zero Trust Network Access (ZTNA) provides enterprises with granular control and visibility over user and system access to corporate applications and services, with security based on identity rather than IP addresses.
Supplemental Technologies
Various vendors offer additional SASE features such as web application and API protection, remote browser isolation, DLP, DNS, unified threat protection, and network sandboxes. Features like network privacy protection and traffic dispersion make it challenging for threats to track enterprise assets or intercept data. Optional offerings may include Wi-Fi hotspot protection, legacy VPN support, and protection for offline edge-computing devices. By uniting these technologies under the SASE model, enterprises benefit from flexible, consistent security, better performance, less complexity, and reduced total cost of ownership.
Enterprises can scale their network and security setups without needing more administrative staff, providing the agility to adapt to market changes and evolving security threats swiftly. Adopting SASE enables organizations to utilize the latest network and security advancements, ensuring robust protection and efficient operations.
When considering SASE, organizations must decide between single or multivendor approaches. A single-vendor SASE offers seamless integration and easier management but risks vendor lock-in and might be costlier for large organizations. On the other hand, a multivendor approach allows for selecting the best solutions for each part but can be harder to manage.
Potential SASE providers include top networking companies, startups, and some telcos offering proprietary or white-labeled solutions. Notable vendors are Akamai, Broadcom, Cato Networks, Cisco, Cloudflare, Forcepoint, Fortinet, HPE, Netskope, Palo Alto Networks, Perimeter 81, Proofpoint, Skyhigh Security, Versa, VMware, and Zscaler.
In conclusion, SASE promises to revolutionize enterprise networking and security by merging them into a single cloud-based service. It caters to the needs of hybrid and remote workforces, IoT devices, and the shift to cloud-based operations. Despite challenges, SASE offers numerous benefits like simplified management, enhanced security, and improved performance. Organizations exploring SASE should carefully assess vendor options, align them with their goals, and ensure a smooth transition to this innovative solution.
