SASE, an acronym of Secure Access Service Edge, is a new cloud-based network security approach to support the Cloud era of rampant modern digital transformation and cloud-first businesses. With more cloud workload adoption and business agility, SASE software security gives IT teams
With more roaming/remote workforce or users vying for remote access to cloud applications, it comes with challenges like:
- Infrastructure Complexity
- increased traffic load
- smooth, low-latency connectivity
- uninterrupted access to network
- Insider Threats
- Identity & Access Management, and
- Cloud Visibility etc.
What is SASE Secure Access Service Edge Solution?
With cloud adoption and remote workers rising, the traditional castle and moat approach towards securing your assets doesn’t work anymore.
In this era, you need a security service delivered from the cloud and unified for ease of operations. Secure access service edge or SASE provides a unified networking and security service delivered from cloud architecture and provides you security for your users, applications, or assets anywhere.
Gartner’s “The Future of Network Security Is in the Cloud Report
SASE, for the first time, was mentioned in a report released by Gartner in August 2019. Two Gartner analysts, namely Neil McDonald and Joe Skorupa, alongwith VP analyst Lawrence Orans, paved way for this paradigm shift in networking and security for the modern enterprise.
Network security and Cloud are two key pillars of Digital business transformation. Gartner’s “The Future of Network Security is in the Cloud” defines The Secure Access Service Edge (SASE) and what it takes to safeguard digital business transformation vis-a-vis SD-WAN secure access.
In other words, it lessens technical loads when security changes its posture from data center to a user or endpoint.
Traditional hub-and-spoke architectures are not capable of meeting challenges of ever-growing trends of edge-driven computing
The Gartner SASE report recommends the following:
- What is SASE and what makes it a hotcake to secure network security services
- SASE security framework adoption
- The spectrum of managing boxes to delivering policy-based security
- Making the most from the combination of SD-WAN and old protocols like Multiprotocol Label Switching (MPLS) projects to pinpoint the effectiveness of combined network security offerings.
- Getting best mileage from software-defined WAN and push successful network transformation
- Adoption of Cloud security features and offerings in terms of scalability and flexibility
Going by the Gartner’s definition of SASE, Secure Access Service Edge, abbreviated as SASE and pronounced as “sassy, is a network architecture that merges SD-WAN with multiple security technologies ( like Secure Web Gateway SWG, cloud access security broker CASB, Firewall as a Service FWaaS and Zero Trust Network Access ZTNA) into a single and unified, global cloud-native offering.
Instead of the security perimeter being entombed in a box at the data center edge, the perimeter is now everywhere an enterprise needs it to be — a dynamically created, policy-based secure access service edge.– Gartner, The Future of Network Security Is in the Cloud; 30 August 2019; Lawrence Orans, Joe Skorupa, Neil MacDonald
Let’s define SASE further and understand what Secure Access Service Edge environment means in simple terms.
IT architectures are evolving in the face of demand for scalability flexibility and increased security and network challenges such as requirements for low latency and WAN edge needs.
So, when a unified service model like SASE Secure Access Service Edge converge SD-WAN and cloud-based security like:
- Secure Web Gateways
- Cloud Access Security Brokers
- Antivirus/malware inspection
- Data Loss Prevention
- Virtual Private Network
- Zero-trust network access
- Firewall as a service
- Advanced Threat Protection etc.
Organizations are poised to apply end-to-end secure access to networking and security of its user base, workloads, endpoints, and network capabilities.
Difference Between SASE and Traditional Network Security
5 Key SASE Components Capabilities:
Firewall as a service
Cloud Access Security Broker (CASB)
Secure web gateway
Zero Trust network access
Top 5 Benefits of SASE
SASE Benefit #1– Reduced IT cost
In today’s time when data is present across cloud applications and SaaS services, there is extra load on traditional network-based security models. It drives up both CAPex and OPex with the presence of vendors and tech stacks.
With Application of SASE solution as a single platform approach, you get reduced Operational overhead without worrying about cost of deployment of new hardware or software. The Centralized and role-based management propels effectiveness without paying extra.
It goes without saying that patching, updating software wont be a problem either.
SASE Benefit #2: Holistic and consistent security
Thanks to SASE solution’s comprehensive range of security features like URL filtering, anti-malware, firewalling, IPS, NGFW policies and endpoint-specific security policies Threat Prevention and Reducing Risk make SASE a flexible and holistic security choice.
SASE Benefit #3: Simplified Easy management
The freedom of shifting from site-centric security to user-centric security and control the entire SWG, SD-WAN, NGFW, and VPN devices from a single point simplifies the process of managing less agents per device.
SASE Benefit #4: True improved network security
Using a single set of policies, SASE security all traffic flow is inspected at the source and the endpoint, it reduces downtime due to malicious behavior.
SASE Benefit #4: True improved network security
Top 7 SASE Use Cases Architecture
SASE Use case 1: Securing BYOD
SASE use case 2: Securing the Web and Shadow IT
SASE use case 3: Securing the Remote Workforce
SASE use case 4: Fighting Malware
SASE use case 5: Preventing Data Leakage
SASE use case 6: Securing IaaS
SASE use case 7: Securing Branch Sites
SASE Gartner Quadrant Vendors
In the cybersecurity vernacular, Gartner coined the term Secure Access Service Edge, or SASE to bring network and security functions with WAN functionalities.
In other words, Secure Access Service Edge (SASE) is an enterprise networking technology
Evaluation Criteria a SASE vendor
Choosing SASE Vendors Platform Solutions
If we talk about a user, a user can access:
- Internet applications (Youtube or Facebook)
- SAAS based service ( for example, Office 365, Box)
- Public Cloud apps – private and public applications ( Azure, AWS or Google Cloud or any Public Cloud instance, etc.)
And he can also access applications in your private data centers.
To secure such users, who are now out of the premise, and accessing such services from cafes. Homes or unsecure networks, from their devices, what you need is the security services suite delivered from the cloud.
Here, we explain the list of services that can ensure user security when he is accessing all these services.
Zero trust Network Access or ZTNA
ZTNA service allows you to secure access to any private application hosted in a private or data center or public cloud.
If a user is accessing anything on the internet, he can use these services securely via a secure web gateway. If you require visibility and control in your SAAS application, what you can use is a CASB, and CASB can provide you security – both inline mode and in the API mode by which you can get to know the security levels of your data which is there at rest.
You can also leverage a next-generation firewall, which can be delivered from the cloud for egress traffic. From there, you can also enable SSL inspection, DNS security, and features like that.
And suppose you think that the users are at risk because their endpoints are not secure. What you can do is enable a remote browsing solution called a remote browser isolate service.
The user will browse any of these services not on his browser but on a remote browser that eliminates the risk of having malware infections and other infections on the host machine, which is on the endpoint.
The services come with flexibility in terms of deployment options. You can use an agent to provide access to your users, whether they are remote or sitting on-prem.
Or what you can do is also provide access to a site. This can be your remote branch, or this can be your head office as well. You can use your traditional methods like a GRE tunnel or an IPSec tunnel to connect. Suppose you have already migrated to a modern SD-WAN solution. In that case, these kinds of solutions or the SASE infrastructure provide you a native integration with the majority of these different hosting providers.With all of these solutions available in the cloud, what you get is a unified threat platform. This unified threat platform includes:
Advanced threat protection
UEBA features, which enables you to contextualize the threat.
And at the same time, it also enables you the DLP services delivered from the cloud, which will cut across all these services, which are listed on the board.
This enables one single console for operations to identify threats and for remediation of all of them. So I know that many things are ongoing here and today; if you talk to any vendor, they are trying to align their services with SASE. So when you look at a partner or a vendor to assess the SASE solution, you should look at the roadmap of the future-proofing. The vendor or the partner you select should have the correct roadmap that aligns with all these requirements. In addition to all this, you should also look at the feasibility of the location. There is a requirement for these kinds of clouds to provide lower latency, and at the same time, they should comply with the data regulations of the state. In addition to this, all these security controls were already present, on-prem, as part of your perimeter security controls.
So, the partner that you choose should be able to migrate those security controls into the cloud.
So please keep these things in mind when you are assessing a security vendor.