SASE is short for Secure Access Service Edge. Gartner introduced SASE by the end of 2019. It combines network security functions (i.e. SWG, CASB, FWaaS and ZTNA) with WAN capabilities (i.e. SD-WAN). SASE supports enterprises’ need for secure access.
“SASE capabilities are delivered as a service based upon the identity of the entity, real-time context, enterprise security/compliance policies and continuous assessment of risk/trust throughout the sessions”, Gartner stated in a report, identities can be associated with “people, groups of people (branch offices), devices, applications, services, IoT systems or edge computing locations.”
In short, SASE = SD-Wan + Security + Edge
SASE integrates SD-Wan with a series of security capabilities such as zero-trust access. Access decisions are based on user identity and are enforced at the edge; whereas, policies are centrally defined and managed in the cloud. Therefore, the transformation of core security architecture is shifting from data centres to user identity.
From Where Comes SASE?
SASE started from SD-Wan. Traditional enterprise WAN and Security architecture took enterprises’ data centres as the core of access. Network access is through data stream being returned to data centres.
Nowadays an increasing number of enterprises are deploying business systems on the cloud. Cloud services, edge computing, hybrid networks, and enterprise data centers have all become parts of the network. Traditional network architecture can not support this scenarios any more. The complexity, security and performance of network environment is a common challenge shared by many businesses.
SD-WAN is an acronym for software-defined networking in a wide area network (WAN). Through a centralized interface a cloud-delivered SD-WAN architecture. It widely connect to corporate networks, data centers, applications and cloud services. SD-WAN effectively reduces WAN expenses and improves network connection flexibility and performance. Even if SD-WAN has became the first choice of many enterprises, it lack some key security functions and is hard to guarantee data security in the cloud.
In this regard, people have tried to put SD-WAN equipment with firewalls, IPS equipment, and other security solutions to solve the problems. However integrating and managing different network and security technologies only increased complexity and made it difficult to deploy and expand.
Therefore, SASE model stood out. Let’s look at SASE from two perspectives.
- Firstly, Secure Access. SASE works through Cloud Access Secure Broker (CASB) and Zero Trust Network Access (ZTNA) to coordinate access requests based on user authentication in order to protect network security.
- Second, Service Edge. SASE guarantees point-to-point security for both branch offices and mobile workers. The capabilities of the edge service includes anti-malware and strong encryption of all communications across the network.
What are the benefits of SASE architecture?
- Improved Network Performance
SD-WAN features, such as built-in WAN optimization and upgraded connectivity, improve corporate network performance.
- Reduce Costs
Due to strategic partnership across SD-WAN, companies are no longer suffered from multiple vendors and complex deloyment.
- Cloud-centric Security Deployment
Real time threat prevention across the network provides integrated security as a service.
SASE combines various emerging technologies. It satisfies the requirements of dynamic access and security for cloud and mobile services. Besides, it brings enterprises with enhanced agility and security for the digital transformation.
* SASE is currently in the concept stage.