What is SASE?

SASE exists in response to network and security obstacles encountered by organizations, and while the idea behind it is simple, the problems that SASE addresses are not. Discover why and how SASE is the biggest milestone in security below.

SASE is Unified Security from the Cloud

A single SASE product combines the various vital networking and security tools that many IT teams still consume separately, and puts them on the cloud. A varied stack of products – like a firewall, VPN, and 2FA solution, for example – can be effective at securing a network and “locking the door” against hackers, but not ideal.

Unification of common, crucial networking and security ideas inside one cloud-hosted administration panel eliminates much of the effort that IT expends configuring many products to work together. When an organization has a growing number and variety of employees and business resources, one streamlined solution is best.

User-Centric

Legacy security solutions are deployed individually and added as one part of the full stack

Cloud-Native

SASE is built in the cloud and has relevant capabilities that provide an agile, comprehensive, elastic and self-updating network security product.

On the Edge

Implement one network for all local and cloud resources in use by the organization: data centers, branch offices, SaaS products, and mobile and remote users.

Distributed Service

SASE delivers complete networking and security abilities to the edge of enterprise networks, via global data infrastructure that is also low latency.

Benefits of SASE for Organizations

  • Complexity and cost reduction
  • Network performance improvements
  • Ease of use and visibility
  • Improved security
  • Zero Trust network access
  • Centralized policy management

SASE vs. VPNs

Since SASE represents different products and services wrapped into one, it’s difficult to compare it to a single consumable tool. However, many of SASE’s features are auxiliary and may not be in use for all organizations. Many will likely use it like a business VPN with extra security and more elegant networking, to provide secure remote access to employees around the world.

Comparing SASE to a VPN is a no-contest competition, and the chart to the right gives a good picture of why:

Traffic encryption
2FA
Network segmentation
Cloud integration
DNS filtering
Firewall as a Service
Secure Web Gateway
Single Sign-On / IdP

SASE

VPN

How SASE Became a Necessity

SASE became a necessity due to the pitfalls of dealing with its only alternative: a mix of tools that together work to implement smart network access policy and also enforce the use of security tools on users. Orchestrating this variety of solutions during a time of quickly changing networks, thanks to remote work trends and the cloud transformation, was obviously inefficient.

Instead of working to improve access policies for certain types of roles, or monitoring and logging for potential exposure, IT was tasked with making these technologies work with old infrastructure hardware, and with the other tools in the stack. IT also had to adjust how these tools were administered to new employees and new cloud-based tools every time the company grew.

As network complication increased exponentially with employees connecting from their own devices, and to a wider array of resources like Salesforce and Office 365, barriers to managing security risk network exposure. A consolidated network security solution “as a Service” was dreamt up by research firm Gartner and termed SASE at the end of 2019, predicting the emergence of a product that would solve these problems in the near future – and that time is now.

What Can IT Accomplish with SASE?

Due to the software-defined nature of its architecture, SASE lets IT set up and manage networks effortlessly from afar, and create custom user-focused access policies based on device, role, and other granular qualifiers. Plus the included monitoring and logging utilities, total network visibility and access control from a centralized admin panel, with no hardware or intense management required is what results.

More importantly, since SASE integrates easily with cloud-based and local resources, IT can integrate sophisticated security ideas into every corner of the network, creating a more scalable security apparatus that can be instantly deployed to new departments and employees.

Once a user is onboarded into the SASE product (that is – the company’s newly created network), they can be prompted to use various security tools before being granted access to resources. For example, since SASE includes IPSec tunneling and other protocols like SSL and WireGuard, employees can be herded through a login process using a client that encrypts their traffic before being able to access the tools they use.

Employees benefiting from SASE security might also be required to authenticate with their mobile device using 2FA before using company resources, prevented from accessing suspicious websites, and even be disconnected from the internet should the SASE client go offline momentarily. These layered yet easily-administered security tools guard each employee against multiple types of attacks, while segmented networking prevents hackers from penetrating deeply into the network should they manage to get in at all.