The SASE architecture combines five core technologies: SD-WAN, secure web gateway (SWG), firewall as a service (FWaaS), cloud access security broker (CASB), and zero trust network access (ZTNA).
SASE delivers these networking functions as a scalable service from the cloud. Choosing a vendor consolidating these core technologies into a single platform will reduce integration issues, hardware devices, and point solutions.
What is SASE?
What does SASE stand for?SASE is an emerging method of securing networks that adapts the zero-trust approach to security. It requires granular visibility and access control of user, device, and application sessions regardless of network location. It enables enterprises to securely connect remote users and branches to corporate applications, SaaS services, and the web using a single backbone service provider with integrated networking and security capabilities.
SASE integrates security and networking functions into a scalable cloud-based solution, eliminating the need for hardware appliances at network edges. It also offers a lower upfront cost and fewer hardware assets that must be monitored with a centralized interface.
SASE uses the nearest points of presence (PoPs) to inspect traffic rather than routing connections through company servers. It eliminates the need for VPN tunnels and verifies users based on their identity and request context. It includes information about what application they are trying to access or whether the connection is from an IP address previously compromised.
While SASE can be implemented quickly, it does require collaboration between networking and security teams. It can be challenging, as it may result in turf wars over who is in charge of the deployment process. Depending on how it is implemented, SASE could also create a single point of failure and exposure to attack or technical issues at the service provider that can affect all users.
What are the benefits of SASE?
SASE is a robust security architecture for enterprises that can help safeguard remote and distributed workforces. It combines SD-WAN and a suite of security services to enable enterprises to safely accommodate an expanding edge, including branch offices, remote workers, public clouds, and IoT networks.
Integrated security services offer the advantages of simpler network infrastructure, improved performance, and lower costs. It also allows IT teams to manage and deploy security capabilities more efficiently with a single vendor, eliminating siloed point solutions and the associated costs and operational overhead.
Centralized control via cloud-based management platforms makes it easier to set user policies, while intelligent routing routes traffic based on each destination’s application profiles and SLAs to optimize performance. Zero Trust networking controls access based on user, device, and application—not physical location or IP address.
SASE helps mitigate various security threats, including man-in-the-middle attacks, spoofing, and malicious traffic. Leading SASE services also include secure encryption for all remote devices and apply more rigorous inspection policies to traffic that passes through public access networks such as Wi-Fi. These features provide adequate protection on and off the corporate network. Finally, by eliminating the need for Multiprotocol Label Switching (MPLS) lines and reducing the need for costly hardware at branches and other locations, SASE reduces WAN costs.
What are the drawbacks of SASE?
As SASE combines networking and security capabilities into a single solution, it may introduce a single point of failure or exposure. Technical problems on the provider side could impact all service users. To mitigate these risks, organizations should consider a tightly integrated dual-vendor SASE solution that stitches the data plane of networking and security controls.
Additionally, SASE involves a new technology with many different components, so it isn’t a good fit for businesses needing a deep network and security talent bench. SASE requires a change in how teams work, and it can take time to implement and train staff on the new tools.
SASE networks use identity and contextual information to authenticate user requests. It can lead to performance and security improvements. However, some traditional vendors may have a limited understanding of context and, therefore, may not enforce context-dependent policies effectively.
Another drawback of SASE is that it can introduce significant latency due to a centralized network model. It is a primary concern for today’s distributed workforce with its need for speed and reliability. To avoid these latency issues, businesses should look for SASE solutions that minimize handoffs between the underlying networking and security services built to be delivered at the edge. The goal is to deliver performance and security from the closest point of presence (PoP) in real time to ensure that applications always have a low-latency, high-performance connection.
What is the future of SASE?
SASE’s centralized management of security and networking functions appeals to IT departments in many ways. It reduces costs and IT complexity, enables a least-privileged model for remote and mobile users, provides consistent policy enforcement, and optimizes network performance and user experience. It also helps to prevent cyber attacks by filtering URLs, DNS queries, and other incoming and outgoing traffic.
The future of SASE is shaped by the changes in how organizations work, including digital transformation, the shift to cloud applications and services, and remote working. It also dovetails with the evolution to 5G connectivity, providing lower latency and better service across the enterprise network.
Ultimately, the success of SASE is tied to its ability to meet these challenges in a way that makes business sense. Its unified delivery as a cloud-based service means enterprises deal with fewer vendors and spend less time and internal resources configuring physical hardware. Its global SD-WAN footprint – which includes distributed PoPs across the globe – ensures a consistent network performance wherever employees are located and eliminates latency issues caused by routing over the public internet.
However, SASE will have to overcome resistance from those accustomed to working the old way – especially as it will require both networking and security teams to collaborate more effectively. In addition, it may take some time for IT professionals to be trained on how to use a new zero-trust architecture.