SASE Definition
A Secure Access Service Edge (SASE) is a network architecture framework that combines cloud-native security technologies—such as SWG, CASB, ZTNA, and FWaaS—with Wide Area Network (WAN) capabilities, to seamlessly connect securely users and systems to applications and services anywhere. To support today’s agile operational needs, these capabilities are usually delivered as a service in the cloud and can be centrally managed.
It’s worth noting that the term SASE refers to the entire architecture and not to a specific technology. In its 2019 report “The Future of Network Security is in the Cloud,” Gartner defined this framework as “a cloud-based cybersecurity solution that comprehensively combines WAN capabilities with network security functions to support the secure and dynamic access needs of digital enterprises.”
SASE is different from the Security Service Edge (SSE), which is defined instead as a subset of SASE that specifically focuses on the security services required for a cloud SASE platform.
But how does SASE work in practice?
The SASE architecture combines a Software-Defined Wide Area Network (SD-WAN) or another type of WAN with security features such as CASB and antimalware to protect the overall network traffic.
Traditional approaches to inspection and auditing (such as forwarding traffic through an MPLS service to data center firewalls) are only effective if users are also located in the same location. But today, with so many users operating from remote offices, all of this routing remote user traffic to the data center for inspection reduces efficiency and harm the end-user experience.
SASE is considered a very secure framework, which is what sets it apart from standalone solutions and other network security strategies. With SASE, instead of relying on data center security, the traffic coming from user devices is inspected at the enforcement point and is then sent to its destination. This results in more efficient access to applications and data, which makes this approach the best solution for protecting your distributed workforce and data in the cloud.