According to Gartner, Secure Access Service Edge or SASE (pronounced: sassy), is the future of network security.
SASE takes a modern, zero-trust network approach to securing your enterprise infrastructure by packaging many well-known solutions into one. The zero-trust approach makes no assumptions about whether it’s a user or device accessing the network, and runs the same checks whether you are on or off the corporate network.
Since SASE aggregates a lot of well-known security technologies into one solution, many professionals are likely already familiar with its components:
- Software-defined WAN (SD-WAN)
- Cloud Access Security Broker (CASB)
- Next-Gen Firewall and Firewall-as-a-Service (FWaaS)
- Zero Trust Network Access (ZTNA)
- Secure Web Gateways (SWG
Where SASE Shines
In addition to having a zero-trust approach, SASE moves the focus of security onto the user as opposed to the data center, in response to the many enterprises moving to the cloud. SASE inspects incoming data at the source for the earliest detection possible.
Previously, inspecting traffic at the data center level hindered performance, and thus, the end-user experience suffered. By inspecting traffic at the source, SASE can redistribute network traffic leveraging SD-WAN technology, thus redirecting your traffic to the SD-WAN point of presence (PoP) closest to the end user.
SASE gives you the flexibility to pick and choose when to turn on the services you need from protections like web-app firewalls, malware sandboxing, credential theft prevention, firewall policies, and data loss prevention. Having these varying technologies in one place allows you to reduce complexity and have a one-stop shop for building your security strategy. This can help reduce costs and IT overhead, removing IT sprawl and the need to manage multiple systems.
SASE in Action
Many people use VPNs when working from home or when traveling, and those who have know firsthand just how slow it can be. Often, to leverage the security of a VPN, you are sacrificing user experience. However, with SASE, you can have your traffic directed to a PoP closest to you to prevent low performance, and gain the extra layer of security by having your traffic inspected at the source.
Things to Keep in Mind
Although this sounds like the all-encompassing solution every organization should have, there are a few things to keep in mind:
- Not every organization is ready for SASE right now. If you are still starting your digital transformation journey and still considering the move to the cloud, it may be too soon.
- SASE is only as good as its reach to your users. When assessing vendors, validate that the points of presence can be reached at your users’ remote locations.
- Also it’s important to note that although flexibility is a strength of SASE, some buyers feel boxed in with the tools their vendor provides. Keep in mind that if you want to use a different vendor for, say, CASB, you still can.
Don’t assume SASE is your end all be all security solution. While it covers a lot of ground, there is still work to be done and gaps to cover. You will likely still, for instance, need an endpoint detection and response tool.
Closing Thoughts
SASE is the future of network security, leveraging SD-WAN technology to give you a well-rounded security solution. The solution offers flexibility in how you set up your security environment, with the opportunity for cost savings and reducing IT overhead, while not sacrificing the critical end-user experience. However, it is important for organizations to consider if they are truly ready to take the plunge with SASE and to make sure they are still including other important security components in their architecture.