What is SASE (Secure Access Service Edge)?
SASE (Secure Access Service Edge) is a cloud-native technology that establishes network security as an integral, embedded function of the network fabric. SASE supplants legacy services offered by single-purpose point-solutions located in location-locked corporate premises such as data centers.
Gartner’s “The Future of Network Security Is in the Cloud” research reports that in the digital economy security focus shifts from the data center to the identity of the user/device in conjunction with the data context of the communication session. Legacy security overlay solutions fail to provide the agility, flexibility, connectivity and security required in the network fabric that weaves together the digital economy: cloud-native, mobile, everything-connected.
Gartner expects that by 2023, 20% of enterprises will have adopted SWG, CASB, ZTNA and branch FWaaS capabilities from the same vendor, up from less than 5% in 2019. And by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.
How SASE Has Shifted Network Design Attributes
Hub-and-spoke network designs worked well when the data center was the core of your business and the outlying branch offices accessed the core. Historically, sites were stationary and branch offices a manageable and known number. Your data center hosted applications. Only a small fraction of employees worked from off-premises locations. Security-sensitive work remained on-premises.
Corporate network security hinged on the network perimeter: sophisticated firewalls in the data center; bouncing all Internet traffic via data center firewalls, incurring latency; intrusion-protection appliances in branch sites; VPN tunnels for limited off-premise access.
Digital Transformation Trends Upend Network Designs
The rigid networks of yesterday do not work in the digital economy. Numerous trends have commingled in a digital transformation that upturned every tenet of legacy network designs and traffic patterns.
- The core of your business is now “the network”: private and public clouds of interconnected peer networks.
- Applications float around these clouds. They are accessed—and accessible—from everywhere.
- Internet connectivity is cheap, ubiquitous and instantly available on cellular networks. MPLS link “security” is no longer affordable or practical.
- Business applications and data live in the cloud on scalable virtual platforms that grow or shrink on-demand to accommodate your business climate. Their physical location is immaterial.
- The death-march of hardware product-cycles has been superseded by usage-based subscriptions for cloud-native virtual resources when and where needed.
- An explosion of devices (IoT) are connected everywhere: sensors, cars, livestock, inventory, monitoring, tracking, surveillance, AI workers, home appliances. These devices often lack even rudimentary security features.
- User devices are Bring-Your-Own-Device (BYOD): mobile; personal (not controlled by IT); always connected; running user-choice software, applications and network connections; and are used interchangeably for personal and business purposes.
- Traffic patterns are meshed, any-to-any, wholly unsuited to VPNs.
More than Networks are Changing
In an assessment of industry trends, Zeus Kerravala, principal analyst at ZK Research, finds that 51% of CxOs do not know what their industry will look like in 2023; 48% fear their company could be obsolete within 5 years; 55% of the Fortune-1000 in the year 2000 are now gone; and expects a 50% turnover in the S&P in the next five years.
Worldwide COVID-19 social distancing directives resulted in momentous changes in the work-from-home, video communications and distance learning landscapes. Internet, service provider and enterprise traffic patterns are permanently altered.
Cloud-Native SASE Architectures
The agility to address these changes is key for survival in the digital economy. A Gartner blog by Andrew Lerner defines SASE as the convergence of wide area networking (WAN) and network security services like CASB, FWaaS and Zero Trust (ZTNA) into a single, cloud-native service model.
SASE Delivers Key Capabilities
SASE delivers attributes to address to digital transformation:
- You have complete flexibility in where and when security services are applied when security is integral to the network fabric. Meshed traffic patterns are handled with efficiency.
- Security is policy-driven, independent of location, and largely independent of device. This enables security services based on the user’s identity instead of an IT-controlled device, network access point (Internet, cloud, corporate, VPN) or location.
- SASE applies security based on the communication session and can therefore take into consideration the identity of both the user and the device as well as the data context of the transaction.
- SASE is a purely software-defined service and does not rely on any hardware appliance or location.
- SASE can be applied at the ever-shifting, logical edge of the network (a communication session), rather than at the physical “edge” (an IT-controlled device or corporate office).
- Many IoT devices have little to no local security capabilities. SASE, with security in the network fabric, can safely connect these devices.
SASE FAQs
What are some major SASE components?
SASE is an entire package of technologies that embeds security into the global fabric of the network. Major components of SASE are Software-defined WAN (SD-WAN), Cloud Access Security Broker (CASB), NGFW and Firewall-as-a-Service (FWaaS), Zero Trust Network Access (ZTNA), and Secure Web Gateways (SWG). More...
What is SASE architecture?
The core of SASE architecture is comprised of the users, devices, applications, and resources, and the identity, risks, roles, profiles, privileges and policies that govern access between them. SASE architecture is the convergence and inversion of both network and security architectures. More...
What kind of company should use SASE?
Organizations large and small benefit from SASE because it is cloud-native, simple, and secure. SASE enabled organizations can enable secure and reliable Work-from-Anywhere (WFA) environments and secure access while maintaining their rate of cloud adoption. More...
What are the primary SASE benefits?
SASE provides many benefits by consolidating networking and security functions traditionally delivered as point products. Benefits include reducing costs and complexity, achieving a least-privileged model, ensuring consistent policy enforcement, reducing the overall attack surface, and delivering a seamless user experience. More...
How do you adopt SASE?
SASE encompasses a combination of networking and security technologies. Some experts expect enterprise to adopt a hybrid approach to SASE: using existing security and networking systems, while gradually implementing SASE technology to scale large numbers of unmanaged devices, WFA users, and cloud-hosted resources. More...
What are the challenges with SASE?
As with the adoption of any new technologies, SASE can come with bumps on the road. Some points to consider when evaluating SASE are the scalability of the SASE architecture proposed, distribution of cloud gateways, SASE vendor skillset, and integration and interoperability of the SASE solution. Choosing the right SASE strategy can ease the path of a successful implementation. More...
Why is SASE necessary?
SASE is necessary for today’s modern client-to-cloud era, enabling effective cloud adoption and digital transformation, consistent cloud performance for WFA and mobile users, ubiquitous policy enforcement across your network, securing unmanaged devices, sophisticated and up to date threat intelligence, and simplifying IT management. More...
How can SASE help you and your organization?
SASE can help your organization in many ways from solving problems with traditional WAN architectures, presenting new digital transformation opportunities for your business, to increasing IT staff effectiveness. Other benefits include: reducing costs and IT complexity, securing remote and mobile users, ensuring consistent policy throughout your network, and optimizing network performance and user experience. More...
Versa SASE (Secure Access Service Edge)
Versa offers a unique converged SASE solution in an integrated single-stack, hardware-agnostic software-only offering that scales to the needs of any network.
- Versa Operating System (VOS™) is multi-service, multi-tenant software built on cloud principles to deliver scale, segmentation, programmability and automation. It provides integrated networking and security functions in a single software stack.
- Versa Director simplifies and automates orchestration of network and security services.
- Versa Analytics provides visibility, correlation and predictive analysis for network, application usage and security events.
Versa SASE incorporates core capabilities to enable seamless and secure connectivity globally.
- Multi-Service with Layered Security: Integrated L3-L7 network services with multiple layers of robust security.
- Cloud-Native & Elastic: Built on cloud principles for elasticity and automation.
- Segmentation: Multi-tenancy enables complete isolation.
- Context-based Policy: Network and security policies based on user and application context.
Versa SASE brings together the benefits of networking and security with simplified deployment and operation of multiple security services. Ongoing operations are orchestrated through the Versa Director management platform which provides a single console and set of policies across all Versa SASE services. More details are given in the NSS Labs recommendations and report on Versa.
Free eBook
SASE
For Dummies
Learn the business and technical background of SASE including best practices, real-life customer deployments, and the benefits that come with a SASE enabled organization.
Learn More
Find more research, analysis, and information on SASE (Secure Access Service Edge), networking, security, SD-WAN, and cloud from industry thought leaders, analysts, and experts.