The SASE Identity Architecture
SASE – Convergence and Inversion of the Network and Security Architectures

High-level SASE Architecture
In the Gartner representation of SASE architecture, the core of SASE is comprised of:
- The users, devices, applications, and resources, and
- The identity, risks, roles, profiles, privileges and policies that govern access between them
Encircling this core is the outer SASE layer comprised of all the security and networking technologies required to securely connect core entities: the Software-Defined Perimeter (SDP). The SDP tracks the transient connections between core entities, rather than follow the hard perimeters of traditional network architectures that aligned with fixed locations, geography, physical network zones, IP addressing or buildings.
Five SASE components are involved in defining and protecting the SDP: these components are engaged in a connection when needed (such as an NGFW, SWG or CASB), or are fundamental capabilities integral to the fabric of SASE (such as SD-WAN and ZTNA).
- Secure SD-WAN
- Secure Web gateway (SWG)
- Cloud Access Security Broker (CASB)
- Zero Trust Network Access (ZTNA)
- Firewalling: NGFW and Firewall-as-a-Service (FWaaS)