SASE
SASE (Secure Access Service Edge) is a network architecture combining network connectivity (SD-WAN) and cloud-delivered security functions (SWG, CASB, ZTNA, FWaaS). SASE provides secure access to applications regardless of user or resource location.
What is SASE?
SASE Definition
SASE (Secure Access Service Edge) is a network architecture concept defined by Gartner in 2019. SASE combines network connectivity functions (SD-WAN) with cloud-native security services (SSE) into a single integrated platform, delivering security and networking as a cloud service.
SASE Components
Network functions (SD-WAN):
- WAN optimization
- Application-based routing
- Quality of Service (QoS)
- Multi-path connectivity
Security functions (SSE):
- Secure Web Gateway (SWG)
- Cloud Access Security Broker (CASB)
- Zero Trust Network Access (ZTNA)
- Firewall as a Service (FWaaS)
Why SASE?
Traditional architecture doesn’t work in an era of:
- Remote and hybrid work
- SaaS applications
- Multi-cloud
- Direct-to-cloud access
SASE brings security to where users are, instead of routing traffic through central data centers.
SASE Benefits
- Simplification: One vendor instead of multiple point products
- Cost reduction: Consolidation reduces TCO
- Latency: Security closer to the user
- Consistency: Uniform global policies
- Scalability: Cloud architecture
SASE vs Traditional Architecture
| Aspect | Traditional | SASE |
|---|---|---|
| Topology | Hub & spoke | Direct-to-cloud |
| Security | Centralized DC | Distributed PoPs |
| Management | Many consoles | Single pane of glass |
| Scalability | Hardware | Cloud |
SASE Implementation
Approaches:
- Single-vendor SASE: Everything from one provider
- Dual-vendor SASE: SD-WAN from one, SSE from another
- DIY SASE: Assembly of components
Stages:
- Assessment of current state
- ZTNA/VPN consolidation
- SWG migration
- CASB integration
- Full SD-WAN
SASE is the future of enterprise network architecture, enabling secure connectivity in a cloud-first and remote work world.