What is SASE? Your 2021 Definitive guide
Pronounced ‘sassy’, SASE (Secure Access Service Edge), is a terminology first proposed by Gartner. While there are many definitions of SASE, it can be simply said to be a network architecture that combines the capabilities of SD-WAN with network security functions and delivers it as a service delivered via the cloud.
What is SASE used for?
As it is a cloud-based service, SASE can be used to ensure security for remote workplaces or branch offices. A standardized policy across all remote touchpoints can hence be enforced from a centralized location in the cloud. SASE uses an integrated approach by combining complementary technologies such as SWG, CASB, FWaaS and ZTNA. This ensures that regardless of the location or the device, a consistent and secure access policy can be enforced to prevent any leakage of data.
Top 10 Benefits of SASE
SASE offers a new approach to network security and offers several significant benefits:
#1 Reduced costs: Typically, an average enterprise has to deal with a huge number of point solutions such as web gateways, firewalls, VPNs etc. SASE allows enterprises to consolidate and do away with these point solutions and save associated costs with respect to purchase, implementation and support.
#2 Simplified Management: As SASE consolidates multiple security products into one solution, it allows enterprises to centralize and simplify management and rollout of services. As the solution is delivered via a central cloud-based interface, it ensures that enterprises do not have to deal with multiple interfaces, leading to simplified management. The IT team, for instance, does not have to invest in resources for managing multiple devices (firewalls, VPN appliances, SD-WANs) and can take control of the entire portfolio of services via a single interface.
#3 Holistic security: A SASE model bundles in multiple security features such as a secure web gateway, IPS, firewall, URL filtering, anti-malware and Zero Trust Network Access into one solution, there are no gaps in the security posture.
#4 Faster deployment and scalability: In the current fast-paced digital environment, speed of deployment is extremely important. A SASE model enables enterprises to quickly scale up and make a site available in considerably lesser amount of time than a traditional WAN.
#5 Central rollout of policies: The SASE model allows enterprises to centrally set and rollout policies. This makes it easier to enforce security across all sites – be it an office location, a remote branch or at different edge locations. Being cloud-enabled, this allows enterprises to quickly secure mobile workforces too.
#6 Better data protection: In today’s scenario, where data is distributed, accessed and stored in multiple places, ensuring protection of sensitive information is challenging. In a SASE model, Data Loss Protection (DLP) can be delivered as a cloud-based service that is focused on the data. This approach prevents unauthorized usage of data across the organization at any endpoint or device, leading to better data protection.
#7 Improved performance: SASE can ensure improved network performance as it allows enterprises to set policies that prioritize the usage of bandwidth according to usage. This leads to lower network congestion and allows bandwidth to be provisioned according to the importance. For example, bandwidth provisioned can be lesser for guest access, while core applications can get higher allocation of bandwidth.
#8 Reduced integration time: With SASE, there is no need for integrating multiple tools and vendors. With built-in integration support, there are no security gaps that are formed due to different security vendors following their own proprietary interfaces and frameworks
#9 Improved productivity of employees: With SASE, employees have increased visibility. They also have greater ability to enforce control by using a central portal. On a SASE portal, all related functions related to networking and security can be enforced.
#10 Improved security posture due to ZTNA: While a Zero Trust Network Access is relatively just one part of a SASE model, it significantly enhances the security posture of organizations. A default assumption of zero trust along with other services provides a proactive approach to enterprise security and provides protection irrespective of the device, the location or the network.
The SASE security model
The SASE Security model is said to be the future of security, as it combines many promising and effective technologies in one combined model. For enterprises which are struggling to enforce security controls across users, groups and devices, a SASE-based model allows enterprises to quickly scale and leverage the benefits of the cloud. This naturally translates into lower TCO and more effective security.
How SASE works
SASE is a cloud-based model which works by integrating network and security capabilities in a single unified framework. A SASE solution uses an inspection engine at an edge point of presence to analyze traffic for malware or any issues before it is routed or forwarded. A SASE based solution gives access to cloud-based services and on-premises resources through a simplified centralized approach. This is done by aggregating network security and access controls through a single management control. This enables firms to have complete visibility into application and network performance and take proactive steps to prevent attacks. A SASE solution also automatically classify traffic and prevents access to unsanctioned content or applications. A SASE solution promises a proactive security posture as it works by allowing enterprises to create a dynamic identity and access based context security policy instead of fixed policies that were focused on perimeters.
SASE ensures improved security as access is only given to specific applications that are needed for users with respect to their work profiles. SASE also ensures that the user is authenticated and authorized using multi-factor authentication which enables users to access all applications with one set of credentials. SASE utilizes DNS as a security control point, which helps it in detecting and stopping cyberattacks early.
How is SASE deployed?
A SASE solution is a framework that specifically details out how specific technologies can be combined into a single cloud-based service to create a robust security posture. One of the first steps in a SASE journey is to identify and create an inventory of all application resources and classify them according to business criticality, performance and resources required to support functioning. This must be followed by defining clearly how every infrastructure resource connects to the overall enterprise ecosystem. Access policies are defined and network topologies and connectivity options are documented. This is followed by implementing every technology (Cloud Access Security Broker (CASB), Firewall Access as a Service (FWaaS), Secure Web Gateway (SWG) and Zero Trust Access Network (ZTNA)), that is part of the SASE framework in a step by step manner.
Why are organizations moving to a SASE architecture?
SASE has become extremely popular as it addresses the increasing need of enterprises to have improved security in a world which is increasingly getting used to a remote work culture. SASE ticks several boxes for enterprises with respect to remote security. This includes secure access to applications with respect to their work profiles, improved data protection and quicker rollout of networks. Research firm, Gartner estimates that by the year 2024, a minimum of 40% of enterprises will have clear adoption strategies for implementing adopt SASE.
What is the “edge” part of SASE?
In SASE or Secure Access Service Edge, the ‘edge’ refers to edge devices that can be connected to a cloud-based ecosystem or setup instead of physical data centers. This allows security policies to be enforced across devices that may be located at the edge.
What is included in SASE?
SASE is not a single technology, but an approach or a strategy that includes adoption of many sets of complementary technologies. SASE combines SD-WAN capabilities with Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall Access as a Service (FWaaS) and Zero Trust Access Network (ZTNA).
Why is SASE necessary?
In a world which is increasingly getting used to a distributed remote work model and adoption of multi-cloud models are on the rise, SASE is a promising solution as it converges complementary security technologies to create an effective and holistic security proposition that can be implemented and scaled quickly across locations due to a cloud-based approach.
Is SASE secure?
SASE is considered secure as it is a combination of several technologies that are complementary to each other. Each technology adds an additional layer of security, making SASE extremely secure.
Let us look at each technology, and analyze how it improves the overall security posture. In a SASE model, one of the prominent technologies is the Next Generation Firewall (NGFW). A NGFW helps enterprises create a micro-perimeter by creating a segmentation layer that allows only known traffic to pass through. This helps in enabling access to only authorized users, and gives enterprises the capability to fully analyze and differentiate between different types of traffic. It is also possible to apply additional granular controls such as URLs, IP addresses, domains or ports. This also prevents download of malicious content or software, as the firewall is constantly updated with respect to malware based on globally available threat detection databases.
This protection is reinforced by the Secure Web Gateway (SWG), which protects users by offering capabilities such as URL filtering, deep packet inspection for malicious content and web access controls. SASE also offers capabilities such as IPS, which can continuously monitor threats and capture intelligence around these threats, which can help network administrators take preventive action. This can include blocking traffic from known fraudulent regions or IPs or blocking malicious bots.
When one looks at the complete solution that SASE offers, we can conclude that SASE can help enterprises adopt a Zero Trust model completely (it can deliver everything except WAF).
As SASE is a blend of network and security, it requires the requisite skillsets that are associated with each technology that is part of a SASE based ecosystem. SASE is also a relatively new concept, and is evolving quickly. Many vendors are seeing ‘SASE’ as a huge opportunity and have different definitions or approaches towards achieving a SASE model. Many vendors have also repositioned their core offerings around Zero Trust without changing the core product offering. Enterprises hence need to carefully evaluate each technology vendor’s strengths and proven business use cases, before they make any commitment.
SASE vs CASB – What are the key differences?
CASB is just one technology of the SASE ecosystem. SASE offers a holistic security solution that includes CASB. A CASB is meant to be an intermediary between cloud providers and users. The key difference between CASB and a SASE solution is the level of integration that a SASE solution can achieve compared to a CASB solution. CASB has to be integrated with other security solutions for it to be fully effective. However, a SASE solution is a complete solution that provides a fully integrated security stack, which includes the CASB. This is much beyond the security features that a CASB provides.
Does SASE replace SD-WAN?
While SD-WANs have proved to be extremely popular, they do not include security or access control features that are necessary in a multi-cloud world. SASE addresses this weakness of SD-WANs by combining the capabilities of SD-WANs and fusing it with the required security technologies. SD-WANs hence can said to be a subset or a component of SASE.
In a multi-cloud world, there are a huge number of complexities that can affect the way you plan your IT infrastructure and network rollout, specifically with respect to remote locations.
With over 17 years of experience, GlobalDots has an unparalleled knowledge of the core technologies that are critical for improving the performance of networks with the required level of security. Our team knows exactly what a business needs to do to succeed by providing the best network security and architecture that is required to deliver the needs that are required by a digital enterprise today.
In the midst of the huge marketing hype around SASE, it is tough for enterprises to understand which vendor can actually deliver a full-on SASE and which SASE is best for their needs. We can help enterprises by using our immense expertise and experience in SD-WANs and SASE