What is SASE? Your 2021 Definitive guide

Pronounced ‘sassy’, SASE (Secure Access Service Edge), is a terminology first proposed by Gartner. While there are many definitions of SASE, it can be simply said to be a network architecture that combines the capabilities of SD-WAN with network security functions and delivers it as a service delivered via the cloud.

What is SASE used for?

As it is a cloud-based service, SASE can be used to ensure security for remote workplaces or branch offices. A standardized policy across all remote touchpoints can hence be enforced from a centralized location in the cloud. SASE uses an integrated approach by combining complementary technologies such as SWG, CASB, FWaaS and ZTNA. This ensures that regardless of the location or the device, a consistent and secure access policy can be enforced to prevent any leakage of data.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Top 10 Benefits of SASE

SASE offers a new approach to network security and offers several significant benefits:

#1 Reduced costs: Typically, an average enterprise has to deal with a huge number of point solutions such as web gateways, firewalls, VPNs etc. SASE allows enterprises to consolidate and do away with these point solutions and save associated costs with respect to purchase, implementation and support.

#2 Simplified Management: As SASE consolidates multiple security products into one solution, it allows enterprises to centralize and simplify management and rollout of services. As the solution is delivered via a central cloud-based interface, it ensures that enterprises do not have to deal with multiple interfaces, leading to simplified management. The IT team, for instance, does not have to invest in resources for managing multiple devices (firewalls, VPN appliances, SD-WANs) and can take control of the entire portfolio of services via a single interface.

#3 Holistic security: A SASE model bundles in multiple security features such as a secure web gateway, IPS, firewall, URL filtering, anti-malware and Zero Trust Network Access into one solution, there are no gaps in the security posture.

#4 Faster deployment and scalability: In the current fast-paced digital environment, speed of deployment is extremely important. A SASE model enables enterprises to quickly scale up and make a site available in considerably lesser amount of time than a traditional WAN.

#5 Central rollout of policies: The SASE model allows enterprises to centrally set and rollout policies. This makes it easier to enforce security across all sites – be it an office location, a remote branch or at different edge locations. Being cloud-enabled, this allows enterprises to quickly secure mobile workforces too.

#6 Better data protection: In today’s scenario, where data is distributed, accessed and stored in multiple places, ensuring protection of sensitive information is challenging. In a SASE model, Data Loss Protection (DLP) can be delivered as a cloud-based service that is focused on the data. This approach prevents unauthorized usage of data across the organization at any endpoint or device, leading to better data protection.

#7 Improved performance: SASE can ensure improved network performance as it allows enterprises to set policies that prioritize the usage of bandwidth according to usage. This leads to lower network congestion and allows bandwidth to be provisioned according to the importance. For example, bandwidth provisioned can be lesser for guest access, while core applications can get higher allocation of bandwidth.

#8 Reduced integration time: With SASE, there is no need for integrating multiple tools and vendors. With built-in integration support, there are no security gaps that are formed due to different security vendors following their own proprietary interfaces and frameworks

#9 Improved productivity of employees: With SASE, employees have increased visibility. They also have greater ability to enforce control by using a central portal. On a SASE portal, all related functions related to networking and security can be enforced.

#10 Improved security posture due to ZTNA: While a Zero Trust Network Access is relatively just one part of a SASE model, it significantly enhances the security posture of organizations. A default assumption of zero trust along with other services provides a proactive approach to enterprise security and provides protection irrespective of the device, the location or the network.

The SASE security model

The SASE Security model is said to be the future of security, as it combines many promising and effective technologies in one combined model. For enterprises which are struggling to enforce security controls across users, groups and devices, a SASE-based model allows enterprises to quickly scale and leverage the benefits of the cloud. This naturally translates into lower TCO and more effective security.

How SASE works

SASE is a cloud-based model which works by integrating network and security capabilities in a single unified framework. A SASE solution uses an inspection engine at an edge point of presence to analyze traffic for malware or any issues before it is routed or forwarded.  A SASE based solution gives access to cloud-based services and on-premises resources through a simplified centralized approach. This is done by aggregating network security and access controls through a single management control. This enables firms to have complete visibility into application and network performance and take proactive steps to prevent attacks. A SASE solution also automatically classify traffic and prevents access to unsanctioned content or applications. A SASE solution promises a proactive security posture as it works by allowing enterprises to create a dynamic identity and access based context security policy instead of fixed policies that were focused on perimeters.

SASE ensures improved security as access is only given to specific applications that are needed for users with respect to their work profiles. SASE also ensures that the user is authenticated and authorized using multi-factor authentication which enables users to access all applications with one set of credentials. SASE utilizes DNS as a security control point, which helps it in detecting and stopping cyberattacks early.

How is SASE deployed?

A SASE solution is a framework that specifically details out how specific technologies can be combined into a single cloud-based service to create a robust security posture. One of the first steps in a SASE journey is to identify and create an inventory of all application resources and classify them according to business criticality, performance and resources required to support functioning. This must be followed by defining clearly how every infrastructure resource connects to the overall enterprise ecosystem. Access policies are defined and network topologies and connectivity options are documented. This is followed by implementing every technology (Cloud Access Security Broker (CASB), Firewall Access as a Service (FWaaS), Secure Web Gateway (SWG) and Zero Trust Access Network (ZTNA)), that is part of the SASE framework in a step by step manner.

Why are organizations moving to a SASE architecture?

SASE has become extremely popular as it addresses the increasing need of enterprises to have improved security in a world which is increasingly getting used to a remote work culture. SASE ticks several boxes for enterprises with respect to remote security. This includes secure access to applications with respect to their work profiles, improved data protection and quicker rollout of networks. Research firm, Gartner estimates that by the year 2024, a minimum of 40% of enterprises will have clear adoption strategies for implementing adopt SASE.

What is the “edge” part of SASE?

In SASE or Secure Access Service Edge, the ‘edge’ refers to edge devices that can be connected to a cloud-based ecosystem or setup instead of physical data centers. This allows security policies to be enforced across devices that may be located at the edge.

What is included in SASE?

SASE is not a single technology, but an approach or a strategy that includes adoption of many sets of complementary technologies. SASE combines SD-WAN capabilities with Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall Access as a Service (FWaaS) and Zero Trust Access Network (ZTNA).

Why is SASE necessary?

In a world which is increasingly getting used to a distributed remote work model and adoption of multi-cloud models are on the rise, SASE is a promising solution as it converges complementary security technologies to create an effective and holistic security proposition that can be implemented and scaled quickly across locations due to a cloud-based approach.

Is SASE secure?

SASE is considered secure as it is a combination of several technologies that are complementary to each other. Each technology adds an additional layer of security, making SASE extremely secure.

Let us look at each technology, and analyze how it improves the overall security posture. In a SASE model, one of the prominent technologies is the Next Generation Firewall (NGFW). A NGFW helps enterprises create a micro-perimeter by creating a segmentation layer that allows only known traffic to pass through. This helps in enabling access to only authorized users, and gives enterprises the capability to fully analyze and differentiate between different types of traffic. It is also possible to apply additional granular controls such as URLs, IP addresses, domains or ports. This also prevents download of malicious content or software, as the firewall is constantly updated with respect to malware based on globally available threat detection databases. 

This protection is reinforced by the Secure Web Gateway (SWG), which protects users by offering capabilities such as URL filtering, deep packet inspection for malicious content and web access controls. SASE also offers capabilities such as IPS, which can continuously monitor threats and capture intelligence around these threats, which can help network administrators take preventive action. This can include blocking traffic from known fraudulent regions or IPs or blocking malicious bots.

When one looks at the complete solution that SASE offers, we can conclude that SASE can help enterprises adopt a Zero Trust model completely (it can deliver everything except WAF).

SASE challenges

As SASE is a blend of network and security, it requires the requisite skillsets that are associated with each technology that is part of a SASE based ecosystem. SASE is also a relatively new concept, and is evolving quickly. Many vendors are seeing ‘SASE’ as a huge opportunity and have different definitions or approaches towards achieving a SASE model. Many vendors have also repositioned their core offerings around Zero Trust without changing the core product offering. Enterprises hence need to carefully evaluate each technology vendor’s strengths and proven business use cases, before they make any commitment.

SASE vs CASB – What are the key differences?

CASB is just one technology of the SASE ecosystem. SASE offers a holistic security solution that includes CASB. A CASB is meant to be an intermediary between cloud providers and users. The key difference between CASB and a SASE solution is the level of integration that a SASE solution can achieve compared to a CASB solution. CASB has to be integrated with other security solutions for it to be fully effective. However, a SASE solution is a complete solution that provides a fully integrated security stack, which includes the CASB. This is much beyond the security features that a CASB provides.

Does SASE replace SD-WAN?

While SD-WANs have proved to be extremely popular, they do not include security or access control features that are necessary in a multi-cloud world. SASE addresses this weakness of SD-WANs by combining the capabilities of SD-WANs and fusing it with the required security technologies. SD-WANs hence can said to be a subset or a component of SASE.

Conclusion

In a multi-cloud world, there are a huge number of complexities that can affect the way you plan your IT infrastructure and network rollout, specifically with respect to remote locations. 

With over 17 years of experience, GlobalDots has an unparalleled knowledge of the core technologies that are critical for improving the performance of networks with the required level of security. Our team knows exactly what a business needs to do to succeed by providing the best network security and architecture that is required to deliver the needs that are required by a digital enterprise today.

In the midst of the huge marketing hype around SASE, it is tough for enterprises to understand which vendor can actually deliver a full-on SASE and which SASE is best for their needs. We can help enterprises by using our immense expertise and experience in SD-WANs and SASE

Latest Articles

Watch: SASE helps AMF Group to boost performance & security while reducing TCO

“Thanks to GlobalDots’ agile and efficient cloud-native innovation, we now have more than a dozen sites connected in various locations in Italy and around the world”. Through this case study, Enrico Fietta, IT Manager at AMF Group, explains how GlobalDots helped the organization to boost performance, improve its security posture, and reduce TCO with SASE.  […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
23rd January, 2023
You’ll Need Zero Trust, But You Won’t Get It with a VPN

Properly implemented, a zero trust architecture provides much more granular and effective security than legacy security models. However, this is only true if a zero trust initiative is supported with the right tools. Legacy solutions, such as virtual private networks (VPNs), lack the capabilities necessary to implement a zero trust security strategy. Zero Trust Security is […]

Shalom Carmel Chief Information Officer at GlobalDots
12th January, 2023
Case Study: GlobalDots Cuts Complexity & Cost For a Top University with SASE

Located in Tokyo, Waseda University is one of Japan’s top private institutions of academic research and higher learning. Classes were once conducted primarily in-person; the teacher’s whiteboard was one of the most useful learning aids. Network downtime had almost no impact on the students’ quality of study, but Waseda University had already noticed the benefits […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
24th October, 2022

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services