Secure Access Service Edge: What is SASE? And Why It’s the Future for Cloud hosted Tech Stacks

The Software-as-a-Service (SaaS) industry is forecast to generate $157 billion by 2022, as more and more organizations move their workloads to the cloud and embrace the world of hybrid work. 

As companies increase their dependency on the cloud, however, they will likely experience latency and cost issues. This is because the traditional way of backhauling traffic through wide area network links (WAN) from endpoints to the data center and then to the Internet is not fit for purpose in the distributed world.  

People, applications and data used to sit in the workplace’s castle walls. Now, the walls no longer exist. The ‘edge’ of your company is wherever your people are – and they are a moving target. Safeguarding your data means protecting the edge: your people, the apps they interact with and the data they use at high-speed, without dampening productivity.  

It is from this challenge that Gartner has coined a new solution: SASE – secure access service edge. As Gartner puts it: 

“Complexity, latency and the need to decrypt and inspect encrypted traffic will increase demand for consolidation of networking and security-as-a-service capabilities into a cloud-delivered secure access service edge (SASE, pronounced “sassy”).” 

SASE is not a new security technology, but a convergence of WAN with already existing next-generation security solutions like Cloud Access Security Brokers, Firewalls as a Service, Secure Web Gateways and the Zero Trust Model. Gartner proposes that, when combined, these solutions form SASE: a streamlined, cloud-delivered security service that protects data at the edge, while delivering high-speed functionality that improves the end user experience. 

By 2024, Gartner predicts that 40% of organizations will have strategies in place to adopt SASE, up from a mere 1% in 2018. Below, we dive deep into SASE – and how it could work for your business. 

SASE’s 4 Security Factors

SASE relies on a cloud architecture, combined with unified policies and identity management, to secure corporate traffic wherever in the world it is. Here’s how this works:

  1. Identity and context focused: Using principles from the zero trust security model, SASE authenticates users before granting them access to corporate resources. To verify users, it intelligently analyzes factors such as login time and location to build a picture of the risk of the user, and enforces policies accordingly.
  2. Policy driven and streamlined: SASE enables organizations to streamline their compliance and security policies across the entire workforce. These policies can be adjusted and set for different users, devices and applications – all from one portal.
  3. Ongoing risk management: SASE is a dynamic solution. It follows the end user wherever they go and monitors the risk factors of the settings they choose, and enacts security policies to match these settings. 

Technologies that are Part of SASE

As mentioned above, SASE solutions are built on five critical security solutions. To realize the potential of SASE, it’s important to understand how each of these work contextually. 

  • SD-WAN: SASE relies on SD-WAN to deliver network functionality that reaches users and applications at the edge.  
  • FWaaS: SASE uses FWaaS to put the traditional firewall in the cloud. FwaaS scales elastically to the needs of the enterprise, meaning security policies can be enforced across the entire network, wherever employees are working from. 
  • Zero-trust Network Access: As explored in our recent blog, Zero Trust is less a security technology and a more principle. It’s the notion of “trust no-one” and verify everyone. Next-generation data loss prevention solutions (DLP) have zero-trust principles built into their models. They utilize dynamic verification capabilities to let users access, upload or download sensitive company data. 
  • A Secure Web Gateway (SWG): SASE utilizes SWG to mitigate malicious internet traffic and enforce security usage policies for accessing the web.
  • A CASB: With a CASB, SASE helps organizations to secure data in their cloud-based applications and eliminate shadow IT usage.  

What are the Benefits of SASE?

SASE offers numerous potential benefits to organizations, including:

Reduced complexity and increased savings

The traditional network-based security model is not fit for the hybrid world of work. Until now, there hasn’t been a complete security solution available for this setting, meaning most companies have taken a haphazard approach to adopting new tools that plug security and networking gaps. However, this has created additional complexity for IT management, as well as lacking scalability and being a drain on costs. With SASE, companies can streamline their security model, making it fit for the remote working world, and reducing costs in tandem. 

Same user experience

Gartner is confident in SASE’s ability to improve the end user experience. By bringing the user closer to security and improving network speed, SASE benefits from low latency and better bandwidth, which in turn has the potential to improve employee productivity and reduce connectivity-related frustrations. 

Improved security

SASE enables organizations to deliver security across all their applications, reducing the likelihood of data loss and theft significantly. Through cloud-based DLP, SASE protects data in motion and at rest across managed and unmanaged cloud applications, making it a solution that is truly fit for the remote workforce

What are the Challenges facing SASE?

While SASE may be the future of corporate security, the solution is still in its nascent stages. Before embarking on any deployment, organizations should be aware of the potential hurdles to adoption: 

Complexity: Networking and Security are two separate disciplines with strong interconnections. With SASE, these two disciplines combine into a new speciality altogether. IT teams will need to have a firm understanding of both disciplines, and how they interact within SASE, for a successful deployment.

PoPs: The edge of SASE relies on the set of cloud gateways ( known as POPs) they leverage. A successful solution will need to utilize POPs at scale to provide full coverage and high-speed performance. For smaller enterprises, generating a system like this will likely be too expensive.

Integration: A successful SASE deployment is a complete movement away from traditional network security. Organizations must strike a careful balance between shutting down legacy systems while rolling out SASE. Moreover, because SASE relies on numerous different technologies, integration must be seamless: endpoint agents from all the different solutions must align to ensure effective deployment.

Conclusion

Gartner is confident that SASE is the future enterprise secure networking model. Right now, though, it is more a vision than a readily adoptable reality. While SASE may be some time away, the solutions that underpin it are available today. By focusing on delivering agile, cloud-based, data-centric security, companies can adopt the foundational principles of SASE, and ensure their sensitive data is secured – even if their people are at the edge.

Request A Demo For Enterprise Solutions