SASE – Secure Access Service Edge

SASE – The secure access service edge (pronounced as “sassy”) is an emerging technology category of products and services that converge SD-WAN with comprehensive network security functions (such as SWG, CASB, FWaaS, and ZTNA).  SASE solutions connect and secure devices together through one global platform.

The category was first defined by Gartner in its Hype Cycle for Enterprise Networking, 2019 and later in The Future of Network Security Is in the Cloud. 

What is SASE?

SASE solutions are ideally delivered as services (says Gartner) but can be delivered as turn-key edge appliances. The use of networking technologies (SD-WAN, WAN optimization, Route optimization and more ) to deliver the best possible network experience to any connecting entity —  group (a site), users, devices, applications, services, and IoT system — regardless of location. 

At the same time, they also restrict restricted based on identity and real-time context (such as location) in accordance with enterprise security/compliance policies and continuously assessed throughout the session. 

Although there are dozens of characteristics associated with SASE, four main attributes are essential:

• Global SD-WAN Footprint. SASE service providers should provide, in effect, a global SD-WAN service with its own private network comprised of points of presence (PoPs) worldwide. Traffic is routed across their network, avoiding the global Internet’s latency problems. 
• Distributed Inspection and Policy Enforcement.  Security inspection and policy enforcement are distributed across a SASE provider’s PoPs. Traffic is not backhauled for security inspection. Core security services include SWG, CASB, ZTNA, and FWaaS. 
• Cloud-native Architecture. A SASE service should use a converged, multi-tenant cloud-native software stack not discrete networking and security devices service chained together. SASE solutions delivered as a CPE should be turnkey boxes just “turn it on and forget it,” as Gartner says.
• Identity-driven. Security and network access are delivered based on user identity, not an IP address. The identity can be the name of the user but will also consider the device being used and the user’s location.

What Are the Benefits of SASE?

SASE brings many, many benefits to the enterprise. Some of the more notable ones include: 

• Reduced costs by reducing the number of components and vendors. Competition among SASE solutions will lead to additional cost savings.
• Better network performance by using a global SD-WAN service with its own private backbone and built-in optimization
• Security improvement and performance by inspecting traffic flow at the source (performance) and inspecting every data flow user (security improvement) Seeing policies based on identity —  not IP address — will also help. 
• Less overhead due to the fact that SASE vendors run and maintaining the security engines. IT is freed from the updating, patching, and scaling appliances.

What are the Drawbacks? 

SASE as a technology sector is far too new for drawbacks to emerge. Implementations are still far and few between. What’s more, there are different approaches to SASE, which makes it reasonable to assume that there will be different solution limitation:

• Nothing new can be found in SASE as it is the integration of existing technologies not the introduction of new ones. This is a common refrain from several analysts. My belief is that integration is innovation and for that, you need to look no further than our smartphone that “only” replaced a bunch of existing technologies. If SASE providers are truly able to package existing technologies in a seamless, global services whose costs are amortized across all customers (multitenant) that will be remarkable. 
• High degree of trust is being placed in SASE providers. By packaging together so much functionality, SASE providers assume IT professionals are willing to give up a degree of freedom that comes from multisourcing. If SASE is done right, one provider will deliver all networking and security needs. Trust and reputation will be important selling points.

I found sd-wan-experts published a pretty good article on this topic.The original post can be found HERE.