SASE stands for Secure Access Service Edge. It is an emerging network architecture combining comprehensive WAN capabilities with comprehensive network security functions such as SD-WAN, SWG, CASB, FWaaS and ZTNA to support the dynamic secure access needs of enterprises’ digital transformation. SASE is a combination of Security and Connectivity. And it is the Future of Network and Security Architecture.
Problems That SASE Solves
In today’s IT landscape, even so since 2020 global pandemic, the problems customers facing are:
Connectivity: Large amount of users have been working from home for over a year now and large portion of them may continue WFH permanently. How do we connect users with their applications and data efficiently? Anywhere to Anywhere, on-prem and remote?
Security: Security is a big concern. When users, apps and data are spread out everywhere, how do you not lose control? How do you enforce a good set of security policies without compromising productivity?
User experience: How do we give remote users the same experience as if they were working from the office, without network slow down, unreliable connections and etc.?
Benefits of SASE Architecture
To solve the problems, SASE architecture provides the following solutions:
Simplified and highly sophisticated network connectivity
SD-WAN helps connect branch offices, users, apps and data, anywhere. One no longer needs to build static VPN tunnels manually, and worried about complex MPLS configurations and costs. With zero-trust private access that SASE offers, it doesn’t matter if a user is in the office, at home or at an airport, we want to make sure the users can connect to the applications and data they need, with the same user experience regardless where they are.
Distributed security enforcing points
We used to have full control of all users sitting behind the corporate firewall in an office environment. Since 2020, large number of remote users logging in through VPN. The corporate firewall and the VPN device become a choke point of all traffic. Not to mention the large amount of IoT devices floating around on-prem as well as at user’s locations also needs control.
Now with users and applications all over the places, the true network security perimeter is evolving. A single point of enforcement point can no longer scale to meet the needs.
With the SASE architecture, security enforcing point is moved closer to where the users are before user traffic is entered into the corporate network. The enforcing point is often delivered in the cloud, there is no hardware to install. It makes scaling and management easy.
Apply consistent security policy
When users are connected to the network from different locations and using different devices, a different set of security policies are often applied to the user. It is difficult to manage a growing and dynamically changing workforce.
With the SASE model, security policies are configured and managed centrally. It is easy to apply different policies based on user’s location (on-prem vs. remote), device type (company issued vs. personal) and the application type they are trying to access, whether it is a sanctioned application managed by the IT such as Office 365 and Salesforce, or public SaaS applications like Gmail and Dropbox.
Centralized visibility
The SASE architecture aggregates all user activities and app access logs into a single pane of glass view. It makes reporting and troubleshooting much easier.
Scalable and ease of management
The security component of the SASE architecture is delivered in the cloud. It greatly reduces IT overhead and easy to manage. It can scale up and down without large CapEx.
Summary
We want to keep the future network and security architectures simple and repeatable. Connect users with applications and data seamlessly; add security on top of the connectivity, with ZTNA, threat detection and prevention. Finally repeat the same model at all branch offices and for remote users. With the benefits described above, more businesses are moving to adopt the SASE model. It is the future of network and security architecture.