Secure Access Service Edge, abbreviated as SASE (pronounced "sassy"), is a comprehensive framework that converges networking and security services into a single, cloud-native platform. Unlike traditional networking models that rely on a series of hardware appliances and complex infrastructures, SASE leverages the power of the cloud to provide seamless and secure connectivity for users and devices, regardless of their location.
While SD-WAN abstracted the underlying connectivity of your network allowing you to bring any connection (fiber, 5G, DSL, MPLS, etc.) under your network umbrella it still didn’t directly address the need for advanced security features, your mobile workforce, and the ongoing and evolving security roadmap that enterprises are on.
Think of SASE as the combo meal. Not only are you getting an SD-WAN you are getting a Security Services Edge (SSE). It’s the combination of these technologies that allows you to address the shortcomings of SD-WANs deployed alone.
There are a few core differences in a SASE deployment (remember this is just SD-WAN + SSE) versus a pure SD-WAN deployment:
Keeping the core foundation of what makes SD-WAN the networking standard maximizing uptime, reliability of local edge locations, and automating routing decision making by location. But, in traditional SD-WAN deployments your organization has to make a decision best in class routing and firewalling versus simplified edge deployments. Now you can forecast security budget without adding the investment of a physical firewall and the all-important Unified Threat Management (or higher) at every location to support local internet connections.
Avoiding the seemingly constant investment of additional and upgrading local firewalls for offices and at home users as your organization's capacity needs grow. Consolidating your edge security and network strategy removes local failure points of physical equipment and trouble isolation steps between different pieces of equipment and technologies. In this model your local, regional, and global management of access and policies simplify and templatize between sites and business units. Enforcement of local security policies and site segmentation delivered via cloud orchestration. Giving your organization the ability to add additional feature set and policies that are added without new equipment, or application providers.
SASE is a cloud-native architecture that aims to converge networking and security services, reducing the reliance on traditional on-premises hardware. SASE is designed to be delivered as a service from the cloud, and the hardware requirements for organizations implementing SASE are minimal compared to traditional networking solutions.
Network traffic typically takes one of a few routes: data is backchanneled to your company’s data centers through your SD-WAN appliances, routed directly, but encrypted via VPN, to trusted SaaS solutions, or companies build their own cloud based SD-WAN hub locations to funnel and inspect all Internet facing traffic.
When we introduce a SASE solution our traffic is routed through points of presence (POPs) this eliminates the need to backhaul any traffic through central data centers or develop your own POP infrastructure. Because your SASE provider is delivering all your advanced networking and security in the cloud you can eliminate the middleman and have traffic delivered directly to a globally distributed network of POPs which applies security and routing to all your traffic and delivers it through a private backbone to it’s intended destination.
In addition, SASE networks open a whole new range of security features:
Zero Trust Network Access (ZTNA)
ZTNA defaults to denying traffic unless specifically allowed. A traditional approach based on a VPN is going to allow all traffic to a LAN. This introduces a whole new level of granularity of access to your network but also allows for better visibility and control as well. Because the movement of a user can now be tracked at a very low level compromised accounts can be discovered based on their network activity alone.
Cloud Secure Web Gateway (SWG)
100% of your traffic and users can now be protected as URL filtering, malicious content inspection, web access controls and acceptable use policies are easily updated and monitored in real-time from one central location.
Cloud Access Security Broker (CASB)
Not sure if the cloud services used by your organization are being used in a secure and compliant manner? CASB removes the guesswork. CASB gives you a new level of control over how your data in the cloud is used and shared. Tired of worrying about a compromised cloud provider infecting your network? CASB monitor behavior in the cloud to identify ransomware, compromised users, and rogue applications so you know that your network is safe even though the cloud isn’t always a safe place.
Want all the benefits of a firewall without having to manage and upgrade devices? You can now use cloud based firewalls to replace the functionality of firewalls deployed across your network.
The last benefit is perhaps the most important: SPEED!
SASE networks can unlock a whole new level of speed in your network. By using a globally distributed private backbone you ensure your traffic that is going back to your corporate data centers, cloud providers, and SaaS applications is spending most of it’s time in a highly managed and performant network that performs both more quickly and consistently and than the public internet but is also far cheaper than an MPLS.
But the SPEED we are most excited about is the speed at which you can deploy a SASE network. We have successfully deployed global networks in weeks through our SASE partners that historically would have taken months building out any other way. If you can get your users traffic to a POP, most of your heavy lifting is done. Because these SASE providers deploy their solutions in the cloud and use their own private global infrastructure the long tail in equipment procurement, device configuration, telecom delivery and deployments are significantly shortened or removed entirely.
Ready to figure out if the SASE approach is the right approach for your company? Reach out to us here to continue the discussion.