SASE: Secure Access Service Edge Defined

Secure access service edge, or SASE, is a form of security network architecture. Rather than working with four or five different vendors on pieces of your security plan, you'll work with just one that deploys everything you need in a cloud environment.

When did SASE begin?

We didn't know anything about the SASE movement until 2019, when Gartner defined the acronym and changed our terminology forever. 

Three security analysts developed the Gartner SASE vision. As they looked at the current security landscape, they realised that most companies focused on servers and locations. The dominant philosophy was that if they could keep one specific item in a defined space (such as a main server within a data centre in Cleveland) protected, all users would also be protected. 

In the SASE model, the focus shifts to the user's identity and the device that person uses. Security should start here and radiate outward rather than focusing on the destination and radiating in. 

The concept of the "edge" is an integral part of the SASE model. In security terms, the edge is close to a consumer. The smaller the distance between a device (like a phone) and the destination (like a server), the fewer delays and the better the experience.

What is SASE?

A SASE solution in the Gartner model has three main characteristics. The solution is:

  • Driven by users and resources. An individual's identity, not the person's IP address, determines access. Security options are set at the cloud level, triggered by the person's identity. 
  • Cloud-first, not just cloud-enabled. The solutions are designed to work within the cloud, and they offer cloud-based advantages such as adaptability, easy maintenance, and savings. 
  • Completely supported. One network provides everything a user might need, no matter where that person is. 

A solution like this may seem attractive now, especially if you have users distributed across many offices or even all across the world. But as more devices connect to the internet, and as consumers grow impatient with latency issues, SASE is likely to be even more valuable to companies just like yours.

SASE benefits and challenges

Switching from several solutions to one isn't easy. Perusing the pros and cons can help you understand if this is the right path for you or your organisation. 

SASE benefits include:

  • Agility. Scale up when your client base expands, or scale back when you must make cutbacks. 
  • Control. Develop security policies that your system applies consistently, no matter what device someone uses to connect with you. 
  • Cost. Buy from a single vendor rather than managing multiple contracts. 
  • Ease. Minimise the number of vendors and protocols your team must track and supervise. 

SASE challenges include:

  • Change. Shifting from programs you know and trust to new versions can cause anxiety and stress. You'll have new interfaces to learn. 
  • Newness. Gartner says it might take up to 10 years for SASE to go mainstream. The vendor you buy from now could have a completely different product in a year or two. 
  • Training. Your staff, company leaders, and customers may all need to learn how to use the program you purchase. 

Some security professionals may look over these lists and decide that now is the time to invest in SASE. But others may choose to wait a year or two before taking this step. 

If you do jump into the SASE space, expect quick implementation. Most vendors offer connections through virtual appliances, so you won't need to overhaul data centres or otherwise invest in hardware updates. You will need time to train staff, however.

What do SASE services include?

We've mentioned that SASE vendors combine several different security options into one product. Let's dig deeper into what companies following the Gartner SASE model include in their offerings. 

In general, analysts say, SASE products are comprised of five main technologies. They are:

  1. SD-WAN. A software-defined wide area network, or SD-WAN, connects far-flung users to key assets within your company. In the SASE model, everything is based within the cloud with distributed access points close to users. 
  2. FWaaS. Firewall as a service, or FWaaS, puts security technology in the cloud to protect the service edge. 
  3. Cloud access security broker. These tools ensure security policies are applied properly, no matter what device the user selects for a connection. 
  4. SGW. Secure web gateways, or SGWs, block some types of malicious traffic to company servers. They inspect packets at the edge with rules they update consistently.
  5. Zero Trust network access. Security relies on the user's identity rather than the IP address the person is using right now. 

Don't think of this as a shopping list. Some companies offer more products under the SASE model, and others swap out some elements for others they think will have more impact. 

Several companies are competing for your SASE business. In fact, there are so many entering the space that listing them is nearly impossible. As soon as we'd create a list, it would go out of date. 

Who can you trust in an ever-changing environment? These are the sorts of questions we address in our Oktane conferences. Did you miss the 2021 event? See the recap here.

References

Gartner Says the Future of Network Security Lies With SASE. (November 2019). The Hacker News. 

SASE: The Next Frontier in Cybersecurity. (February 2020). Digitalist Magazine.

Analysts Debate SASE's Merits as Vendors Board Hype Train. (November 2019). SDX Central. 

Who's Selling SASE and What Do You Get? (October 2020). Network World.