Secure Access Service Edge (SASE)

7 min read

SASEとは

Secure Access Service Edge (SASE), pronounced “sassy,” is a cloud-based architecture that delivers network and security services meant to protect users, applications, and data. This term was coined by Gartner in 2019 and has quickly risen through the ranks to become one of the top aspirational security concepts of the current decade so far. Given that many users and applications no longer live and operate on a corporate network, access and security measures can’t depend on conventional hardware appliances in the corporate datacenter.

SASE promises to deliver the necessary networking and security capabilities in the form of cloud-delivered services. Done properly, a SASE model eliminates perimeter-based appliances and legacy solutions. Instead of delivering the traffic to an appliance for security, users connect to the SASE cloud service to safely access and use web services, applications, and data with the consistent enforcement of security policy.

Where is the “edge” in Secure Access Service Edge?
The “edge” in SASE refers to the cloud provider’s global systems that exist on their hardware (data centers and devices). Users access cloud services by logging in and authenticating their identities, from any location, and are passed through this “edge” into the cloud environment.

sase meaning


White Paper: SASE and the Seven Forces Shaping Security Transformation
Blog: A CISOs View of SASE


 

Why is SASE important?

従来のセキュリティ対策では、アプリケーションとユーザーがネットワーク境界内に存在することが想定されていましたが、この前提が崩れつつあります。企業データがクラウドに移行し、従業員がリモートで作業する作業が増えています。また、デジタルトランスフォーメーションイニシアチブでは、IT組織は新しいビジネスチャンスに素早く活用する必要があります。

As a result, the traditional network perimeter is dissolving, and new models for access controls, data protection, and threat protection are necessary. In light of these changes, organizations are finding that their existing collection of standalone point products such as firewalls, secure web gateway, data loss prevention (DLP), and cloud access security brokers (CASB), are no longer applicable in a cloud-first world.

ガートナーのSASEに関する予測

 

20% of enterprises will adopt SWG, CASB, ZTNA and branch FWaaS by 2023
of enterprises will adopt SWG, CASB, ZTNA and branch FWaaS by 2023
40% of enterprises will develop strategies to adopt SASE by 2024
of enterprises will develop strategies to adopt SASE by 2024

参考: GARTNER レポート: THE FUTURE OF NETWORK SECURITY ISIN THE CLOUD

 

SASEアーキテクチャはどのようなものでしょうか

Secure Access Service Edge, or SASE, unifies networking and security services in a cloud-delivered architecture to protect users, applications, and data everywhere. Given that users and applications are no longer on a corporate network, security measures can’t depend on conventional hardware appliances at the network edge.

SASE diagram

There are two sides of SASE architecture: Security and Networking

Instead, SASE promises to deliver the necessary networking and security as cloud-delivered services. Done properly, a SASE model eliminates perimeter-based appliances and legacy solutions. Instead of delivering the traffic to an appliance for security, users connect to the SASE cloud service to safely use applications and data with the consistent enforcement of security policy.


Blog: How to Securely Manage Your Shift to the Cloud
Blog: How to Think About Gartner’s Strategic Roadmap for SASE Convergence


 

SASE Includes the Following Technologies and Capabilities

SASEアーキテクチャは、ユーザーとデバイスを識別し、ポリシーベースのセキュリティ制御を適用し、適切なアプリケーションやデータへの安全なアクセスを提供することができます。SASEは、ユーザー、データ、アプリケーション、デバイスの場所に関係なく、安全なアクセスを提供することを可能にします。

  • 単一のプラットフォームアーキテクチャかつクラウドネイティブのマイクロサービス
  • SSL/TLS 暗号化されたトラフィックを検査する機能
  • Inline proxy capable of decoding cloud and web traffic (Next-Generation Secure Web Gateway/NG SWG)
  • Firewall and intrusion protection for all ports and protocols (Firewall as a Service/FWaaS)
  • Managed cloud service API integration for data-at-rest (Cloud Access Security Broker/CASB)
  • Public cloud IaaS continuous security assessment (Cloud Security Posture Management/CSPM)
  • Advanced data protection for data-in-motion and at-rest (Data Loss Prevention/DLP)
  • AI/ML、UEBA、サンドボックスなど、高度な脅威対策 (Advanced TP)
  • Threat intelligence sharing and integration with EPP/EDR (Endpoint Protection Platform/Endpoint Detection and Response), SIEM (Security Information and Event Management), and SOAR (Security Orchestration, Automation, and Response)
  • Software-defined perimeter with zero trust network access, replacing legacy VPNs (SDP, ZTNA)
  • Protection for the branch, including support for branch networking initiatives such as SD-WAN (Software-Defined Wide Area Network)
  • Carrier-grade, hyper-scale network infrastructure with a global POP (Point of Presence) footprint

Blog: Where CASB and SWG and Headed
Blog: Don’t Strangle Your SASE


 

What are the Benefits of SASE?

1. Flexibility:
Allows for direct-to-net or direct-to-cloud access from anywhere for easy adoption of new digital business models

2. Cost savings:
オンプレミスインフラストラクチャの設備投資を削減し、サービスとしてのセキュリティモデルにより、運用コストを低く抑える

3. Reduced complexity:
Consolidated services into a cloud-delivered model eliminates complex stack of legacy point solutions and simplifies operational effort

4. Increased performance:
Enhances and accelerates access to internet resources via a global network infrastructure optimized for low-latency, high-capacity, and high-availability

5. Zero trust network access:
パブリック/プライベートクラウド上に展開されたプライベートアプリへのセキュアでコンテキストに基づいたアクセスを提供

6. Threat protection:
クラウドフィッシング、マルウェア、ランサムウェア、悪意のあるインサイダーなどのクラウド攻撃やウェブ攻撃を阻止

7. Data protection:
認可クラウドの中だけでなく、企業用と個人用のクラウドアプリケーションのインスタンス間も含めて、組織内外のあらゆる場所のデータを保護

 

What are the Four Questions to Ask When Adopting SASE?

1. How does your current web or cloud security give you full visibility and context across all web and cloud traffic?

セキュア Web ゲートウェイ (SWG) とクラウドアクセスセキュリティブローカー (CASB) を統合することを検討してください。これにより、同じプラットフォームでクラウドホストされるデータ損失保護 (DLP) と高度な脅威対策 (ATP) 防御の重要な可視性と制御が提供されます。従来の SWG アプライアンスを廃止するほか、ゼロトラストネットワークアクセス(ZTNA)に移行して、従来のVPN アプライアンスを置き換えて、セキュリティで保護されたアクセス体制全体を最新化します。

2. What level of cloud-scale does your current security solution provide?

クラウドトラフィックの大部分は暗号化されており、従来のネットワーク制御を回避するためにクラウドを活用する攻撃者が増えています。クラウド規模の SSL/TLS 検査を使用すると、脅威の状況を把握できます。

3. Does your current network support high performance and consistent availability?

Users expect high performance with low latency, because if the SASE is slow, unhappy users will look for ways around your system. In order to deliver great user experience, make sure that your SASE solution is engineered for high performance and located in the places that your users are.

4. How many consoles and policies do you currently have to use to manage your existing security stack?

Many vendors are adapting or virtualizing their software and calling it a cloud-based solution. If it isn’t designed to be a SASE, you may end up with multiple administrative consoles, complex policies that are hard to manage, and time-wasting tools for conducting investigations. Choose a solution that has a single management console, single client, and a single policy engine to streamline operations and effectiveness for network and security teams.


For more information on SASE, download Netskope’s SASE Resource Pack and SASE Adoption Guide.

 

SASE Week

Where Networking, Security, and Zero Trust Intersect

 

Secure Access Services Edge (SASE) architecture and zero trust principles are the answers to many of the challenges companies face with the acceleration of digital transformation. Netskope is positioned to help you begin your journey and discover where security, networking, and zero trust fit in the SASE world.

 

Whether your focus is protecting the enterprise or managing the network, we invite you to replay these sessions centered around building a SASE framework, exploring zero trust principles, and securing your business for the future.

 

SASE Week

Become a SASE Expert

Sponsored by Netskope, The SASE Accreditation is an introductory training on Secure Access Service Edge (SASE), an architectural framework for security and networking that addresses the security challenges modern organizations face as they embrace cloud applications, protect data, and unify networking and security services.

 

In this two-day accreditation, you will learn how SASE helps networking and security professionals gain greater visibility and real-time actionable information about cloud services, activity, traffic, and data while also simplifying your security stack.

SASE accreditation course by Netskope

リソース

Blueprint for Zero Trust in a SASE Architecture

Blueprint for Zero Trust in a SASE Architecture

2020 SWGのマジック クアドラント

2020 SWGのマジック クアドラント

2020 CASBのマジック クアドラント

2020 CASBのマジック クアドラント

Gartner: 2021 Strategic Roadmap for SASE Convergence

Gartner: 2021 Strategic Roadmap for SASE Convergence

Designing a SASE Architecture For Dummies

Designing a SASE Architecture For Dummies

How to Get SASE Right the First Time

How to Get SASE Right the First Time

Network Considerations in the age of SASE

Network Considerations in the age of SASE

SASE and the Seven Forces Shaping Security Transformation

SASE and the Seven Forces Shaping Security Transformation

Adoption Guide for SASE

Adoption Guide for SASE

Top 5 SASE Use Cases for Remote Workers

Top 5 SASE Use Cases for Remote Workers

Building a SASE-ready Architecture with Netskope Security Cloud and Your Existing Security Infrastructure

Building a SASE-ready Architecture with Netskope Security Cloud and Your Existing Security Infrastructure

How the Security Inversion Impacts User and Data Protection

How the Security Inversion Impacts User and Data Protection

The SASE Blog Collection

The SASE Blog Collection

Subscribe for the latest cloud security insights

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.