Conventional security measures presumed that applications and users would be inside the network perimeter, which is no longer true. Corporate data is moving to the cloud, employees are increasingly working remote, and digital transformation initiatives require IT organizations to be nimble to capitalize on new business opportunities.
As a result, the traditional network perimeter is dissolving, and new models for access controls, data protection and threat protection are necessary. In light of these changes, organizations are finding that their existing collection of standalone point products such as firewalls, secure web gateway, dlp and casb, are no longer applicable in a cloud-first world.
Secure Access Service Edge, or SASE, unifies networking and security services in a cloud-delivered architecture to protect users, applications and data everywhere. Given that users and applications are no longer on a corporate network, security measures can’t depend on conventional hardware appliances at the network edge. Instead, SASE promises to deliver the necessary networking and security as cloud-delivered services. Done properly, a SASE model eliminates perimeter-based appliances and legacy solutions. Instead of delivering the traffic to an appliance for security, users connect to the SASE cloud service to safely use applications and data with the consistent enforcement of security policy.
A SASE architecture is capable of identifying users and devices, applying policy-based security controls, and delivering secure access to the appropriate applications or data. SASE makes it possible to provide secure access regardless of where users, data, applications or devices are located.
Gartner SASE predictions
Allows for direct-to-net or direct-to-cloud access from anywhere vs. traditional hair-pinning back to the data center
Eliminates CapEx for on-premises infrastructure and provides lower, predictable OpEx due to its Security-as-a-Service model
Enables organizations to shift security staff from managing appliances to focusing on delivering policy-based security services; and unified policy enforcement simplifies SecOps
Enhances and accelerates access to internet resources via a global network infrastructure optimized for low-latency, high-capacity and high-availability
Provides secure, contextual access to private apps in public/private clouds
Stops cloud and web attacks such as cloud phishing, malware, ransomware, and malicious insiders
Protects data everywhere it goes, inside and outside of the organization, including within public clouds as well as between company and person instances of cloud apps
At the core of SASE is an integrated, extensible architecture that redefines security defenses in the cloud as a service. To get started, consider the following questions.