What is Secure Access Service Edge (SASE)

Secure Access Service Edge (SASE) is an emerging framework for the convergence of networking and network security services within a global cloud-based platform.

Read the 2020 Gartner Magic Quadrants for CASB and SWG

Netskope has been named a Visionary in the 2020 Gartner Magic Quadrant for Secure Web Gateways and a Leader for the 4th straight year in the 2020 Gartner Magic Quadrant for Cloud Access Security Brokers.

The traditional network perimeter is dissolving

Conventional security measures presumed that applications and users would be inside the network perimeter, which is no longer true. Corporate data is moving to the cloud, employees are increasingly working remote, and digital transformation initiatives require IT organizations to be nimble to capitalize on new business opportunities.


As a result, the traditional network perimeter is dissolving, and new models for access controls, data protection and threat protection are necessary. In light of these changes, organizations are finding that their existing collection of standalone point products such as firewalls, secure web gateway, dlp and casb, are no longer applicable in a cloud-first world.

What does a SASE architecture look like?

Secure Access Service Edge, or SASE, unifies networking and security services in a cloud-delivered architecture to protect users, applications and data everywhere. Given that users and applications are no longer on a corporate network, security measures can’t depend on conventional hardware appliances at the network edge. Instead, SASE promises to deliver the necessary networking and security as cloud-delivered services. Done properly, a SASE model eliminates perimeter-based appliances and legacy solutions. Instead of delivering the traffic to an appliance for security, users connect to the SASE cloud service to safely use applications and data with the consistent enforcement of security policy.

What is Secure Access Service Edge, and what does SASE architecture look like?

SASE includes the following technologies

A SASE architecture is capable of identifying users and devices, applying policy-based security controls, and delivering secure access to the appropriate applications or data. SASE makes it possible to provide secure access regardless of where users, data, applications or devices are located.

  • Cloud-native microservices in a single platform architecture
  • Ability to inspect SSL/TLS encrypted traffic at cloud scale
  • Inline proxy capable of decoding cloud and web traffic (NG SWG)
  • Firewall and intrusion protection for all ports and protocols (FWaaS)
  • Managed cloud service API integration for data-at-rest (CASB)
  • Public cloud IaaS continuous security assessment (CSPM)
  • Advanced data protection for data-in-motion and at-rest (DLP)
  • Advanced threat protection, including AI/ML, UEBA, sandboxing, etc. (ATP)
  • Threat intelligence sharing and integration with EPP/EDR, SIEM, and SOAR
  • Software defined perimeter with zero trust network access, replacing legacy VPNs (SDP, ZTNA)
  • Protection for the branch, including support for branch networking initiatives such as SD-WAN
  • Carrier-grade, hyper scale network infrastructure with a global POP footprint

Gartner SASE predictions


of enterprises will adopt SWG, CASB, ZTNA and branch FWaaS by 2023

Source: Gartner report: The Future of Network Security is
in the Cloud


of enterprises will develop strategies to adopt SASE by 2024

Source: Gartner report: The Future of Network Security is
in the Cloud

SASE Benefits



Allows for direct-to-net or direct-to-cloud access from anywhere vs. traditional hair-pinning back to the data center


Cost savings

Eliminates CapEx for on-premises infrastructure and provides lower, predictable OpEx due to its Security-as-a-Service model


Reduced complexity

Enables organizations to shift security staff from managing appliances to focusing on delivering policy-based security services; and unified policy enforcement simplifies SecOps


Increased performance

Enhances and accelerates access to internet resources via a global network infrastructure optimized for low-latency, high-capacity and high-availability


Zero trust network access

Provides secure, contextual access to private apps in public/private clouds


Threat protection

Stops cloud and web attacks such as cloud phishing, malware, ransomware, and malicious insiders


Data protection

Protects data everywhere it goes, inside and outside of the organization, including within public clouds as well as between company and person instances of cloud apps

Netskope named 2021 Customers’ Choice by Gartner Peer Insights

The Netskope team is very proud to announce that Netskope was named a 2021 Gartner Peer Insights Customers’ Choice for its Cloud Access Security Broker solution. *


Netskope is leading the way in helping our customers and their journey to SASE architecture. Read the Gartner Magic Quadrants for SWG and CASB to learn more.

How to get started with SASE

At the core of SASE is an integrated, extensible architecture that redefines security defenses in the cloud as a service. To get started, consider the following questions.

Do you currently have a single inline proxy solution capable of decoding thousands of cloud apps and web traffic using APIs and JSON?

Consider consolidating your secure web gateway (SWG) and cloud access security broker (CASB). This will provide critical visibility and control for data loss protection (DLP) and advanced threat protection (ATP) defenses that are also cloud-hosted in the same platform. Along with retiring your legacy SWG appliances, migrate to zero trust network access (ZTNA) to replace your legacy VPN appliances to modernize your overall secure access posture.

Can your current security stack provide cloud-scale SSL/TLS decryption and inspection?

The majority of cloud traffic is encrypted, and a growing number of attackers are leveraging the cloud to evade traditional network controls. Using cloud-scale SSL/TLS inspection helps you stay on top of the threat landscape.

Does your current MPLS / private network support high performance and availability?

Your users expect high performance with low latency, because if the SASE is slow, users will be unhappy. In order to deliver great user experience, make sure that your SASE solution is engineered for high performance and located in the places that your users are.

How many consoles and policies do you currently have to use to manage your existing security stack?

Many vendors are adapting or virtualizing their software and calling it a cloud-based solution. If it isn’t designed to be a SASE, you may end up with multiple administrative consoles, complex policies that are hard to manage, and time-wasting tools for conducting investigations. Choose a solution that has a single management console, single client, and a single policy to make sure that your SecOps teams can stay on top of security in your organization.


* Gartner Peer Insights ‘Voice of the Customer’: Cloud Access Security Brokers, 11 March 2021. The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.

Reimagine your perimeter.