SASE (pronounced “sassy”), is an emerging cybersecurity concept that Gartner’s Andrew Lerner defines as “the convergence of wide area networking (WAN) and network security services like CASB, FWaaS and Zero Trust (ZTNA) into a single, cloud-native service model.The shift to a secure access service edge (SASE) solution is rapidly increasing as hybrid work and cloud computing continue to excel.
SASE combines software-defined wide area networking (SD-WAN) capabilities with a number of network security functions, all of which are delivered from a single cloud platform. In this way, SASE enables employees to authenticate and securely connect to internal resources from anywhere, and gives organizations better control over the traffic and data that enters and leaves their internal network. In this SASE architecture definition, users are provided modern cloud-first architecture for both WAN and security functions, all delivered and managed in the cloud.
Components of SASE include:
- Secure SD-WAN:SD-WAN is a foundational component and an integral part of a SASE architecture.One of the key capabilities the SD-WAN must support is adaptive internet breakout. What this means is sending traffic from branch locations that is destined for the cloud directly to SaaS and/or IaaS providers, using the internet, and without backhauling it to the data center for security inspection. This requires the ability to granularly steer traffic based on the application Quality of Service and security policy enforcement requirements driven by business needs.
- Secure web gateways (SWG): An SWG prevents cyber threats and data breaches by filtering unwanted content from web traffic, blocking unauthorized user behaviour, and enforcing company security policies. SWGs can be deployed anywhere, making them ideal for securing remote workforces.
- Cloud Access Security Broker (CASB):Cloud access security broker (CASB): A CASB performs several security functions for cloud-hosted services, including revealing shadow IT (unauthorized corporate systems), securing confidential data through access control and data loss prevention (DLP), and ensuring compliance with data privacy regulations.
- Zero Trust Network Access (ZTNA):Zero trust network access (ZTNA): ZTNA platforms lock down internal resources from public view and help defend against potential data breaches by requiring real-time verification of every user and device to every protected application.
5 Firewall-as-a-Service (FWaaS):Cloud-based firewall solutions protect the platform, applications, and connected services. When a user connects to the FWaaS on the internet, the solution functions as the typical firewall that applies domain rules and URL filtering. FWaaS solutions provide advanced capabilities like web content filtering, DNS security, intrusion detection, and advanced threat protection (ATP).
Depending on the vendor and the needs of the enterprise, these core components may be bundled with additional security services, including web application and API protection (WAAP), remote browser isolation, or Wi-Fi hotspot protection.