What is Secure Access Service Edge (SASE)?

Debasish Pramanik Cloud Security Expert - CloudCodes Software
  • July 13th, 2021

SASE is an acronym for Secure Access Service Edge. Leading analyst firm Gartner started using this term in 2019 to represent new cloud-native security architecture. According to the SASE Gartner blog (https://blogs.gartner.com/andrew-lerner/2019/12/23/say-hello-sase-secure-access-service-edge/)

“SASE definition combines network security functions such as SWG, CASB, FWaaS, and ZTNA with WAN capabilities (i.e., SDWAN) to support organizations’ dynamic, secure access needs. These capabilities are delivered Primarily as a Service(PaaS) and based upon the identity of the entity, real-time context, and security/compliance policies.”

To simplify SASE Architecture, it combines multiple existing technologies to provide a holistic cloud security solution to an enterprise. It includes cloud security, network security, web security, and data threat protection capabilities to secure data, users, and applications.

From a technology perspective, there is nothing new as Secure Access Service Edge is a culmination of various existing technologies not creating a new one. But the exciting part is the way these technologies get interconnected to provide seamless integration. SASE is not a single product but an approach to bind multiple existing technologies innovatively. The focus is on how we deliver the information from one end to another end, and what happens in between.

SASE security can either be delivered as a service or as an edge appliance. SASE overcomes the various indicators for geographically bound solutions that include cost, complexity, and rigidity of loosely integrated point solutions. 

The Secure Access Service Edge (SASE) Technology Include the Following:

  • Cloud-native microservices in a single platform architecture
  • Ability to inspect SSL/TLS encrypted traffic at cloud scale
  • Inline proxy capable of decoding cloud and web traffic (NG SWG)
  • Firewall and intrusion protection for all ports and protocols (FWaaS)
  • Managed cloud service API integration for data-at-rest (CASB)
  • Public cloud IaaS continuous security assessment (CSPM)
  • Advanced data protection for data-in-motion and data at-rest (DLP)
  • Advanced threat protection, including AI/ML, UEBA, sandboxing, etc. (ATP)
  • Threat intelligence sharing and integration with EPP/EDR, SIEM, and SOAR
  • Zero trust network access replacing legacy VPNs and hair-pinning (ZTNA)
  • Software-defined perimeter with zero trust access (SD-WAN, SDP)
  • Carrier-grade, hyper-scale network infrastructure with global access POPs
  • SaaS acceleration, traffic shaping, caching, and bandwidth optimization