Not all businesses understand what exactly Secure Access Service Edge (SASE) means – whether it is a set of products or services, a comprehensive system, or simply a concept and methodology. Let’s figure out the answer and dwell on how big the marketing component of the SASE hype is, what benefits such solutions and services bring to customers, and who should be responsible for their functioning.

What is SASE?

Originally introduced by IT research giant Gartner, the term SASE denotes a convergence of Network as a Service (NaaS) and Security as a Service (SaaS) paradigms. The transition to remote work and the growing popularity of cloud services have rendered the traditional security model ineffective. SASE services bring security closer to the end-user and allow almost unlimited scalability.

In plain words, SASE is a combination of network and security services. From a networking perspective, it allows you to optimize data transfer and redirect traffic in a frictionless way. From a security viewpoint, it all depends on the location of the resources the user is accessing. Edge computing services operate beyond traditional enterprise security mechanisms and safeguard users as they connect to the cloud from anywhere in the world.

SASE plays a major role in accelerating the use of cloud resources. It enlightens InfoSec and IT professionals as to the technologies that make the work with cloud services comfortable and safe.

Experts note that SASE is not a separate product. It is a set of solutions that can be combined to fully meet a customer’s needs. An example of edge security services in action could be a situation where a company’s employee moves to another country or region. When connecting to the point of presence (PoP) at the new location, they will get high-quality routing and quick access along with all the necessary security services.

Many companies have not considered giving SASE solutions a shot yet. One of the factors inhibiting its development is the lack of customers’ confidence in cloud security technologies as such. To a big extent, this distrust stems from the following factors:

  • Regulatory pressure.
  • Resistance of security professionals who are afraid to transfer some of their functions to the cloud.
  • The focus of many companies is on the domestic rather than the global market.

To recap, SASE is not a product or a technology, but rather a concept and a strategy largely bolstered by marketing.

SASE Components

Gartner lists 25 elements that may be included in such a solution. In this regard, many experts wonder whether SASE can be considered full-fledged if some of these components are missing.

Several core entities make up the SASE stack. These are SD-WAN, Secure Web Gateway, Cloud Access Security Broker (CASB) solutions, Firewall-as-a-Service (FWaaS), and a zero trust access system. A series of other tools, such as data loss prevention (DLP) mechanisms, sandboxing, web application and page isolation services in the browser, and Wi-Fi segment protection, are optional and can be purchased by the customer as needed.

Looking at SASE from the angle of customer needs, three key services should be implemented:

  • Data protection, both within the cloud and in transit between services.
  • Secure access based on cloud technology.
  • Local points of presence (PoPs) that meet regulatory requirements.

There is no such thing as a solution that fully and unconditionally meets all SASE requirements. Some vendors are stronger in networking technologies, while others are focused on security. Therefore, it is necessary to proceed from the client’s objectives, selecting the necessary configuration of the Secure Access Service Edge for them.

A key element of SASE that sets this concept aside from other access systems is the presence of zero trust network access (ZTNA) services. They are a decent alternative to the use of a firewall and can be accessed from anywhere around the globe thanks to the cloud.

Another common question is whether a virtual private network is an inalienable part of SASE. The fact is that remote access VPN tools usually constitute unified threat management (UTM) gateways implemented in Secure Access Service Edge services.

A transition to the SASE philosophy does not imply abandoning endpoint protection systems and traditional means of securing an organization’s perimeter. What’s the point of leveraging another secure access service then?

The ratio of employees working in the office and those connecting to enterprise resources from home has changed dramatically since early 2020. Unsurprisingly, companies’ security teams have to deal with a new category of devices – home computers and laptops, which are often weaker protected and susceptible to various cyber-attacks. This is why the ideology of edge services is relevant at the moment.

Who Should Deploy and Maintain SASE?

Successful SASE implementation hinges on clear role distribution, primarily managed by IT specialists who also handle VPNs and firewalls. Economically, SASE's standout benefit is its agility in providing secure access to new locations, making it ideal for retail and other sectors with numerous, ever-changing branches. While leaning more towards IT, effective SASE deployment requires collaboration between IT and security departments to ensure both seamless network connectivity and stringent access security, aligning with organizational policies and standards.

What is the SASE Provider Responsible for?

All solutions have service-level agreements (SLAs) that specify cloud availability parameters and compensation for failure to meet them. Providers also disclose the networking technologies and data processing rules they use. In addition, there is a logging system and the option for a third-party company to evaluate the reliability of the service. In some markets, there are contractual penalties for downtime.

Before opting for a managed SASE service, organizations should familiarize themselves with the vendor’s data disclosure policy that specifies what kind of information may be handed over to law enforcement agencies or other authorities officially vested with the right to request it. Another important question to ask is how the provider ensures the effectiveness of its security features. One more thing on the checklist is to gain insights into the advantages of using the vendor’s cloud-based secure access services over deploying similar on-premises systems.

SASE Implementation Peculiarities

When considering SASE, organizations face a choice: adopt a ready-made vendor solution or build their own. The vendor option is straightforward but can be costly and potentially include unnecessary features. Building in-house is more budget-friendly and customizable but demands significant technical expertise.

For those with capable IT teams, implementing SASE starts with setting up SD-WAN to connect your main office and branches. This approach enhances network flexibility and optimizes cloud application performance by avoiding traditional traffic backhauls to the data center.

Next, to ensure robust security across your network, integrate tools like Secure Web Gateways, Web Application Firewalls, sandboxing, CASB, DLP, and VPNs. Tailor this mix to your network's specific needs. Finally, adopt a zero trust approach, segmenting your network and aligning access privileges with user and device roles, to complete your SASE framework.

Summary

The traditional security model is focused on fortifying the network perimeter by means of firewalls and various antimalware tools. Essentially, this approach revolves around preventing external threats from infiltrating an organization’s digital environment. Nowadays, this security philosophy is becoming obsolete, as more users need to access their companies’ critical applications and data from different locations and devices.

On-premises data centers are no longer the pivots of network traffic as corporate applications are increasingly migrating to the cloud, and the use of conventional routers doesn’t get along with the ubiquity of cloud services very well, to put it mildly.

SASE appears to be the silver bullet in the paradigm of dissolving security perimeters. It ensures high performance of web applications and outstanding flexibility in terms of the supported connection types. Importantly, it also facilitates the implementation of security policies and new quality of service (QoS) specifications throughout a geographically distributed enterprise network to ramp up any organization’s defenses against unauthorized access.