What is SASE?

What does SASE mean?

SASE (pronounced ‘sassy’) stands for Secure Access Service Edge. SASE is a cloud-based networking platform designed to secure decentralised networks that connect users, applications and devices from anywhere.

How does it work?

Network perimeters have expanded over the past few years, further accelerated by the shift to hybrid working. Alongside this, networks have become increasingly cloud-centric, with users needing to access cloud-based applications off premise and from a variety of devices. These three factors have highlighted a glaring flaw in use of centralised appliance-based security systems. Employees collaborating from home, rather than from the office, need to access their cloud-hosted applications and tools. This traffic, under traditional network architectures, is likely to travel via a virtual private network (VPN) to a data centre or office HQ first. By connecting from remote locations, and often on their own devices, employees are unknowingly expanding their organisation’s vulnerable attack surface. Therefore, SMBs and enterprises need to secure and gain enhanced visibility and control over these expanding networks. This is to ensure that their employees can work both efficiently and securely across network domains.

Enter SASE. Despite its naming, the architecture draws together more than just security. It takes a holistic approach, incorporating network, security, and device and identity management elements. Specifically, the framework looks to leverage WAN technologies, such as SD-WAN, and combine them with security. SASE security functions are Next-generation firewall-as-a-service, Secure Web Gateway, Cloud Access Secure Broker and Zero Trust Network Access.

To accommodate for the shift to a more decentralised network approach, security is placed at the cloud edge. This means that wherever a user is connecting to the internet, they can maintain network security and protect their data.

What are the benefits?

There are three key benefits to SASE for enterprises:

• Secure decentralised network: first and foremost, the framework provides enterprises with peace of mind that their employees can connect to applications from anywhere, without a significant rise in attack risk. Central to this is SASE’s zero-trust network access principle – provision of access to specific resources and continuous authentication reduces available attack surface. Furthermore, this reassurance may encourage organisations to move more application hosting to the cloud.
• Reduce latency: given that SASE allows users to connect directly to the cloud by hosting security functions there, rather than on premise or on device, workloads do not have to make two hops to connect to the cloud. Access can be inspected directly at the cloud edge and not at a datacentre before moving to the cloud. For heavy workloads, such as video (surveillance) and collaboration (e.g. Microsoft Teams, Zoom), reduction of latency is critical to ensure a smooth end-user experience.
• Reduced IT cost and complexity: to secure their network estates and users connecting to the cloud, enterprises have had to use a patchwork of security solutions. This tessellation of solutions has brought about considerable cost and overheads related to their management. Borrowing concepts from the world of edge computing, SASE aims to bring security and user authentication access closer to where it is required. This model also enables far greater scalability, as the need to connect new users and locations to a centralised datacentre will disappear.

Who are the key players?

There are two key types of players in the SASE space, looking to exploit the latent opportunity at hand.

• Security specialists: this group will be well positioned to offer services to enterprises, as network security and identity services have been their bread and butter
• Examples: Z-Scaler, Palo Alto, McAfee

• Full suite vendors: this group can offer security and next generation network services (e.g. SD-WAN) to provide and end to end solution, making them an appealing proposition for organisations looking to procure technology from a small handful of trusted partners.
• Examples: Cisco, Nokia, Fortinet, Versa Networks, VMware

Conclusion

Next generation and cloud focused networks continue to bring benefits to consumers and enterprises alike. They also have raised questions, primarily around security when data and applications are being hosted and accessed on public clouds. SASE is a big step towards allaying concerns by creating a clear path for organisations to bring together their new and existing network investments in a dynamic and unified manner. Although it is unlikely that many enterprises have a SASE framework in place today, the industry hype around SASE is palpable. Gartner estimates that 60% of enterprises will have implemented or have a clear pathway to implementing SASE to secure their networks by 2025. One such pathway may be use of SSE (Security Service Edge), an emerging framework that covers the security aspects of SASE, working independently of SASE’s network elements. Time will tell whether SASE can continue to provide answers in an ever-expanding network ecosystem.

Author: Patrick Montague-Jones is a Senior Consultant at STL Partners, specialising in a range of topics across the telecommunications value chain