This article explores the need for Secure Access Service Edge (SASE) in today’s organizations. We show how one of the most advanced SASE platforms available, combines VPN and SD-WAN capabilities with cloud-native security functions to quickly and securely connect On-premises data centers, cloud data centers, branch offices, and remote users.
Before we dive any further, let’s take a look at what’s covered:
IT and security managers are constantly concerned by the different entities which connect to their networks. Keeping track of who is connecting, using which edge device type, what they’re connecting to, and which permissions they should have can be a messy and dangerous business.
An enterprise’s network is composed of several types of edges. An edge can be any location or endpoint which needs to connect to any other resource or service available inside or outside the network. This includes the enterprise’s on-premises headquarters, branch offices, data centers, mobile users connecting remotely (e.g. their home), public cloud data centers (e.g. AWS and Azure), 3rd party SaaS applications (e.g. Office365 and Salesforce), and virtually any website across the WWW.
To enable connectivity and secure access for all edges, enterprises are forced to adopt different solutions to manage different edge types. For example VPN for remote users, on-prem Next Generation Firewalls (NGFWs) for the physical locations, cloud-based NGFW for cloud-based applications, Cloud Access Security Brokers (CASB) for SaaS and Secure Web Gateways (SWG) for web access. This large number of different products introduced unwanted complexity, inefficiency, and potential security loopholes to enterprises. But perhaps there is a better way to enable secure access to any service from any edge? In fact, there is, and it’s called, surprisingly enough, Secure Access Service Edge (SASE).
Cloud-based SASE Traffic Analysis Dashboard - Credits: Catonetworks
SASE is a new architecture that converges networking and security into a holistic, unified cloud service. It is a concept defined by Gartner in late 2019 to simplify enterprise networking and security. At the heart of the SASE premise lays the understanding that network and security cannot be addressed separately, using different products and services. The inter-dependency between the two is fundamental, and their convergence is critical for addressing the needs of the modern digital enterprise.
To learn more about SASE and how it differs from SD-WAN read our article here.
Four main principles lay at the heart of the SASE architecture:
- All edges. A true SASE solution should be able to service all enterprise edge types.
- Converged. SASE’s networking and security services should be delivered from one software stack, not discrete appliances integrated together, and all must be managed via a single pane of glass.
- Cloud-native. A SASE solution should be built using cloud-native technologies and should support elasticity, auto-scaling and high-availability.
- Global. An effective SASE solution should have an extensive global footprint of Points of Presence (PoPs) covering all major locations worldwide.