Understanding Secure Access Service Edge (SASE) and how it integrates with SD-WAN

Software Defined Wide Area Networking (SD-WAN) is changing the way that businesses connect to the cloud. With SD-WAN, organizations can move away from closed, proprietary hardware solutions, bringing flexibility and potential cost savings to their operations. 

And yet, while SD-WAN technology seems like a solution to many of the problems that businesses are having connecting to the cloud, there are still some concerns around security and that is where Secure Access Service Edge (SASE) comes into the picture.

Before we dive any deeper, let's take a quick look at what we've got covered:

• What is SD-WAN?
• How is SASE Different from SD-WAN?
• SASE in the Real World
• The Benefits of SASE
• Who are the SASE Players

What is SD-WAN?

Software Defined Wide Area Networking (SD-WAN) is a seismic shift from traditional WAN technology, where proprietary hardware and software are replaced with virtualization technology that can abstract networking from hardware. The “Software Defined” part of an SD-WAN uses virtualization to create a WAN architecture that allows enterprises to leverage any combination of transport services, including MPLS, LTE and broadband internet services, and create a fabric of connectivity that connects users to applications. SD-WANs use a centralized control plane to intelligently direct traffic across the WAN, increasing application performance, resulting in enhanced user experience, increased business productivity and reduced costs for IT.

Access popular articles covering SD-WAN topics by visiting our SD-WAN Network section

How is SASE Different from SD-WAN?

The Secure Access Service Edge, better known as SASE, is a technology proposed by Research Giant Gartner. The research house defines SASE as a cloud architecture that converges various network and security functions into a single, cloud security and networking platform. SASE goes beyond what an SD-WAN can offer by incorporating security protocols and increases the reach of the network with support for mobile devices, IoT devices, and other devices that may not have a persistent connection to the network. What’s more, SASE can securely bridge cloud services into the SD-WAN, allowing branch offices and remote users to access services from most any locations. SASE is delivered as a service, minimizing or eliminating the need for specialized hardware or security appliances.

The SASE model allows IT teams to easily connect and secure all of their organization’s networks and users in an agile, cost-effective and scalable way.

What’s more,

SASE in the Real World:

You can’t have SASE without SD-WAN, the two technologies have a symbiotic relationship that actually flattens the networking and security stack into a single connectivity stack. SASE, as envisioned by Gartner, operates as a platform, which provides organizations with the ability to connect to a single secure network, which then grants secure access to physical and cloud resources, regardless of location. Or, more simply put, SASE brings security to SD-WANs by introducing four primary characteristics:

• Identity Driven: Organizations will be able to control interactions with resources using a least-privileged strategy combined with strictly enforced access control. Attributes used by that control element include application access policy, user and group identity and the sensitivity of the data being accessed.
• Cloud Native Architecture: The SASE model architecture requires the implementation of several different cloud capabilities into a platform. That platform will offer agility, be adaptive, self updating, and will give organizations a holistic and very flexible approach to connect, regardless of location.
• Support for All Edges: SASE creates a single network for allof an organization's resources. Data centers, branch offices, cloud resources, and endpoints. A common interpretation of that deployment may include SD-WAN appliances for the physical edges and software clients for endpoints or browser based clientless connectors.
• Globally Distributed: SASE platforms must be globally distributed to organizations, meaning that SASE service providers must be able to deliver low latency services to enterprise edges and offer low latency connections into cloud service providers.

A proper SASE solution delivers a connectivity platform as a service which brings forth unified cloud management, with zero trust capabilities, incorporated into a single networking stack.

The Benefits of SASE:

SASE brings agility and a holistic approach to both networking and security. Ultimately, SASE proves both innovative and disruptive, and will potentially transform the way network security is consumed over traditional products and cloud services. The most notable benefits of SASE include:

• Lowered Costs: SASE can reduce the number of components and vendors required to provide edge connectivity into the cloud, while also lowering operational overhead.
• Improved Network Performance: SASE is built upon a global SD-WAN service, which may leverage a private backbone and incorporates automatic traffic optimization and continuity.
• Vastly Improved Security: All traffic flow is inspected at the source and the endpoint, creating the opportunity for fully encompassing policies, which can be based upon identity, resources, or other defined elements.
• Reduced Overhead: With SASE providers operating and maintaining the security stack, IT staffers will not have to worry about updating, patching, or scaling edge connectivity products.

The other benefits from SASE come from the adoption of an SD-WAN platform, where connections can be consolidated, and then managed from a single pane of glass. Additional benefits can be found in an SD-WAN’s core capabilities of reducing proprietary hardware needs and bringing much needed simplicity to cloud connectivity.

Who are the SASE Players:

Numerous vendors are investing in the SASE model and are bringing services online. Gartner has identified more than a dozen vendors that are developing SASE offerings, with notable players, such as Cato Networks, Cisco, FortiNet, Zscaler, all building SASE offerings for the market.