Getting sassy with SASE

Woman wearing headphones using a laptop.
(Image credit: Shutterstock: fizkes)

Networking and security are two of the most important features of any company’s technology infrastructure. As the world of work evolves, businesses need to adapt to ensure that they are best equipped to manage shifting demands - like a location-agnostic workforce or ready access to third party apps as a standard requirement of the average employee. Evolution requires a fresh approach and new thinking - and that’s where Secure Access Service Edge (known as SASE) comes in.

About the author

Francois Champagne, Senior Solutions Engineer at Expereo.

Secure Access Service Edge SASE (pronounced “sassy”) stands for ‘‘Secure Access Service Edge.” It is an emerging offering that combines comprehensive WAN capabilities with enhanced network security functions (such as Secure Web Gateway, Cloud Access Security Brokers, Firewall-as-a-Service, and Zero Trust Network Access) to support the dynamic secure access needs of digital enterprises. 

SASE shifts the emphasis to authenticating users and devices on an ‘as-permitted’ basis at the network perimeter, rather than using the ‘once logged in, always logged in’ approach to an in-house setup. With devices, data, and apps far from the corporate HQ, and connectivity taking place on public Wifi and home broadband, it may no longer be sufficient to secure access only to the network, but to also ensure secure access happens at the level of the application.

Increasing Demand for SASE

The past year has seen a surge in demand for SASE, predominantly driven by the huge increase in people working from home who access applications in the cloud using their own devices.

SASE provides holistic security

A basic concept uniting SASE security is that it’s software-defined. SASE is fine-grained in how it grants access to data and applications and how it approves access to those applications. SASE implementations put authentication closer to the user and device. Before SASE, it was normal for authentication data to make a round-trip to the corporate data center and back since most users enjoyed a direct connection to that corporate network within the firewall

SASE includes network security functions including Zero Trust Network Access (ZTNA). If a device is user-owned it may be that the owner uses public Wifi, or is sharing WiFi with their family. This means data can leak and is compromised, all issues which ZTNA resolves. ZTNA grants access to specific applications rather than the network as a whole, with IP cloaking making that access invisible even to malware on compromised devices to keep the network perimeter safe. In metaphorical terms, SASE can hide a door, rather than just open or close it, meaning that your data is protected since it only opens to people who know it’s there.

Simplified adaptable management for the future

A benefit of SASE is its flexibility. To authenticate users at a company level, the need to operate a one-size-fits-all security infrastructure at the network core is hard and costly to maintain. The cloud-based approach of SASE and the services it provides mean that it can provide security authentication via flexible APIs and protocols.  

Reduced costs with security outsourced to the cloud

The cost implications of going cloud-native apply to SASE as much as any other application. By pushing security infrastructure out to the perimeter where the user and their device are, there’s less need for heavy security investment in the corporate data center. Cloud services expand or throttle capacity based on what the network needs which means fewer resources need to be spent on maintenance and replacement. 

Like much of cloud computing, SASE carries a sound business case. Gartner predicts that by 2025, over two-thirds of corporate organizations (60%) will have solid strategies for adopting SASE across their user bases. Up from 10% in 2020, which would be, partly due to the massive cost savings for businesses when adopting SASE. Gartner also predicts within three years, 30% of corporations will get their SWG, CASB, FWaaS, and ZTNA solutions from a single vendor. That’s a six-fold rise from where we are today as businesses consolidate their solutions for ease of management and peace of mind.

The scalability model

With its emphasis on securing the user and not the network, the classic corporate, authentication model becomes scalable. SASE creates an organized list of resources, each user enjoys a set of permissions to access one or more of them, and no extra resources are needed in the IT Suite no matter how large the user base grows. Users can use the network of cloud services and public networks, like work-from-home broadband which again reduces pressure on company headquarters.

An increase in performance

The cloud may appear to be all-encompassing for some users. Their home fiber can reach gigabit speeds; the mobile world is turning 5G; even coffee-shop Wifi frequently exceeds multi-megabit rates. 

With SASE the network perimeter is defined by protocols in the cloud that apply directly to the connected user and device; it often improves many existing bottlenecks, including latency numbers which begin to reduce, and network traffic flows that become smoother. Through this key feature, SASE can bring the cloud closer to the user and their location.

A future for SASE

The benefits of SASE are manifold:  the authentication infrastructure with Cloud based services, scalability and its potential to increase business performance whilst reducing costs, have been recognized by risk and security managers. SASE has become present in businesses, a feature of current technology strategies for companies across the globe, offering a more secure access solution for remote or office workers. SASE will certainly be part of security infrastructures and applications for a long time to come - more than likely housed under one roof with a trusted supplier.

We've featured the best identity management software.

Francois Champagne

Francois Champagne, Senior Solutions Engineer at Expereo.