What is SASE? An Introduction
- September 29, 2021
What is SASE, how does it work, and why do you need it? We look at the solution that many analysts are calling the future of network security.
In 2021, enterprises are witnessing a networking revolution. Increased data processing requirements and capabilities, a new generation of software-defined solutions to core networking challenges (enter SD-WAN), and increased automation and intelligence to better power mission-critical applications and workloads are resulting in rapid modernization occurring at the edge.
But as workforces become increasingly distributed, mobile, and remote, and the nature of networking becomes less linear, keeping data secure from the edge to the cloud presents a daunting challenge, whether it be in a single or multicloud environment. How can companies secure their networks while taking advantage of new innovations like SD-WAN, which drastically increase and automate data throughput?
Enter Secure Access Service Edge, or SASE.
What is SASE?
The term SASE refers to a framework for converging the best elements of software-defined networking and SD-WAN with modernized edge security. The end result is a transformed network architecture that is dynamic, flexible, and secure, and can provide the performance needed for today’s 24x7 applications and resources hosted across public, private, and hybrid clouds.
Leading SD-WAN vendors like Cisco, Fortinet, and Versa have all introduced SASE solutions to their suite of products, with a strong focus on simplifying edge modernization and transforming the network to meet the demands of the cloud era head on. And the uptake has been meteoric, with SASE already penetrating up to 20% of its market.
How does SASE work?
Depending on the use case, there can be a lot of elements to a SASE solution, and what is included in the solution can vary greatly between different providers. But as a general rule, every SASE architecture will provide elements of these five main components:
- SD-WAN: This software-defined approach to wide area networking forms the foundation of SASE. If you want to take a deeper dive into how SD-WAN works, we covered it in great detail here.
- Cloud Access Security Broker (CASB): according to Gartner, CASBs are on-premises or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed.
- Zero Trust Network Access (ZTNA): according to Gartner, ZTNA is a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications. The applications provide topology to avoid discovery, and access is restricted via a trust broker to a set of named entities.
- Firewall as a Service (FWaaS): Cloud-delivered firewalls digitally protect your architecture from cyberattacks at multiple points with several filtering and threat prevention measures.
- Secure Web Gateway (SWG): These gateways filter and prevent data breaches across the network by applying further web filtering and access control measures.
You can essentially split SASE setups into two main categories:
- Self-hosted/Self-managed: This SASE setup is architected and maintained by the end user, which will usually consist of SD-WAN from a provider along with built-in security functions.
- Provider managed: A provider platform—examples in this category include zScaler, Palo Alto Prisma, or Netskope—contains the SASE architecture in the cloud, and the customer is then simply responsible for maintaining the connection to the platform.
Source: Gartner, “2021 Strategic Roadmap for SASE Convergence”, Neil MacDonald, Nat Smith, Lawrence Orans, Joe Skorupa, 25 March 2021
What are the benefits of SASE?
Improved security
Possibly the biggest benefit of a SASE architecture is the security improvements it provides. SASE’s Zero Trust security model requires identity verification for any user, securing their data both in migration and at their endpoints. Plus, FWaaS and SWG features help protect user architectures from being invaded by cyberattackers on multiple levels.
Additional to these intrinsic features, SASE gives users the ability to customize their architecture with other security properties like web application and API protection, and inline encryption/decryption, to name a few.
Is your cloud data secure? Here are three questions you can ask to find out.
Simplified cloud architecture
SASE’s consistent policy enforcement and unified software stack makes network management easier than ever, with no sacrifice to the depth of features it provides. Teams will benefit from full visibility and control over their network via a single pane of glass, as well as a predictable user experience from any location worldwide.
Reduced costs
By replacing multiple appliances and on-prem infrastructure with a single stack of software, capex, opex, transport, and asset costs can all be reduced significantly. Plus, making network changes and upgrades is more affordable with an integrated SASE architecture than it is with a sprawled network of separate elements.
Better performance
SASE’s centralized network management and consistent policy application makes it easy to accommodate fluctuations in traffic for a reliable user experience. SASE also makes it easy for users to scale their network in line with their digital growth and technology upgrades, future-proofing their setup and sustaining this optimized performance over time.
Learn why internet peering could be the key to unlocking a high-performance network.
Megaport and SASE
Megaport offers Network as a Service solutions that can help accelerate SASE objectives and remove obstacles to deployment. For example, solutions like Megaport Virtual Edge (MVE) seamlessly integrate with leading SD-WAN architectures, complementing the software-defined overlays with an equally modernized, simplified and powerful underlay – delivering a truly end-to-end transformation of the network for the SASE era.
If you’re already set up with Megaport Virtual Cross Connects (VXCs) near one of our Megaport enabled locations, a self-hosted connection using Megaport will optimize your SASE architecture and enable you to benefit from the best possible security, speed, and performance.
Talk to Megaport about how we can optimize your SASE architecture
Megaport can help you optimize your SASE architecture by deploying a purpose-built private network backbone, improving data security and network performance. Reach out to your account representative to learn more.
In our next SASE blog post, we’ll look at how you can use MVE as part of your SD-WAN to optimize your SASE architecture, and provide some use cases for how you can orchestrate your SASE architecture to improve security, reduce costs, and boost performance for your enterprise.
[1] Source to be given
[2] Gartner IT Glossary, “ZTNA,” 27 September 2021 (https://www.gartner.com/en/information-technology/glossary/zero-trust-network-access-ztna)
[3] Gartner IT Glossary, “CASB” 27 September 2021 (https://www.gartner.com/en/information-technology/glossary/cloud-access-security-brokers-casbs )
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission