What is SASE (Secure Access Service Edge)?

What is Secure Access Service Edge SASE
Secure Access Service Edge (SASE) is an architectural concept that provides WAN services and security functions as a combined cloud-based solution. The security functions operate at the network edge. They replace centralized security concepts, for example, via virtual private networks. Identity- and context-based access mechanisms are in place for users, applications, and devices.

What is SASE?

The acronym SASE stands for Secure Access Service Edge. It is a still fairly new architectural concept that combines WAN services and security functions into a unified cloudnative solution. The term SASE was coined by some Gartner analysts in 2019. Central components of the Secure Access Service Edge are the SD-WAN and security services such as the Secure Web Gateway (SWG), Firewall as a Service (FWaaS), Zero Trust Network Access (ZTNA), secure DNS, and Cloud Access Security Broker (CASB).

Deployment of the services is cloud-based. The security functions already take effect at the network edge. Centralized network concepts and security solutions with a single enterprise data center and dedicated equipment are replaced by Secure Service Edge in favor of a cloud-based, decentralized architecture and security concept.

READ:  What Is Social Engineering?

Key features of Secure Access Service Edge

Key features of SASE include the provision of a global SD-WAN service over a private SASE backbone and distributed PoPs, distributed policy enforcement, centralized policy management, traffic encryption, extensive protection capabilities against DDoS attacks or malware, for example, a cloudnative architecture, identity- and context-driven access controls, integrated DNS services, and local deployment options for customer premises equipment (CPE).

The basic idea behind SASE and how it works

The basic idea behind Secure Access Service Edge is that the enterprise data center is no longer the center of the architecture. Enterprises use a variety of cloud-based services and Internet services in addition to their own data centers.

  • Security policies can be defined centrally, but operate locally at the network access (edge). Security policies are based on identities and context.
  • The WAN infrastructure is software-defined. It can be flexibly deployed and adapted.
  • Transmitted data can be prioritized according to their urgency or importance.
  • Services and applications are always accessed via the provider’s cloud infrastructure. At the point of presence (PoP), traffic is checked and routed to the global SASE WAN or the Internet.

In addition to identity-based access for users, Zero Trust Network Access is also possible for IoT endpoints.

READ:  What Is a Backdoor Attack?

Advantages of SASE

The Secure Access Service Edge architecture concept offers numerous benefits to enterprises. Typical benefits are:

  • Reduction of complexity and costs through consolidation of WAN and security services
  • Flexibly scalable, individually adaptable WAN and security services
  • Rapid provisioning of new services
  • Guaranteed performance for real-time sensitive applications by reducing latency times
  • Central definition and control of security policies
  • Improved security by checking network traffic and identities at the network edge
  • High level of security through Zero Trust Network Access
  • Checking of access security to services and applications close to the user
  • Fine-grained access controls to data, applications, and devices
  • High security level for applications and transmitted or stored data
  • Enforcement of security policies based on identities and context
  • Provision and management of inspection engines by the SASE provider
  • High level of protection against malware and DDoS attacks
  • Traffic prioritization capabilities