It’s all about emerging SASE

Sassy is always classy!

Sounds cool, right?

Being a cloud service, SASE is pronounced as “sassy.”

Did you know? – Gartner introduced this new enterprise networking technology category to the world in 2019. The consulting firm says that SASE is still on its way to development, and thus all of its elements may not be readily available yet.

What is a secure access service edge (SASE)?

SASE is a network architecture that turns software-defined wide-area networking (SD-WAN) and security into cloud service. Moreover, this new tech promises simplified WAN deployment, offers appropriate bandwidth per application, and enhanced efficacy and safety.

In short, this means SASE blends SD-WAN abilities with security and delivers them as a facility. Security policies imposed on user sessions are customized to each based on three factors:

  • Compliance and security policies
  • Identify the entity connecting
  • Ongoing assessment of risk during every session

Components of SASE

  • SD-WAN
  • Cloud security
  • Zero-trust network access

The WAN side of SASE depends on capabilities supplied by entities, including SD-WAN providers, network-as-a-service providers, networking equipment vendors, content-delivery networks, and bandwidth aggregators. Simultaneously, the security side relies on zero-trust network access, cloud-access security brokers, firewall-as-a-service, cloud secure web gateways, and web-API-protection-as-a-service.

Where is the edge?

The “edge” part of SASE is mostly delivered via PoPs (points of presence) or vendor data centers close to the endpoints (the devices, the data centers, and the people).

Benefits of SASE

  • Cuts complexity and cost
  • Simplifies authentication process
  • Supports zero-trust networking
  • Hyper scalability
  • Simplified management
  • Dedicated network and security convergence
  • Less overhead
  • Security improvement and performance

SASE drawbacks

  • Great degree of trust is being put in SASE suppliers
  • Nothing new could be found in SASE
  • Legacy hardware suppliers may not have enough experience with the in-line proxies that SASE needs

Zero-trust and SASE

Zero Trust Network Access (ZTNA), also known as software-defined perimeter (SDP), is a small part of the SASE framework, and together they enhance the security posture. ZTNA and remote access are often used as a catalyst for SASE deployments that allow users to securely access cloud-scale applications and others from anywhere on the globe.

Zero-trust network access enables businesses granular visibility and control of users and systems accessing corporate applications and services. It is a relatively new approach to network security, and moving to a SASE platform could allow companies to get those zero-trust capabilities. An essential element of zero-trust is that security is based on identity rather than the IP address. This element makes zero-trust more adaptable for a mobile workforce but needs extra authentication levels such as behavioral analytics and multi-factor authentication.

Why is SASE necessary?

Gartner says: “More of traditional enterprise data-center functions are now hosted outside the enterprise data center than in it – in IaaS providers clouds, in SaaS applications and cloud storage.” With SASE, devices and end-users could authenticate and gain secure access to all the resources protected by security located close to them.

As per Nat Smith, an Analyst at Gartner: “SASE is more of a philosophy and a direction than a checklist of features. But, in general, he says, SASE is composed of five main technologies: SD-WAN, firewall as a service (FWaaS), cloud access security broker (CASB), secure web gateway, and zero-trust network access.”

What makes SASE so transformational?

SASE is developing in response to the needs of the present digital business. The digital industry is all about speed and agility. Gartner says, “Digital transformation and adoption of mobile, cloud and edge deployment models fundamentally change network traffic patterns, rendering existing network and security models obsolete.”

Which one is the world’s first SASE platform?

Cato Cloud is known to be the world’s first proven SASE platform that one can deploy today. Cato’s cloud-native architecture converges SD-WAN, a full network security stack, a global private backbone, and seamless support for mobile devices and cloud resources.

Also, in 2019, Gartner recognized Cato as a “Sample Vendor” in the SASE category of the “Hype Cycle for Enterprise Networking.” The platform is available via a globally distributed cloud service that offers enterprise network and security capabilities to all edges.

How SASE security model helps organizations?

  • With a cloud-based infrastructure, one could deliver and implement security services such as next-generation firewall policies, threat prevention, data loss prevention, web filtering, credential theft prevention, sandboxing, and DNS security.
  • One could reduce costs and IT resources utilizing the SASE security model platform.
  • One can easily simplify IT infrastructure by minimizing complexity.
  • Enhances performance by giving access to the internet, apps, and corporate data from anywhere globally.
  • SASE solution will offer complete session protection, regardless of whether a user is on or off the corporate network.
  • Implementing data protection policies within a SASE framework helps prevent unauthorized access and abuse of sensitive data.

What is an example of a SASE use case to understand the term better?

To better understand SASE, let’s see it in action.

Beth, a sales executive, visits Starbucks late one evening to complete work along with a latte. He opens his company-issued laptop and connects it with the public Wi-Fi, and accesses his company’s customer relationship management (CRM) system while browsing the internet.

Here a SASE platform plays an essential role by connecting and protecting him. He may run a SASE client to establish a tunnel to the SASE platform or use clientless access. Also, SASE could prioritize the ERP (enterprise resource planning) traffic while applying essential optimization and acceleration techniques to improve access. Finally, Wi-Fi protection would protect Beth while accessing Starbucks’ public Wi-Fi.

Who are the players?

Gartner clarifies that SASE players come from several different sectors – firewall-as-a-Service (FWaaS), SD-WAN, security appliances, and CDN. Vendors such as Cisco, Akamai, Fortinet, Cato Networks, VMware, Zscaler, and others are the major players of the SASE technology.

Key takeaways

  • SASE converges the functions of network and security point solutions into a unified, global cloud-native service.
  • SASE utilizes a software stack in the cloud to operate several security functions on data at once in several engines.
  • Gartner invented the term secure access service edge in a 2019 Hype Cycle report.
  • With SASE, networking functions and security services are run in the cloud or a security agent on the end user’s device.
  • SASE is a network architecture that incorporates WAN abilities with cloud-native security functions.

Gartner expects, “By 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.” A SASE architecture identifies devices and users, delivers secure access to the suitable application or data, and applies policy-based security. This approach allows businesses to apply for secure access no matter where their applications, users, or devices are located.

To explore more content on download our latest whitepapers IT infrastructure and networking.