What is SASE?
SASE invites you to try to imagine networks and security beyond the concept of a secure perimeter
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Our security landscape has changed for good over the past decade. This awareness is the best starting point in deciphering the whats and whys behind the secure access service edge (SASE) model. In short, it is a novel way to tackle age-old security challenges at a time when old security models are faltering in the face of increasingly advanced threats. This is why SASE is best understood as a new approach, a model, and even “philosophy” that asks you to forget all you know about protecting your precious assets behind the perimeter in which the security controls play the role of virtual moats.
Read on to find out what SASE actually is and how it can give you a much-needed helping hand if you are looking to update your security model for 21st-century challenges.
What is SASE?
In short, SASE (pronounced “sassy”) will combine networking and security services under a single umbrella. Despite this, you should not see SASE as a collection of services or components, but rather as a holistic model.
What links all of the parts of this clockwork mechanism is the central idea that security and networking in the modern era are inseparable and that this should be followed by their concrete integration.
So, SASE invites you to try to imagine networks and security beyond the concept of a secure perimeter.
Back in the day (or even now), servers were kept at organizations’ HQs, with an army of dedicated teams who had access to them from a central desktop. They exerted their power over a network that linked separate sites.
Firewalls, for example, stood guard at the border of the security perimeter, with remote locations being managed by routing all traffic from these sites to the HQ. This was done with the help of multiprotocol label switching architecture and the practice of rerouting was called backhauling.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
What was the problem with this highly centralized approach to network management and security? It simply became too costly and bulky to handle, because routing traffic in this manner comes with a price tag in terms of both higher costs and tangible performance hits.
This is why the remote sites (such as branch offices) tried to circumvent this by deploying direct internet access, which, in turn, created new problems. This is where SASE comes is, as a network architecture that unifies VPN and SD-WAN functionalities with cloud-native and regular security features that include:
More on these below.
Types of SASE
Despite its common purpose, SASE comes in various flavors and this refers both to its components and the general architecture.
Perimeter 81 is Techradar’s best business VPNSave 250+ yearly hours on manual configuration. Deploy your entire organization within a single day. Learn why Perimeter 81 is TechRadar’s choice for thebest Business VPN. Ditch legacy hardware and make the move to the cloud. See how simple it is for yourself.
Which technologies make up SASE?
As explained, SASE is bent on unifying security and networking as part of a single-service framework that works with the cloud as its native platform. As such, it does not involve a single technology, but rather a collection of them. Security is made available network-wide with the aim of protecting each user that needs to get access to a resource or an application.
To achieve this, SASE systems pack several key components.
When it comes to SASE, yet another notion that must be taken into account is that oftenancy, particularly if we are to understand the concept of multi-tenant systems. Here, theTenantsimply means your own dedicated workspace, together with the elements that make it up. They usually include the use application, authentication interface, and management portal.
Israeli cybersecurity giant Perimeter 81, for instance, allows the managed service providers to develop a service around itsmulti-tenant solution. This easy-to-integrate interface supports the fast deployment of a security service aimed at a client following the opening of a tenant. At the same time, tenant holders or administrators are not allowed access to any tenant other than their own. Multi-tenant solutions such as this one are fast, accessible, and beneficial for creating and maintaining multiple revenue streams.
Who should deploy SASE?
What type of organization should use SASE? Well, there is no “ideal” profile for this particular use case, simply because every organization can benefit from implementing this model. Yet, depending on their core activity, some organizations can extract different types of benefits and for various reasons. Let’s see how it works for some of the more popular types.
Pros and cons/Benefits of SASE
Is SASE a cure-all for all of your security-networking problems? Not exactly, but it is a viable and even attractive option for managing remote connectivity from a single place. Your perception of its pros and cons may vary according to how they appear from where you are standing, but here’s the general outline of these.
SASE Pros
SASE Cons
Challenges in realizing SASE
Considering that SASE is a model/approach, and not a breakthrough product or a service, getting the most out of it comes with a set of endemic challenges. Actually, its implementation will profit from the readiness of the SASE user to fully change the paradigm in which they imagine security in the 21st century.
Who are the most popular SASE vendors?
The SASE market is maturing, as evidenced by the increasing number of SASE vendors that offer competent solutions. While this list may change in time, it’s still a valuable reference point for those who want to explore this model.
1.Perimeter 81
Perimeter 81 wants to help you protect your key assets and data with SASE. Its solution encompasses a broad array of security products and services, including ZTNA, VPN as a Service (VPNaaS) or a cloud VPN alternative, FWaaS, cloud sandboxing, DNS security, endpoint security, and compliance, SaaS security, and more.
2.Cisco
Cisco is one of the tech leaders when it comes to SASE. Its cloud-delivered SASE solution is marked by flexibility and accessibility, paired with operational excellence when it comes to cloud-native security, secure web gateways, ZTNA, CASB, and firewalls.
3.Fortinet
Fortinet offers FortiSASE as a fully integrated SASE solution that prides itself on real-time and consistent cloud-native security across the networks. The features supported include an Intrusion Prevention system, ZTNA, cloud-delivered next-generation firewall (NGFW), SWG, data loss prevention (DLP), sandboxing, office VPN, DNS.
4.Zscaler
Zscaler goes for a cloud-delivered SASE solution taking the forms of IaaS and SaaS for all of your network security worries. In addition to wide global coverage, the company will offer you a range of expected features such as Secure Web Gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), and zero-trust network access (ZTNA).
5.VMware
VMware’s SASE combines VeloCloud SD-WAN infrastructure with ZTNA, SWG, NSX-based NGFW, DLP, remote browser isolation (RBI), FWaaS, and CASB functions. It is marketed as a highly scalable SASE solution.
What are the best deployment and management practices for SASE?
Choosing a vendor may seem like a harder part of the SASE implementation, but the following practices should be taken just as seriously as any part of this process. Otherwise, you risk turning your SASE journey into a sequence of misunderstandings, inflated expectations, and costly endeavors.
- Make a list of the goals you hope to achieve.This may seem like a no-brainer, but deploying SASE can easily take you out of your comfort zone, no matter how experienced you are with adopting new technologies. As we explained above, SASE is not a magic wand, so having a clear picture of the specific goals your organization needs to achieve with it is a must. For example, running a SASE deployment for your retail business may require some tweaking compared to doing the same for a hospital, despite seemingly similar overall goals.
2.Take inventory of your assets and vulnerabilities. Yes, you need to know what is not working with your existing security-networking system in order to have a vision of what your future SASE implementation needs to deliver. Check your available technology framework (such as end systems) and remote locations for potential flaws and weak spots and do not forget to include the assessment of available human resources as part of this calculation.
- Be strategic about SASE implementation milestones.Implementing SASE is not a decision to be taken lightly, and to make it work its magic for you you’ll have to come up with a set of milestones. They are best defined with the help of your vendor. The more detailed you are with this process, the less headache you can expect as the implementation unfolds. Things to consider include the dynamics of the upgrade of your network and its transformation into a powerful SD-WAN, the implementation of Zero Trust Network Access (ZTNA), secure web gateway (SWG), and a cloud access security broker (CASB), the introduction of new security policies, etc.
4.Do your homework on SASEbudgeting and metrics. Get a cost breakdown relating to SASE in order to plan for the length of your ROI interval. Do not forget to include the costs of deploying physical infrastructure and managing the staff that will implement and administer SASE, the provision of inbound and outbound connectivity services, data sources, logging features, etc.
You need to come up with a list of relevant metrics pertaining to SASE that should include cost optimization, scalability, upgrade potential, efficacy, and performance as key parameters. Also, be prepared for any trouble that will inevitably come your way. This is best handled proactively by focusing on quality education and the running of a successful and dedicated SASE team.
Conclusion
SASE is here to stay. Its longevity will be secured to a lesser degree by its revolutionary approach to tackling security, but rather by the permanently changed environment in which SASE is implemented today. Fluid workforce, hybrid remote work models, increasing cloud adoption, higher network, and data traffic, and ubiquitous decentralization are making competing security models obsolete. Considering that SASE is a way of thinking and imagining security, getting a clear picture of how it works ahead of its implementation is an all-important first step.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)
