As businesses are undergoing digital transformation, adopting SaaS, cloud-based services, and edge computing, legacy network security architectures fall behind when supporting dynamic secure access requirements. Anywhere, anytime access has become the new paramount for today's digital workforce. SASE (Secure Access Service Edge) is a comprehensive, yet lightweight answer to this call that allows businesses to reduce costs and support digital workplace transformation.
What is SASE (Secure Access Service Edge)?
SASE (Secure Access Service Edge) is a modern cloud-based approach to network security that safely connects people with applications and systems. Combining network (e.g., SD-WAN, VPN) and security (e.g., CASB, FWaaS) technologies, SASE delivers a solution capable of seamlessly connecting remote users in today’s multi-site & cloud environment.
SASE approach is based on these 5 principles:
- Zero Trust Network Access (ZTNA)
- Software-Defined Perimeter (SDP)
- Network Encryption
- 2FA/MFA on the Network Layer
- Identity & Access Management (IAM) on the Network Layer
SASE overcomes limitations of hardware-based approaches for secure access such as bandwidth and scalability limitation, licensing issues, or slowness of procuring new hardware. This is why IT analysts suggest augmenting hardware-based approaches or replacing them with the cloud-first and cloud-native secure access service edge (SASE) approach, starting with zero trust network access (ZTNA).
What Does SASE Do?
Secure Access Service Edge offers secure remote access to your company’s systems from any location in the world. Instead of connecting one user with one network (as legacy VPNs do), SASE creates a Secure Network Perimeter (SDP). You can imagine SDP as your private company network where all your users and systems meet securely – an environment that hides you from the public internet.
With SASE, you can replace MPLS circuits and connect your branch and employees directly to the internet via a secure tunnel (using whitelisting with a dedicated static IP instead of L2 encapsulation when using MPLS). This also implies a significant source of cost savings besides supporting modern workforce transformation.
When to Use SASE?
When your legacy VPN doesn’t meet the modern requirements – for example, if the complexity of your network makes maintenance of a VPN inefficient (you want to connect a lot of offices, users, SaaS, and cloud applications).
When you want to improve the security of applications the company uses. Instead of granting access to all systems in the network to everyone who gets in, you rely on a verified identity of each user who connects to the environment.
Is SASE a VPN?
SASE creates a global private network for your company, replacing the legacy VPN. Unlike the traditional server-based VPN, SASE is offered as a cloud service. Thus, as with other SaaS solutions, you don’t need to worry about the operation or maintenance of the underlying infrastructure. For a detailed comparison of VPN and SDP, check this article.
How to adopt SASE?
True SASE combines networking and security principles into one service that serves as a single point of connection into all company systems. Due to its cloud-native nature, introducing the SASE approach to your company doesn’t require much effort. The deployment and setup of SASE infrastructure are usually automatic (depending on a particular vendor, see how GoodAccess works in three easy steps), ensuring very quick time-to-value and delivering a smooth and optimized user experience.