What is SASE?

  • Secure Access Service Edge (SASE) is a recently developed approach to provide secure access for company users to company assets.
  • SASE can be thought of as a central interface for all users to authenticate and receive access permissions. Think centralized VPN connectivity.
  • Security protections are centralized and ubiquitous to any user that uses the SASE solution.

What Problems Does SASE Address?

  • Most companies were supporting a hybrid user environment with in office and remote access. The pandemic accelerated the need for remote workers to have the same protections as when in the office.
  • Remote workers oftentimes were not as secure as when they were located in the office. The protections in the office did not extend well to remote users. This often required separate security solutions to provide protection on and off network. This lead to a complex mesh of security solutions to manage.
  • The network architecture increasingly grew more complex as companies grew and added more offices and data centers.
  • The need to setup multiple points of presence with different ISP and create a redundant mesh network.
  • High cost to operate all of the above.
  • Skills to operate and manage all of the above.

 

Example of a SASE network architecture

All users, regardless of location, access the company SASE network to access company resources, no matter where they are located. Notice that security controls are centrally managed and enforced in the SASE cloud.

 

Who is Providing SASE Services?

This is a fluid and expanding list. Any vendor that has invested in a global data network is a good candidate to get into the SASE game. Some examples:
Cloudflare – Started as a Content Distribution Network (CDN) and DDOS solution for protection of web applications. Is considered one of the largest privately owned global networks.
Palo Alto – Started as a Next Generation Firewall Vendor. Over the past 5-7 years has aggressively acquired security solutions to create a wholistic security fabric. Own their own data centers.
Zscaler – Started as a Web Security Content Filtering\Web Gateway solution. They leverage multiple ISPs to deliver their service.
Netskope – Started as a Cloud Access Security Broker (CASB) solution. They leverage multiple ISPs to deliver their service.
VMWare – Started as a virtualization solution. They leverage multiple ISPs to deliver their service.

As you can see, the sources of the SASE solutions are diverse. All must have a large global footprint of interconnected networks to deliver SASE services.

 

SASE Considerations

There are a few items to consider when evaluating a SASE solution.

  • Will I save money? The cost of maintaining your own network and security solutions must be compared to the cost of a SASE subscription.
  • Am I ok with all my cloud security coming from one vendor? When you choose a solution, you are committing to utilizing all the security features and solutions that are part of the SASE environment. Some may have better and/or more complete security functionality than others.
  • Am I ok with one vendor providing me my network infrastructure? Removing the headache of architecting and deploying a network is attractive. The thought of an issue with a vendor and SASE deployment availability is not. It is key to understand the capabilities of evaluated solutions and ensure there are good BI/DR processes in place so your business is not impacted.
  • Am I ok with losing some control and visibility of my environment? Some SASE providers will provide more visibility and reporting than others. How about logs? Monitoring and alerting?
  • What if I am unhappy with my service? Going to SASE is relatively easy, leaving is not. To retain equivalent protections provided by a SASE in case a decision is made to go back to managing your own network and security controls, a company will need to identify and deploy a new network architecture, point security solutions at the needed locations, personnel to monitor and manage the network and security solutions.