SASE: What is a Secure Access Service Edge?

Author: Daniel Lassell
hexpattern-2
hexpattern-2

To continually secure business operations and protect data against exposure in an ever-growing landscape of cloud, cybersecurity professionals must evaluate new innovations as they emerge with a skeptical eye so as not to adopt any unvetted solutions. A new approach that has recently emerged in the marketplace with growing popularity, which cybersecurity leaders should examine, is a secure access service edge (SASE).

Secure access service edge (SASE) is a methodology for secure connectivity to resources in the cloud and on-premise that combines WAN capabilities and network security. These technologies include Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS), and Zero Trust Network Access (ZTNA) to support dynamic, secured access. Half network and half security, the SASE framework is designed to allow enterprise security professionals to apply identity and context to specify the level of performance, reliability, security, and cost desired for every network session. SASE, in simplistic terms, is a methodology to accomplish Zero Trust policies in a cloud-native architecture.

As a result, organizations using SASE can derive increased speed and greater scale in the cloud while addressing the new security challenges that come with distributed cloud-based environments.

Benefits of a SASE Model

A SASE model of network security can lower costs and complexity. The agility that SASE can offer is just one of the many benefits:

  • Latency-optimized routing for the best performance possible
  • Ease of use/transparency
  • Enablement of Zero Trust Network Access (ZTNA)
  • More effective network access and network security
  • Centralized policy with edge enforcement
  • Improved quality of service
  • Risk-driven security controls
  • Cloud-native architecture
  • Autoscaling along with the elimination of capacity planning and hardware refresh cycles
  • Globally distributed

The Future of Network Security

If a company wishes to engage a third party for help implementing SASE into their organization, it’s best to consolidate vendors wherever possible to reduce threat vectors. A single vendor, for example, will help reduce technology stacks, cost and complexity in the long run. Vendors who embrace the continuous adaptive risk and trust (CARTA) approach, ensuring continuous session monitoring, will be a good marker of a reliable SASE vendor. An initial step in implementing CARTA is adopting a Zero-Trust approach, which is “verify, then trust” rather than simply trusting users connected to the network. Zero Trust assumes the network has been compromised and challenges the user or device to prove who they are, what they are trying to access, and what the device and location are on a per application basis. This is a great approach not just for the protection of critical IP, but also because it requires strict identity verification for every user and device when attempting to access resources on a network, even if the user or device are already within the network perimeter.

In SASE, many capabilities associated with on-premises data and network security move to the cloud, where auto-scaling abilities are leveraged in a cloud-native architecture. Like Zero Trust, this emphasis often won’t happen immediately, but organizations will migrate fully over time. The COVID-19 pandemic in particular has accelerated many organizations’ digital transformation initiatives, and by consequence, their SASE initiatives—but few organizations have fully implemented this vision. That’s all the more reason why those who are interested in SASE should consult the expertise of a partner who’s implemented SASE for clients before. InterVision is one of the few third parties who can say we’ve done so.

Speak with an Expert

To learn more about SASE, have a conversation with an InterVision expert. You can contact us here to request a call.

Get More Info About SASE
Learn More