Secure Access Service Edge, also known as SASE -- pronounced "sassy" is a cloud architecture model that bundles network and security-as-a-service functions together and delivers them as a single cloud service. A SASE approach offers better control over and visibility into the users, traffic, and data accessing a corporate network - vital capabilities for modern, globally distributed organizations. Networks built with SASE are flexible and scalable, able to connect globally distributed employees and offices across any location and via any device.
A SASE architecture combines a software-defined wide area network (SD-WAN)
or other WAN with multiple security capabilities (e.g., cloud access
security brokers, anti-malware), securing your network traffic as the
sum of those functions. SASE provides
a simple security and networking tool that is independent of where
employees and resources are located. SASE requires little to no
hardware, using the widespread connectivity of cloud technology to
combine SD-WAN with network security functions, including:
- firewall as a service (FWaaS)
- software as a service (SaaS)
- secure web gateways (SWG)
- cloud access security broker (CASB)
- zero-trust network access (ZTNA)
How does SASE compare to traditional networking?
In a traditional network model, data and applications live in a core data center. In order to access those resources, users, branch offices, and applications connect to the data center from within a localized private network or a secondary network that typically connects to the primary one through a secure leased line or VPN. Due to the rise of distributed workforces, It is no longer practical to reroute all traffic through a centralized data center if applications and data are hosted in the cloud.
By contrast, SASE places network controls on the cloud edge — not the corporate data center. Instead of layering cloud services that require separate configuration and management, SASE streamlines network and security services to create a secure network edge. Implementing identity-based, Zero Trust access policies on the edge network allows enterprises to expand their network perimeter to any remote user, branch office, device, or application.
ref:
1. https://www.cloudflare.com/learning/access-management/what-is-sase/
2. https://www.techtarget.com/searchnetworking/definition/Secure-Access-Service-Edge-SASE
3. https://www.zscaler.com/resources/security-terms-glossary/what-is-sase
