SASE, which stands for Secure Access Service Edge, is a cloud-based IT model that bundles software-defined networking with network security capabilities and is provided by a single service provider.

Gartner first proposed this concept in 2019, and the definition is to combine comprehensive WAN functions with network security functions and deliver them uniformly in the cloud.

A SASE approach provides greater control and visibility into the users, traffic, and data accessing the corporate network—critical for modern, globally distributed organizations. Networks built with SASE are flexible and scalable, capable of connecting globally distributed employees and offices from any device.

01.What are the advantages of the SASE framework?

SASE offers several advantages over traditional, data center-based network security models:

● Identity-based zero-trust network access

SASE relies heavily on a zero-trust security model that does not grant users access to applications and data until their identity is verified—even if they are already within the perimeter of a private network. The SASE approach considers more than just an entity's identity when establishing access policies; it also considers factors such as user location, time of day, corporate security standards, compliance policies, and an ongoing assessment of risk/trust.

● Prevent attacks on network infrastructure

SASE's firewall and CASB components help prevent external attacks, such as DDoS attacks and vulnerability exploits, from entering and damaging internal resources. The SASE approach can protect both on-premises and cloud-based networks.

● Prevent malicious activity

By filtering URLs, DNS queries, and other outgoing and incoming network traffic, SASE helps prevent malware-based attacks, data breaches, and other threats to company data.

● Simplify implementation and management

SASE consolidates point security solutions into a cloud-based service, enabling enterprises to interact with fewer vendors and spend less time, money and internal resources provisioning physical infrastructure.

● Simplify policy management

Rather than handling multiple policies for separate solutions, SASE allows organizations to set, adjust and enforce access policies across all locations, users, devices and applications from a single portal.

● Delay-optimized routing

SASE helps reduce latency by routing network traffic across a global edge network, where traffic is processed as close to the user as possible. Route optimization can help determine the fastest network path based on network congestion and other factors.

02.How does SASE compare with traditional networks?

In the traditional network model, data and applications reside in the core data center. To access these resources, users, branch offices, and applications connect to the data center from an on-premises private network or a secondary network, which is typically connected to the primary network through a secure leased line or VPN.

This model has proven insufficient to cope with the complexity brought by the rise of cloud-based services such as software as a service (SaaS) and distributed workforces. If applications and data are hosted in the cloud, rerouting all traffic through a centralized data center is no longer feasible.

SASE, by contrast, puts network control at the edge of the cloud—rather than in the enterprise data center. Rather than layered cloud services that need to be configured and managed separately, SASE simplifies network and security services to create a secure network edge. Enforcing identity-based zero-trust access policies on edge networks allows enterprises to extend their network perimeter to any remote user, branch, device or application.