Skip to main content

What is SASE?

What is SASE?

The global cost of cybercrime was estimated at $8.4 trillion in 2022 and is set to surpass $11 trillion in 2023.

While vulnerabilities have always been present in end-point devices, applications, and data paths, organisations previously found safety in localised, on-premises private networks.

However, as more businesses migrate to the cloud and adopt hybrid working, these systems need to be accessible from anywhere. Sticking with a traditional approach to network security can lead to spiralling maintenance costs and poor performance.  

Secure Access Service Edge (SASE, pronounced “sassy”) shifts network security away from complex, centralised infrastructure towards scalable, cloud-based security solutions.

How does SASE work?

In traditional network models, data and applications were housed in a centralised data centre. To access either, users and apps had to connect to the data centre from within a localised private network or a virtual private network (VPN) if they were remote workers.

Such a long data journey can affect transfer speeds, introduce security vulnerabilities, and negatively impact the user experience.

The SASE framework combines a range of cloud-native security technologies with network tools to manage capabilities closer to end users, cutting out additional data transfers to data centres and origin servers. This makes security more efficient, without impacting network performance.

Why do we need SASE?

Enterprise organisations now rely heavily on software-as-a-service (SaaS) and cloud-based solutions that can be directly accessed via the Internet instead of private networks. Since SaaS applications are highly distributed, routing user traffic through a central location leads to higher latency, longer round-trip times (RTT), and bottlenecks. The combination of SaaS and localised private network security has reduced performance and increased system maintenance costs.

Even before the pandemic and the uptick in SaaS usage, some industry experts recognised that change was necessary.

A few years ago, Gartner highlighted that traditional, centralised network security was no longer a viable solution. The organisation predicted that by 2025, at least 60% of enterprises will have strategies to adopt SASE - up from less than 10% in 2020*.

Traditional network approaches simply no longer provide the levels of security and access control required by cloud-enabled organisations. SASE offers more control and visibility over the users, traffic, and data in a corporate network. This helps IT teams strengthen systems and react quickly to cyber threats.

Networks built with SASE are also flexible and scalable. They can connect globally distributed employees and offices across any location, via any device.

What are the components of SASE?

The SASE framework aims to simplify security management. It does this by incorporating cloud-native security technologies, including:

Centralised cloud security management

Through this console, administrators can manage every aspect of security from a single location - streamlining services and reducing the chance of errors.

Cloud access security broker (CASB)

CASB tools enforce your organisation’s security and access policies by monitoring traffic between cloud service providers and end users. CASB platforms are particularly useful in protecting organisations from attacks that target user vulnerabilities.

Firewall as a Service (FWaaS)

FWaaS is a cloud-based service that provides perimeter protection without requiring organisations to deploy dedicated firewall hardware to each business location. Its capabilities include web filtering, advanced threat protection (ATP), intrusion prevention system (IPS), and Domain Name System (DNS) security. 

Secure web gateway (SWG)

SWG solutions protect web users by filtering out malware. They act as a forward proxy and sit in the connection between a user and the Internet. SWGs will intercept and inspect traffic between endpoints to determine whether anything is malicious.

Software-defined wide area network (SD-WAN)

A wide area network (WAN) is used by enterprise organisations to connect branch offices and locations to their central corporate network. A software-defined WAN (SD-WAN) uses software to control the connectivity, management, and services between locations and resources.

SD-WAN works by decoupling the control plane from the data plane within a router to optimise network traffic and app management. It will select the quickest or simplest route for data transfers, preventing excessive network activity and improving the end-user experience through more efficient data transfers.

Zero-trust network access (ZTNA)

The most secure systems work on the principle of least privilege, protecting resources by preventing unnecessary access. ZTNA brings this principle into networks, giving users access only to the apps they need. This helps prevent security incidents and shields critical resources from bad actors.

What are the benefits of SASE?

Combining these technologies into one system brings a lot of benefits. SASE allows users to securely access applications from any location and provides administrators with more control over IT environments.

Simplified security

Some enterprise organisations still rely on a complex array of security solutions from multiple vendors. All these tools can be difficult to maintain and even result in runaway costs and poor oversight. SASE combines security tools and network capabilities to create a simplified, easy-to-manage security framework.

Improved security management

As businesses grow, security teams may need to roll out new features, test improvements, and launch APIs for new services. With SASE, those tasks and their corresponding security checks become much more straightforward.

Enhanced user experience

Through SASE, multiple threat surfaces are automatically monitored and mitigated. Security and resource optimisation tasks can be carried out in real-time without impacting the performance of systems and applications. SASE tools allow users to benefit from high-quality, secure IT environments.

Risk mitigation

Security teams must work to mitigate risks, focusing on critical tasks like protecting systems from malware infection; ensuring service uptime; and data loss prevention (DLP). The ZTNA and secured traffic transfers included in the SASE framework help to mitigate threats.

Edge Computing

SASE allows the provisioning of computing resources and connectivity needed for edge computing. This includes improving application performance, minimising latency, and enhancing the user experience.

Nasstar SASE solutions

Nasstar’s SASE solutions allow companies to better protect users and systems. We combine cutting-edge cloud-native security tools with network capabilities to securely connect users and endpoints to applications and systems anywhere.

Speak to a specialist today.

 

*Gartner