SASE - Secure Access Service Edge
The future of network security in Multi-cloud environments
Secure Access Service Edge, or SASE for short, is a cloud-based architectural concept that brings together software-defined network functions with network security. Thus, SASE is a combination of an advanced SD-WAN-Edge deployed at the branch office and comprehensive security services delivered via the cloud.
We deliver the WAN network, security and access architecture from a single source. Security functions work at the edge of the cloud. Instead of unnecessarily layering cloud services on top of each other, resulting in high configuration and management overhead, SASE optimises network and security services for secure and seamless edge computing. Research and consulting firm Gartner coined the term in 2019:
"Secure Access Service Edge is a newly developed offering that combines the power of WAN with comprehensive network security features (such as SWG, CASB, FWaaS and ZTNA) to address the secure access needs of digital enterprises." – Gartner
Why not stick with the long-familiar?
SASE provides a cloud-based alternative to the traditional "hub-and-spoke" network infrastructure. In traditional network models, the connection of users, branch offices and applications is created through the means of centralised data centres. A local private network or secondary network, which has VPN access to the primary network, connects to the data centre.
All application traffic from branch offices for security testing was routed to the corporate data centre via private MPLS services. Over the past 30 years, this is how networks, users and applications have created connectivity around data centres. Here, a secure perimeter protects the applications and data from outside access.
What are the obstacles of the old model?
This solution is unsuitable for the complex challenges of cloud-based services (SaaS), IoT applications and the increase in remote usage in recent years – especially after taking the Covid19 pandemic into consideration. Traffic destined for the internet must first pass through the company's data centre and firewall before reaching its destination. Therefore, application performance and user experience deteriorate.
Security requirements can no longer be met and therefore complexity, latency and costs increase enormously. It is also not functional to redirect all traffic through a central data centre when most applications, workloads and sensitive corporate data are now moved to the cloud. Managing and updating different access policies and security services can become a nightmare for IT departments.
The new challenges
SASE makes it easy to embrace the new reality
SASE finds a new way for the enterprise data centre not to remain the central hub of the network structure. By transforming the WAN and security architecture with SASE, companies can ensure direct and secure access to applications and services in multi-cloud environments. And this is independent of location or access from devices in use.
Security policies can be defined centrally by moving key processes to the cloud, but operate locally at the network access (edge) and refer to identities and context for access control. The software-defined WAN infrastructure can be flexibly adapted, and transmitted data can be prioritised. Services and applications are accessed via the provider's cloud infrastructure. At the point of presence (PoP), traffic is checked and routed to the global SASE WAN or the internet.
So why rely on SASE?
Digital transformation. This is the need of tomorrow. This requires a transformation of security and the WAN. Extending SD-WAN capabilities while embedding them in modern cloud security services can ensure robust enforcement of policies and access controls for applications, devices, users and IoT.
Both elements should be transformed by cloud-first enterprises. Taking WAN and security architecture to a new level is the only way to unleash its full potential. A company can start with one of these elements, but should upgrade both to realise the true value of the cloud investment.
The four central safety components of the SASE model
Firewalls are being delivered from the cloud as a service
-
Defence against cyber attacks on cloud-based platforms, infrastructure and applications
-
Firewall as a string of security functions, including URL filtering and unified policy management for network traffic
Ideally suited for remote teams, preventing cyber threats and data breaches by:
- Filtering unwanted content from web traffic
- Blocking unauthorised user behaviour
- Enforcing security policies
Security features for cloud-based services:
-
Detection of unauthorised enterprise systems
-
Access control secures sensitive data
- Data Loss Prevention
Access verification from each individual user for applications
- Security of internal resources from the public
- Preventing possible breaches against data protection
One platform, many benefits
Consolidation with SASE brings forth a myriad of positive possibilities:
Technical advantages for your company:
- flexibly scalable WAN and security services
- rapid provisioning and management as an automated service from the cloud
-
ensuring performance for real-time sensitive applications by reducing latency
- improved security through ZTNA and network traffic and identity auditing at the network edge
-
high level protection against malware and DDoS attacks
- Prioritization of data traffic
Business benefits for your company:
- Reduced complexity and total cost of ownership for WAN and security
- Improved enforcement of security policies across the enterprise
- Brand image protection
- Increased productivity, IT efficiency and customer satisfaction
- Improved application performance and reliability
In addition, a SASE structure can help you evaluate and integrate new security technologies as they become available.
Our support for the introduction of your SASE structure
Secure Access Service Edge means: the provision and management of network and security on a cloud platform. SD-WAN functions are bundled with network security functions in a unique way. Many of the network and security functions are normally provided as isolated solutions. SASE consolidates these into a single, integrated cloud service. Our offering combines the following solutions into one package: