SASE is one of the hot words in the network security industry. This article will explain it to you from six aspects: concept, value, and demand. The path to the mountain of books is hard work. To understand SASE, read this article.
1. What is SASE?
Secure Access Service Edge (SASE) is a new enterprise network technology category introduced by Gartner in its August 2019 report, "The Future of Cybersecurity in the Cloud."
SASE combines the capabilities of network and security solutions into a "unified global cloud-native service." It is an architectural transformation of enterprise networks and security that enables information technology (IT) to provide comprehensive, agile and adaptable services to digital businesses.
2. What does SASE do?
SASE is an emerging architecture that combines comprehensive WAN capabilities with comprehensive network security capabilities such as SWG, CASB, FWaaS and ZTNA to meet the dynamic secure access needs of digital enterprises.
3. Why do you need SASE?
Firstly, it is to solve the complexity and delay of traditional architecture; secondly, it is to solve the data security problem of enterprise cloud migration.
In the past, enterprise data was generally stored in data centers built by the enterprise or hosted by the enterprise. Remote users needed to connect through VPN and use terminal protection software on each device. This architecture is complex and has high latency, but with SASE, once end users and devices are authenticated, they have direct access to all resources they are authorized to access, and these resources are protected by nearby security mechanisms.
In addition, Canalys data shows that cloud infrastructure investment has developed rapidly in 2019 and 2020, while the IDG report pointed out that more than 50% of buyers plan to invest in the cloud field in 2021. With the popularization and application of "cloud", enterprise data security faces more uncertainties, and SASE manages data risks in an agile, flexible and secure way to help enterprises prepare for the cloud.
4. What scenarios does SASE cover?
According to Gartner, SASE is more of a philosophy and direction than a feature list. Generally, SASE covers the following two scenarios:
Scenario 1: Access from the office to self-built applications, SaaS applications, and the Internet
|Source: Gartner-"SASE Will Improve Your Distributed Security Everywhere"|
Scenario 2: From the Internet Access corporate websites and internal self-built applications
|Source: Gartner-"SASE Will Improve Your Distributed Security Everywhere"|
SASE core components:
software-defined wide area network (SD-WAN)
identity and access management (IAM)
zero Trusted Network Access (ZTNA)
Cloud Access Security Broker (CASB)
Secure Web Gateway (SWG)
Web Application Protection System (WAF)
Firewall as a Service (FWaaS)
...
5. What are the advantages of SASE?
SASE’s biggest advantage is that it integrates and unifies many different network services into a proxy structure for edge environments and independent users. Traditional methods often require multiple vendors and services to achieve the same control. Using SASE helps reduce The complexity and lack of interoperability of traditional methods, thereby improving security. The specific advantages are as follows:
One reduction, three reductions:
1. Reduce the complexity and cost of traditional methods
2. Reduce unnecessary communication between enterprises and suppliers
3. Reduce the cost of branch offices and other remote locations Amount of hardware required
4. Reduced number of agents on end-user devices
Simplified verification process:
IT managers can centrally set policies through a cloud-based management platform and enforce policies on distributed PoPs close to end users. SASE simplifies the authentication process by making appropriate policy adjustments to the resources requested by the user based on the initial login.
Improve security:
No matter what resources users need and where they are, policies can be implemented equally, and they ultimately enjoy the same access experience. When new threats emerge, service providers will provide specific solutions without imposing new hardware requirements on enterprises.
supports Zero Trust Networking:
SASE supports Zero Trust Networking, where access is based on users, devices and applications (rather than location and IP address).
Increased ease of access:
More types of end users (e.g., employees, partners, contractors, customers) can gain access without having to worry about traditional security (e.g., VPNs and DMZ) potentially being compromised.
Improve work efficiency:
SASE service providers can provide different qualities of service, so each application can get the required bandwidth and network responsiveness. Using SASE can reduce the chores related to deployment, monitoring, maintenance, etc. for enterprise IT staff to perform higher-level tasks.
