One of the hottest topics – and buzzwords – in the networking space today is “SASE,” or Secure Access Service Edge.
It is notable that the term SASE is given different definitions, depending on the SD-WAN solution vendors or security solution vendors. It is also characteristic that even industry analysts do not agree on a precise definition of SASE.
As a result of the above observations, there are many opinions, misunderstandings and questions about what the correct definition of SASE is. Here are some typical questions:
SASE or Secure Access Secure Edge, is a term first coined in Fall 2019 by Gartner in an article titled:
“The Future of Network Security is in the Cloud,”
To give a definition, we would say that it is a model, or a framework, or an architecture, that describes the necessary network functions, especially at the WAN edge, combined with security services provided by the cloud (Cloud-delivered security services). The common denominator is that all of these functions are offered and managed in the cloud.
It is obvious that none of the above constitute new technologies or capabilities. It is simply the integration of these network and security functions, for which the term SASE was given.
Specifically, the necessary functions at the WAN edge level include:
Ideally, all these functions are integrated and managed on a single platform (orchestrator), which significantly simplifies the management of the branch infrastructure.
These WAN edge functions are therefore combined with security functions provided by the Cloud and indicatively include:
But why do we need SASE?
Why do we need a new security architecture?
The reason is that today, the DC is no longer the center of the universe for most businesses!
If we go back in time, going for example 10 years ago, all corporate applications were hosted on the DC.
All users, regardless of where they were, where they worked, needed to connect to the DC in order to access their business applications.
A business had to take all the necessary security measures around the DC to protect it.
Through an MPLS network and secure connections, users could connect to the central applications, either from within the organization’s branches, or remotely via secure VPN connections. This model worked well for many years.
But then came cloud applications (SaaS) such as:
Also, Infrastructure as a Service (IaaS) services began to be offered in the cloud by international providers such as:
Therefore, the choice to send traffic with a final destination on the internet, through intermediate routing to the central DC of the company, was simply not logical and of course not efficient. Such routing resulted in the burden of traffic with greater delays, which cumulatively created on the one hand a dissatisfaction at the user level regarding the offered service and on the other hand consumed valuable bandwidth.
So what could be simpler than not using the internet to connect to applications hosted in the Cloud?
This thinking led us to rapidly adopt a smarter model based on SD-WAN technology.
But what about securing access for remote users who connect directly to cloud applications?
Traditional perimeter security is definitely not enough.
By transforming traditional WAN and Security architectures with the new SASE architecture, businesses can ensure immediate and secure access to applications and services in multi-Cloud environments, regardless of location or the devices used to access them.
Implementing and configuring security policy enforcement points directly in the cloud and constantly enriching them with the latest threat management tools is much easier than with firewall appliances deployed in hundreds or thousands of branch locations.
The response time of business applications is significantly improved by securely connecting users to cloud-hosted applications that are closer to where they work.
What are the Business Benefits?
The real goal of a SASE architecture is to connect users to their applications more intelligently without compromising security.
And the business benefits of SASE are many, including: