Secure Access Service Edge (SASE) is a network security model for delivering security tools and network technologies in a cloud-based service package from a single provider, with a goal of providing fast and secure access to network resources. Analytics firm Gartner developed the term in 2019 as a response to the growing use of mobile devices and cloud applications and services.
Key elements of the SASE model include:
- A Zero Trust network access (ZTNA) solution for secure access to specific applications or groups of applications;
- Software-defined wide-area network (SD-WAN) technologies for central management of corporate WANs that is independent of network equipment. SD-WAN improves traffic-routing performance and reduces costs on WAN deployment and maintenance;
- Secure Web gateway (SWG) tools;
- Cloud access security broker (CASB) — intermediary solutions between users and cloud service providers responsible for implementing security policies such as authentication or encryption of cloud application traffic;
- Cloud firewall (Firewall-as-a-Service, FWaaS).
Some SASE service providers may offer additional components, such as data-loss-prevention (DLP) tools, threat detection and prevention solutions, DNS protection tools, an isolated remote browser, and other network security solutions.
SASE-class solutions are delivered as a single package, thus unifying companies’ network infrastructure and management.
The SASE model may be suitable for companies that:
- Have migrated or are planning to migrate a significant portion of their workloads to the cloud;
- Employ many mobile and remote workers;
- Have offices that are far apart geographically;
- Handle sensitive data and need strict access control for internal resources.
SASE standardization and certification
In 2020, the Metro Ethernet Forum (MEF) launched the SASE Services Definition (MEF W117) project to define industry standards for SASE. It was also the first organization to start certifying SASE services. Today, several vendors provide SASE certification.