What is SASE?

In 2019 the analyst group Gartner coined a new acronym, secure access service edge (SASE), in its report “The Future of Network Security Is in the Cloud.”

Gartner said, “The enterprise data center is no longer the center of access requirements for users and devices.” And it noted that enterprise workloads were being performed in all kinds of new locations outside of the enterprise data center, including on public clouds and at edge locations such as branch offices.

According to one of the report’s authors Gartner analyst Joe Skorupa, SASE (pronounced “Sassy”) came about because software-defined wide area networking (SD-WAN) was becoming incredibly popular. But it “broke security” in the WAN, and that caused the “rethinking of security,” said Skorupa.

SD-WAN creates a software overlay on top of various WAN connections, whether they be MPLS, internet broadband, wireless or hybrid fiber coax. The software then optimizes the traffic, using whichever connection is best at any given time. But the early implementations of SD-WAN left something to be desired in terms of WAN security. Skorupa said initially there were two separate discussions: the network team talking about SD-WAN and the security team talking about security.

The Gartner analysts realized that those discussion would have to come together and they coined “SASE,” which is the blending together of SD-WAN and security.

Although SASE was initially driven by SD-WAN, SASE encompasses more including secure web gateway (SWG), cloud access security broker (CASB), domain name system (DNS), data loss prevention (DLP), firewall-as-a-service (FWaaS) and remote browser isolation capabilities.

Gartner chart

SASE works by identifying entities within a network such as people, branch offices, devices, applications, services or edge locations, and it continuously assesses the security risks and trusts associated with those entities. A SASE architecture then applies policy-based security in real-time to the entities no matter where they are located.

An organization may take a Zero Trust approach as part of its SASE implementation. This means that there are no trust assumptions made when entities connect to the network.

Several vendors provide SASE as a cloud-based service. They claim the technology reduces complexity and costs. Instead of buying and managing multiple security products from multiple vendors, they can use a single security platform consolidated into one cloud-based stack. Security personnel can shift from managing security boxes to setting security policies across the network.

Gartner predicts that organizations will transition from multiple vendors for WAN services to a single SASE vendor or perhaps two-vendor solutions.