Server hallway in the blue sky-1

SASE Architecture and Components

Legacy network security architectures were designed for an era didn't face the  dynamic and distributed security and access requirements in today’s business world. Notably, they aren't able to secure the remote workforce or the omnipresent cloud.
 
In this world, Secure Access Service Edge, or SASE (pronounced “sassy”), is an emerging cybersecurity concept that Gartner described in the August 2019 report The Future of Network Security in the Cloud.
 
In a SASE architecture, consistent security is extended to all enterprise resources. It defines an architecture that delviers network experience with the right level of security access. This access is based on the identity and real-time condition that is in accordance with company policy. This allows you to customize your experience and level of security depending on factors that include location, device, and the resource.  
 
SASE Architecture and Components
 
From a single control point, security teams can configure policies that secure SaaS apps, control access to web destinations, identify shadow IT, and defend on-prem apps. The architecture will often include a Cloud Access Security Broker (CASB), Secure Web Gateway (SWG) and Zero Trust Network Access (ZTNA) functionality.
 
As SASE architectures replace a number of disjointed point products, they can also deliver significant cost savings. 

Cloud Access Security Brokers

Gain visibility and control for data that has moved off premises and into SaaS apps and IaaS platforms.

  • Protect data and stop leakage with access control and data loss prevention (DLP)
  • Keep malware from infecting your cloud through advanced threat protection (ATP)
  • Maintain visibility in the cloud by tracking user activity and generating security reports
  • Authenticate users with single sign-on (SSO) and multi-factor authentication (MFA)

Secure Web Gateways

Secure web traffic as users browse websites and access unmanaged applications (shadow IT).

  • Filter content by categories like streaming and gambling to enhance productivity
  • Keep threats at bay by blocking access to destinations like botnets and malware sites
  • Control the usage of shadow IT and direct employees to correct, sanctioned apps
  • Prevent data leakage by stopping the upload of sensitive files to the web
 

Zero Trust Network Access

Ensure consistent security for on-prem resources like Jira and Confluence as well as thick client apps like SSH and remote desktops.

  • Secure access to internal apps by factors like user group, location, and device type.
  • Prevent employees from downloading or uploading malware to the network
  • Log user activity to enable audit and demonstrate regulatory compliance
  • Authenticate users through native functionality or integrations with leading IdPs

Public Cloud Architecture

The proliferation of the mobile and remote workforce requires SASE services to connect with more than just sites. Only when the underlying architecture is based on the global public cloud, can SASE offerings be called true cloud security platforms that scale to firms' needs. 

  • SASE solutions that use hardware appliances or private clouds fail to scale and perform
  • Platforms deployed in the public cloud exhibit the highest uptime and performance
  • Cloud-based architectures scale to your needs proactively rather than reactively
  • The worldwide public cloud enables security and usability anywhere in the world
In effect, a SASE architecture that relies on box-oriented delivery models in private data centers or those wtih limit points of presence will be unable to meet the performance requirements of most companies.
cloud solutions brief image

Bitglass SASE

Want to see Bitglass solutions in action?

Request a free trial below.


Request Free Trial