Secure Access Service Edge, or SASE (pronounced “sassy”), is a cybersecurity concept where organizations can extend consistent security to all enterprise resources regardless of their location. Using SASE as a single control point, security teams can configure policies that secure SaaS apps, control access to web destinations, identify shadow IT, and defend on-prem apps. The SASE architecture encompasses a company’s headquarters and branch offices as well as home office and mobile users.
The SASE architecture includes Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA) functionalities thus, security teams can achieve a significantly less complex security environment by replacing legacy and disjointed security point products. SASE combines multiple network and security technologies into a single solution. Its primary goal is to deliver the same network and security services regardless of the user’s location (ie. their house, on the road, or in the office).
Today, there are still many companies using multiple security technologies that don’t always work well together. Using a collection of security hardware and software means these companies have to work with numerous security policies through various management tools. This combination is difficult to scale, often leaves security gaps, and is very inefficient.
What makes SASE even more relevant today, is the rise in home users accessing business applications. Many companies are still using VPNs but with VPN’s high latency, users complained about their performance leading to unnecessary inefficiencies.
In a recent World Economic Forum, hybrid workforce article, 20% of the entire US workforce will continue to work from home even after the pandemic has brought other workers back to their office. Since the average employee working from home uses eight SaaS applications plus file sharing, softphones, and other connected applications, the need for low latency, secure access will continue to be an ongoing critical demand from these technically savvy and technically tethered employees.
Thankfully SASE cures the latency, management, scalability, and inefficiency issues by combining Software-Defined WAN, Secure Web Gateway, Firewall-as-a-Service, Cloud Access Security Broker, and Zero Trust Network Access into one architecture.
Specifically, SASE distributes the security functions to the local POP delivering lower latency because an employee’s data no longer has to go through a central location to ensure an organization’s security.
In summary, the goals of SASE include:
- Authenticating the user regardless of their device or location (aka Zero Trust).
- Segregation of users’ access by application. Giving users access to the data they need and preventing them from accessing data outside their realm.
- Distributed security without the latency and expense of a traditional hub and spoke model.
- Single management and policy implementation.
- Covers security gaps that might be exposed when putting multiple, diverse security products together.
- Security for cloud applications.
Cloud Access Security Brokers
Gain visibility and control for data that has moved off premises and into SaaS apps and IaaS platforms.
- Protect data and stop leakage with access control and data loss prevention (DLP)
- Keep malware from infecting your cloud through advanced threat protection (ATP)
- Maintain visibility in the cloud by tracking user activity and generating security reports
- Protect sensitive data with with full-strength encryption solution that protects data-at-rest in any cloud application.
- Authenticate users with single sign-on (SSO) and multi-factor authentication (MFA)
Secure Web Gateways
Secure web traffic as users browse websites and access unmanaged applications (shadow IT).
- Filter content by categories like streaming and gambling to enhance productivity
- Keep threats at bay by blocking access to destinations like botnets and malware sites
- Control the usage of shadow IT and direct employees to correct, sanctioned apps
- Prevent data leakage by stopping the upload of sensitive files to the web
- Secure encrypted traffic at cloud scale
Zero Trust Network Access
Ensure consistent security for on-prem and data center resources like Jira and Confluence as well as thick client apps like SSH and remote desktops.
- Secure access to internal apps by factors like user group, location, and device type.
- Prevent employees from downloading or uploading malware to the network
- Log user activity to enable audit and demonstrate regulatory compliance
- Authenticate users through native functionality or integrations with leading IdPs
Only when underlying architectures are cloud based can SASE offerings be called true cloud security platforms that scale to firms’ needs.
- SASE solutions that use hardware appliances or private clouds fail to scale and perform
- Platforms deployed in the public cloud exhibit the highest uptime and performance
- Cloud-based architectures scale to your needs proactively rather than reactively
- The worldwide public cloud enables security and usability anywhere in the world
Want to see Bitglass solutions in action?
Request a FREE trial below.