What Is SASE?
The SASE architecture, or Secure Access Service Edge, combines wide-area networking (WAN) and network security technologies like CASB (cloud access security broker), FWaaS (firewall as-a-service), and ZTNA (zero trust network access) into a cloud-delivered service model. In effect, it puts connectivity closer to users and builds protection and security into the delivery of applications. The benefits of SASE are helping businesses reduce costs, increase application performance, and improve user experiences.
The advantages of SASE are its focus on identity – strictly governing access to applications and data; its cloud-based delivery of security including application-level inspection, intrusion detection and prevention (IDS/IPS), and data loss prevention (DLP); and its delivery of seamless user experiences to access resources globally using clientless browsers or by leveraging mobile clients.
Coupled with Zero Trust Network Access (ZTNA), SASE is poised to bring secure remote access and network security away from today’s aging but widely implemented model utilizing VPNs and heterogeneous systems that dates to the late 1990s.
- How does SASE work?
- Key Components of SASE
- Benefits of SASE?
- SASE vs Zero Trust
- Difference Between SASE and SSE?
- How Businesses Can Implement SASE
How Does SASE Work?
SASE works by combining the power of ZTNA with other security-as-a-service functions into a single, streamlined model. Organizations don’t have to contend with heterogeneous systems that require extensive integration or numerous distributed point products that require maintenance and support. Users obtain access to applications regardless of their location based on their identity, the device they’re using, and globally applied policies that govern specific application access . The result is a single, secure “access infrastructure” for employees as well as contractors and third parties. It’s simpler to deploy and maintain, and IT departments get increased control of application performance.
Key Components of SASE
Key components of SASE include:
Zero Trust Network Access (ZTNA)
- Zentry Trusted Access grants access to specific applications and resources via a cloud-hosted policy enforcement engine. Users simply point their browser to a portal and go – there are no clients to manage or support.
- Zentry Trusted Access also employs context-aware connection requests – time of day, location, authentication parameters, application type – all of these are considered when establishing a session.
Secure web gateways (SWG)
- SWGs monitor and control Internet-related traffic by analyzing it based on state, port, and protocol.
Cloud Access Security Broker (CASB)
- CASBs enforce an organization’s security policies between cloud-delivered resources and the users accessing those resources. Typically they include authentication, auditing, logging, data loss and malware prevention, and encryption capabilities.
Remote Browser Isolation (RBI)
- RBI moves fetch and execute functions to a cloud-based platform, ensuring that only non-executable content is rendered on a user’s device. This can prevent someone from entering sensitive credentials into a suspicious web form, for example.
Benefits of SASE
Organizations can realize numerous benefits of SASE. Most importantly, SASE’s use of ZTNA makes it possible for users to seamlessly and securely access applications in the cloud and data center without the need for complex clients – they simply grab a browser and go. This enhances productivity, collaboration, and security. Other benefits include:
Flexibility
- Centralized policies follow users regardless of their location – or the location of the application. This simplifies and secures all application access.
Reduced complexity
- SASE and ZTNA solutions don’t require extensive integration like traditional heterogeneous IT systems. Users don’t have to download, install, or maintain complex endpoint clients either.
Cost savings
- Through use of enhanced SD-WAN features, branch offices can use lower-cost links such as broadband without sacrificing performance or reliability.
- Organizations can phase out complex, aging VPN installations. VPNs were designed many years ago for far fewer workers to access applications in a corporate data center and do not lend themselves to today’s cloud-centric world.
Increased performance
- SASE leverages ZTNA solutions like Zentry Trusted Access. It doesn’t require heavy, complex clients on endpoint devices and response times are accelerated.
- SASE also includes SD-WAN features, reducing bandwidth congestion and latency for cloud and Internet traffic, improving application performance.
Threat prevention
- Zentry Trusted Access allows only authorized and authenticated users to access applications, virtually eliminating the possibility of an unauthorized user penetrating the network.
- Organizations can apply DLP, CASB, anti-malware, and NGFW features directly in the cloud, significantly reducing the possibility of data loss or leakage.
Data protection
- SASE includes features like anti-malware that guard against spyware, viruses, and other threats.
- Leveraging ZTNA applications like Zentry Trusted Access significantly reduces the chance of data loss or leakage through unauthorized transactions.
- ZTNA also employs end-to-end encryption by default, protecting all data in motion from man-in-the-middle attacks.
Increased Compliance
- SASE’s use of ZTNA as well as other protections increases overall compliance for PCI-DSS, HIPAA, GDPR, and other standards and mandates.
SASE vs Zero Trust
SASE is an architecture that employs zero trust features to ensure no unauthorized access takes place. Zero Trust solutions like Zentry Trusted Access control access to applications; any user or device that is not fully authenticated and authorized is not allowed access. SASE’s other capabilities, like CASB and DLP, are employed to reduce risk across the organization.
Difference Between SASE and SSE
Security Service Edge (SSE) is a subset of SASE. SSE is solely focused on security services: CASB, SWG, and ZTNA. The difference between SSE and SASE is that SSE does not concern itself with SD-WAN enhancements such as WAN optimization.
How Businesses Can Implement SASE
Deploying SASE is an important step in streamlining access, increasing security, and encouraging productivity and collaboration among remote and dispersed workforces. It’s important to identify and understand primary business objectives first. Then, identify one or more applications that will be used most and work with the associated business groups (like marketing, sales, or engineering) to determine data protection policies. Linking the various components of SASE through APIs can simplify and streamline this process.
ZTNA solutions like Zentry Trusted Access ensure that
- Employees, contractors, and third parties get rapid but secure access to applications
- Prevent unauthorized access, restricts access to individual applications, and keep all users off the corporate network (unlike traditional VPNs)
- All connections are encrypted end-to-end, keeping data-in-motion secure
- Centralized policies follow users regardless of their location to ensure that only the applications that are allowed can be accessed
SASE leverages those policies across the board for self-and cloud-hosted applications as well as enterprise applications. So users are secured and protected if they’re accessing a custom app in AWS, or Office 365 or Google Workspace in the cloud. In effect, SASE turns home offices in to branch offices.
SASE can also speed and secure the migration of self-hosted applications to the cloud. IT departments can leverage the same exact policies in ZTNA that were defined for on-premises applications and leverage them for self-hosted applications in the cloud.
Need More Information On SASE?
To learn more about SASE and ZTNA, we invite you to look through zentrysecurity.com/product/ and see how Zentry Trusted Access is the perfect ZTNA solution for small-to-medium businesses, and how Zentry can be deployed as part of a wider SASE solution.
