2. HARIS CHUGHTAI
SASE – Secure Access Service Edge
Term coined by Gartner for a converged Network &
Security platform
SASE = Network + Security
Referred as Secure Network access to Cloud as well as
on-prem resources to all users (fixed as well as mobile)
SASE is delivered as a service, minimizing or eliminating
the need for specialized hardware or security appliances
Though SASE can be applicable to organization’s
resources in Private/Public Cloud resources, Remote
offices & endpoints, however mostly it is applicable to
Remote Sites, Mobile & IOT devices
Key benefits brought by SASE includes agility, cost
effectiveness and consistent security
1
"Instead of the security perimeter being entombed in a box at
the data center edge, the perimeter is now everywhere an
enterprise needs it to be — a dynamically created, policy-based
secure access service edge."
Gartner, D G00441737 “The Future of Network Security is in
the Cloud”, 30 August 2019
3. HARIS CHUGHTAI
SASE Driving Factors
Cloud Adaptation
Enterprise services & applications (including the one
carrying sensitive data) migration to public cloud is
inevitable
SaaS e.g. Office365, Salesforce etc
IaaS .e.g custom application running on VMs
Decentralized Network Resources
Traffic used to be 80/20 (80% internal + 20% internet)
Now changing to 20/80 (20% internal + 80% internet)
Mobility
Users are no more bound to their office desk
Need access to services from anywhere
Convergence
Network & Security functions are converging
2
Internet/ SaaS/ IaaS
FW,SWG, CASB, ZTNA
By 2023, 20% of enterprises will have adopted SWG, CASB,
ZTNA and branch FWaaS capabilities from the same vendor up
from less than 5% in 2019.
By 2024, at least 40% of enterprises will have explicit strategies
to adopt SASE, up from less than 1% at year-end 2018.
By 2025, at least one of the leading IaaS providers will offer a
competitive suite of SASE capabilities
Gartner, D G00441737 “The Future of Network Security is in
the Cloud”, 30 August 2019.
4. Secure Access to services for all users from anywhere
Data Loss Prevention (DLP)
Cloud Access Service Broker (CASB)
Zero Trust Network Access (ZTNA)
Secure Web Gateway (SWG)
Firewall Security (FWaaS)
Intrusion Prevention Systems (IPS)
Flexibility, reduced complexity, increased performance
3
SASE Promises
HARIS CHUGHTAI
5. HARIS CHUGHTAI
SASE provides consistent, agile and holistic approach for a converged network enabled with security
Helps avoiding traditional components based products and services
Converged Networking & Security helps reducing number of devices and vendors that organization has to deal
with thus reduces Operational Overheads & bring cost optimizations
When deployed with SDWAN, it enhances not only the security posture but also brings network efficiencies by
incorporating automated traffic optimization & continuity
Improved Security by deploying a Zero Trust approach when users, devices and applications connect. A SASE
solution expected to provide complete session protection, regardless of whether a user is on or off the
corporate network
Reduce dependency on enterprise Data Centers with gradual application migration to public Cloud
4
SASE Advantages to Enterprises
6. SASE & SDWAN
SDWAN is an Access agnostic, agile WAN access (typically used for site-site connectivity to reduce
expensive MPLS cost). Moreover SDWAN is mainly intended for branch sites not for Mobile users
Think of SASE as a platform to securely connect enterprise users to your Cloud as well as on-prem
resources irrespective of their location
SDWAN vendors are strongly pitching their solutions as SASE which may not be entirely true
SASE expected to offers more features than plain SDWAN
SDWAN can be viewed as a SASE solution for branch sites if it can provide the expected security
features
5
HARIS CHUGHTAI
7. Key Take Aways
6
SASE is a fairly newly evolved term, vendors are interpreting it in their own ways
Firewall vendors are positioning their edge FWs as branch SASE (Security + SDWAN)
SDWAN vendors adding limited security features to pitch it as SASE
Be careful in mixing SASE with SDWAN
SDWAN is just a piece of broader solution SASE is expected to provide
Do your due diligence in selecting your SDWAN solution as SASE
Not all Cloud firewalls offer capabilities anticipated from a SASE solution
Don’t ignore the security of Mobile users which are major part of every organization now
Avoid vendors that propose to deliver the broad set of services by linking a large number of products
(e.g. many purpose built VMs)
If organization offices and users are dispersed globally, look for a SASE providers with worldwide POPs
for low-latency user access [providing a distributed edge computing capabilities]
Shift security from boxes to a software based policy driven security service
HARIS CHUGHTAI