SASE (Secure Access Service Edge) is a converged networking and security platform that provides secure access to cloud and on-premise resources for all users from any location. It delivers key security functions like ZTNA, SWG, CASB, and FWaaS as a cloud-based service to minimize hardware and simplify management. SASE is well-suited for remote sites, mobile users, and IoT devices by enabling consistent security policies as users move between different networks and access modes.

1. Secure Access Service Edge
Haris Chughtai
Mar 2021
SASE

2. HARIS CHUGHTAI
SASE – Secure Access Service Edge
 Term coined by Gartner for a converged Network &
Security platform
 SASE = Network + Security
 Referred as Secure Network access to Cloud as well as
on-prem resources to all users (fixed as well as mobile)
 SASE is delivered as a service, minimizing or eliminating
the need for specialized hardware or security appliances
 Though SASE can be applicable to organization’s
resources in Private/Public Cloud resources, Remote
offices & endpoints, however mostly it is applicable to
Remote Sites, Mobile & IOT devices
 Key benefits brought by SASE includes agility, cost
effectiveness and consistent security
1
"Instead of the security perimeter being entombed in a box at
the data center edge, the perimeter is now everywhere an
enterprise needs it to be — a dynamically created, policy-based
secure access service edge."
Gartner, D G00441737 “The Future of Network Security is in
the Cloud”, 30 August 2019

3. HARIS CHUGHTAI
SASE Driving Factors
 Cloud Adaptation
 Enterprise services & applications (including the one
carrying sensitive data) migration to public cloud is
inevitable
 SaaS e.g. Office365, Salesforce etc
 IaaS .e.g custom application running on VMs
 Decentralized Network Resources
 Traffic used to be 80/20 (80% internal + 20% internet)
 Now changing to 20/80 (20% internal + 80% internet)
 Mobility
 Users are no more bound to their office desk
 Need access to services from anywhere
 Convergence
 Network & Security functions are converging
2
Internet/ SaaS/ IaaS
FW,SWG, CASB, ZTNA
By 2023, 20% of enterprises will have adopted SWG, CASB,
ZTNA and branch FWaaS capabilities from the same vendor up
from less than 5% in 2019.
By 2024, at least 40% of enterprises will have explicit strategies
to adopt SASE, up from less than 1% at year-end 2018.
By 2025, at least one of the leading IaaS providers will offer a
competitive suite of SASE capabilities
Gartner, D G00441737 “The Future of Network Security is in
the Cloud”, 30 August 2019.

4.  Secure Access to services for all users from anywhere
 Data Loss Prevention (DLP)
 Cloud Access Service Broker (CASB)
 Zero Trust Network Access (ZTNA)
 Secure Web Gateway (SWG)
 Firewall Security (FWaaS)
 Intrusion Prevention Systems (IPS)
 Flexibility, reduced complexity, increased performance
3
SASE Promises
HARIS CHUGHTAI

5. HARIS CHUGHTAI
 SASE provides consistent, agile and holistic approach for a converged network enabled with security
 Helps avoiding traditional components based products and services
 Converged Networking & Security helps reducing number of devices and vendors that organization has to deal
with thus reduces Operational Overheads & bring cost optimizations
 When deployed with SDWAN, it enhances not only the security posture but also brings network efficiencies by
incorporating automated traffic optimization & continuity
 Improved Security by deploying a Zero Trust approach when users, devices and applications connect. A SASE
solution expected to provide complete session protection, regardless of whether a user is on or off the
corporate network
 Reduce dependency on enterprise Data Centers with gradual application migration to public Cloud
4
SASE Advantages to Enterprises

6. SASE & SDWAN
 SDWAN is an Access agnostic, agile WAN access (typically used for site-site connectivity to reduce
expensive MPLS cost). Moreover SDWAN is mainly intended for branch sites not for Mobile users
 Think of SASE as a platform to securely connect enterprise users to your Cloud as well as on-prem
resources irrespective of their location
 SDWAN vendors are strongly pitching their solutions as SASE which may not be entirely true
 SASE expected to offers more features than plain SDWAN
 SDWAN can be viewed as a SASE solution for branch sites if it can provide the expected security
features
5
HARIS CHUGHTAI

7. Key Take Aways
6
 SASE is a fairly newly evolved term, vendors are interpreting it in their own ways
Firewall vendors are positioning their edge FWs as branch SASE (Security + SDWAN)
SDWAN vendors adding limited security features to pitch it as SASE
 Be careful in mixing SASE with SDWAN
SDWAN is just a piece of broader solution SASE is expected to provide
Do your due diligence in selecting your SDWAN solution as SASE
 Not all Cloud firewalls offer capabilities anticipated from a SASE solution
 Don’t ignore the security of Mobile users which are major part of every organization now
 Avoid vendors that propose to deliver the broad set of services by linking a large number of products
(e.g. many purpose built VMs)
 If organization offices and users are dispersed globally, look for a SASE providers with worldwide POPs
for low-latency user access [providing a distributed edge computing capabilities]
 Shift security from boxes to a software based policy driven security service
HARIS CHUGHTAI