What Is Secure Access Service Edge (SASE)?

What is Secure Access Service Edge? It’s a bit of a mouthful, like many digital transformation terms, but don’t worry: today we’re going to break it down for you—what it means, why it exists, and why you might consider thinking about adopting it for your business in the future.

Cybersecurity can seem like a minefield, today. Not only are businesses facing a veritable onslaught of cyberattacks—which have increased since the start of the pandemic—but many organizations lack the solutions and expertise to effectively head off these attacks.

Related Post: AI-Generated Malware and How It's Changing Cybersecurity

And that’s where SASE solutions like Cisco’s Umbrella come in, providing a suite of apps to help businesses protect their data wherever it is in the world—a key area of contention with so many SMBs today operating with remote workers and freelancers.

What Kind of Solution Is SASE?

SASEs are a way of combining the flexibility of SD-WAN (software-delivered wide area networks) with the benefits of cloud security at the individual device level.

What’s Wrong with SD-WAN or MPLS?

Software-delivered wide area networks have been an extremely effective tool for businesses looking to extend their operational capacity and are quickly becoming a favored option in modern organizations over the more traditional MPLS method of routing data.

With MPLS, businesses establish a private network between their branches which can then be monitored and managed from headquarters or wherever the central data center is located.

This essentially means that data and traffic is routed, handled, and validated at the data center through the private network before it reaches its destination.

67% of surveyed organizations will have deployed SD WAN by summer 2022.

MPLS can typically be relied on as a secure method for transporting data and information between offices in a business.

Because of widespread cloud adoption by SMBs, particularly during 2020, SD-WANs have become a more sought-after solution than ever.

Between remote workers, increasingly large data sets in the cloud, software-as-a-service becoming ubiquitous, and infrastructure-as-a-service now forming a significant portion of many businesses’ hardware capacity, the need for networks to handle massive amounts of data is critical.

Because of this, MPLS routing has seen less interest than SD-WAN recently, owing to the fact that large data sets cause strain on a network not designed to handle the amount of data that travels within a company on a daily basis.

Companies using MPLS may find that it no longer accommodates their needs, and so many have switched to SD-WAN to pick up the slack.

So, What’s the Issue?

SD-WAN is in essence a way of decentralizing the way data is managed in a business. It decouples network management and monitoring from the underlying hardware, instead working as a piece of software that can be deployed wherever the business wants.

Without the restrictions of needing to be within reach of a dedicated MPLS circuit, SD-WAN assesses data and determines the best possible route for that data, be it via broadband, MPLS, or mobile networks.

This allows a lot more flexibility for organizations that have employees operating outside of branches or on the road.

54% of businesses are prioritizing improvements on visibility and security for home workers and cloud infrastructure.

SD-WAN Was Created with Flexibility in Mind

SD-WAN was developed and intended to be a means for companies to emulate the reliability and network performance expected from more traditional branch-to-branch networks.

In short, it was built to provide flexibility and performance, but not security—and herein lies the main point of contention.

As SD-WAN uses public networks to move data, it cannot meet the standards of security that organizations come to expect from their typical office networks, but at the same time it’s a necessity for business operations to maintain the level of flexibility and efficiency offered by SD-WAN.

In effect, with an SD-WAN in place, traffic will frequently be directed through the public internet, bypassing the corporate security protocols that the office network will have implemented.

The question is, then, how do businesses adopt the performance of SD-WAN while maintaining the water-tight security of MPLS?

Secure Access Service Edge (SASE)

This is where SASE comes in. While SD-WAN offerings commonly come with security measures, they are often secondary applications that are not “baked in” to the solution.

This is even more the case when we consider WAN’s typical security focus on on-premise servers rather than cloud servers—which is where the majority of data is kept today, be it SaaS apps or cloud storage.

SASE was designed with precisely this in mind and looks to offer a service that includes SD-WAN in addition to a complete cloud security stack.

First coined by Gartner in 2019, SASE has quickly become a driving force in the cloud networking industry as organizations look for solutions that offer them the flexibility and security that SASE can provide.

How Does It Work?

Most SASEs are designed to have SD-WANs integrated into them.

SASE systems operate by incorporating multiple solutions—like firewall-as-a-service (FaaS), SaaS, secure web gateways, cloud access security brokers, endpoint security, and zero-trust network access.

SASE doesn’t use hardware in central servers to inspect data. It instead uses points of presence (PoPs) near to the location of the device sending information (an employee’s laptop or phone, for example), and uses that as the point of inspection instead.

This means that data can be routed more efficiently and a lot more quickly for the end user, who no longer has to wait for their data to be routed to their branch inspection point (usually in a data center far away from their location, resulting in latency).

This makes it easier for users to get their work done without data latency issues arising from being out of the office, and easier too for the IT department, which no longer has to operate on a site-to-site basis, but now a user-to-user basis.

The simplicity of managing devices through a cloud-based SASE solution is one of its key benefits—so long as users have the client app on their device, they receive all security protections necessary through the cloud and IT can monitor each device through software without the need for any hardware at all.

What Security Features Should You Expect From An SASE?

As a partner of Cisco, we’re going to take a look at their Umbrella SASE solution. It integrates with SD-WAN and offers a host of security features, including:

DNS-layer security

DNS-layer security identifies malicious domains that are used to “stage” attacks—provide the infrastructure for cybercriminals to attack.

Requests from these domains are then blocked, preventing infiltration attempts from bad actors.

It stops malware and stops communications back to attackers if compromised machines connect to your network.

Secure web gateway

A web gateway records and inspects traffic to ensure protection from malware.

Traffic is forwarded to the gateway, which then enforces corporate access policies and other security protocols to stop unauthorized users from access.

Firewall 

The firewall provides visibility for outbound traffic across all network ports, creating a filtering system that keeps out unwanted traffic from accessing the corporate network. 

Cloud access security broker

A cloud access security broker, or CASB, is a method for protecting cloud data in cloud apps and services.

The CASB exists between the cloud user and the cloud service, monitoring activity and preventing threats from retrieving cloud data. Tokenization, authentication, and device profiling are common examples of CASB policies to protect cloud access.

 Threat intelligence

Antivirus software has traditionally worked on a simple basis—a virus is detected by a vendor, they create a signature for it, and then update their software so other users aren’t affected.

Threat intelligence uses machine learning to automatically recognize patterns of malicious data and sniff it out before it poses a danger to anyone.

Because of the enormous benefits of threat intelligence in dealing with modern security threats, this should be expected in any SASE tech stack.

Bottom Line

Many businesses have opted for SD-WANs in order to attain the increased scalability and flexibility it affords their operations—very significant in a period where remote work and the Internet of Things is commonplace.

SD-WANs were created with network performance in mind, not security.

Because of this, SASEs, which bundle the performance of SD-WANs and the benefits of cloud cybersecurity solutions, have made a strong case for themselves in terms of what they can offer as far as the combination of security and operational capacity goes.

SASE solutions, like Cisco’s Umbrella, are a good way for businesses to ensure their data protection, wherever it is in the world, while keeping the simplicity of total visibility across their network and at the same time reducing their reliance on traditional hardware units for network routing.

Subscribe to our blog to receive monthly insights into business technology and stay up to date with marketing, cybersecurity, and other tech news and trends.