SASE Basics Part 3: Advantages at a glance

SASE offers companies and users simpler network and security functions, better performance and lower costs at the same time. What else is behind it?

We’ve already described the basic network and security functions of SASE (Secure Access Service Edge) in detail in our previous articles. We’d like to recap and discuss the key advantages of SASE and how they might benefit your organization.  

SASE – Reviewing the basics

The term SASE was first used by management consultancy Gartner in September 2019 in a paper entitled "The Future of Network Security is in the Cloud". In this paper, authors Lawrence Orans, Joe Skorupa, and Neil MacDonald presented a ground-breaking architectural model that goes far beyond previous disruptive changes, such as the introduction of SD-WAN.

  1. SASE renders existing network and security models in companies obsolete. 
  2. Companies must adopt a cloud-based as-a-service model built on a secure network edge when implementing SASE. The new model must be simple, scalable and flexible, with low latency and high security. 
  3. For SASE, service providers must provide computing power and services as close as possible to the edge of the network.

Other basic components of SASE include SD-WAN, i.e. purely software-defined wide area networks, Secure Web Gateways (SWGs), Cloud Access Security Broker (CASB) for controlling and enforcing security policies, Firewall-as-a-Service (FWaaS) outsourced from the perimeter to the cloud, Zero Trust Network Access (ZTNA) for continuous control of all access and centralized and uniform administration. Depending on the provider, additional components can be added to take care of special aspects, such as protecting end devices against malware and/or spam and phishing.

The most important features of SASE

The key features of SASE are a cloud-based architecture and security infrastructure with context- and identity-based access options:

  • Identity-based security: SASE grants access to resources based on the identity of users, applications, and devices.
  • To the network edge: SASE protects all areas of the network from the cloud to local data centers to the edge.
  • Cloud-native solutions: All components of a SASE platform, whether network or security technology, come from the cloud itself.
  • Comprehensive protection: The protection applies to all users - regardless of where, when, and how they work.

SASE does not route the data through local data centers at first but directly to where it is needed. Users benefit from better connections, a seamless user experience, and greater protection.

The biggest advantages of SASE

SASE offers a decisive advantage over traditional concepts: the model enables secure access to all company resources, regardless of where the data, applications, users, workloads and devices are located. In detail:

  • SASE offers flexible yet consistent security.
  • SASE increases transparency through comprehensive monitoring, which plays a particularly important role in hybrid environments.
  • The consolidation of network and security functions from various individual products into a single, centrally managed solution reduces complexity.
  • At the same time, productivity, performance, and efficiency increase as employees and partners can once again securely access the internet, applications, data, and other resources.
  • By concentrating on a single complete solution, the overall costs are reduced. 

In short, SASE provides efficient and cost-effective enterprise-grade security and network services for any environment.

The disadvantages of SASE

Of course, SASE also has some disadvantages. For example, the fact that Secure Access Service Edge is a model and not a specific product that can be selected according to fixed criteria can cause problems. This in turn, leads to some providers watering down the basic SASE concept and equipping it with superfluous additional functions.

One potential challenge is the initial resistance from different specialized departments. Gartner suggests that implementing a SASE platform should go hand in hand with cultural change within the company. According to experts, a C-level executive should lead the transformation to encourage collaboration between separate specialist areas such as infrastructure and IT security.

Tips for selecting a suitable SASE platform

There are now numerous platforms on the market that use the term SASE. How do you find the best solution for your company and your needs? When making your choice, pay attention to the following points, among others:

  • Are all the core SASE technologies included? These include SD-WAN, SWGs, FWaaS, ZTNA, CASB, URL and IP filters, data loss prevention (DLP), intrusion prevention and detection systems (IPS/IDS), antivirus and secure encryption via SSL/TLS. 
  • Can the solution be used both in the cloud and on-premise or in combination?
  • Is there a central management console?
  • Are the design, architecture, and implementation flexible and scalable to meet your needs in the future?
  • Does the solution cover all geographical areas in which your company is active with its own cloud gateways? 
  • What do the SLAs (service level agreements) look like?
  • How flexible is the billing model? How does it adapt to your actual use of the services?
  • What do the monitoring functions look like? Does it include behavioral analysis, for example?

If you have any questions about SASE or the professional protection of your communication, feel free to contact us. We will be happy to help and answer all your questions about integrating our solutions in SASE, SD-WAN, and SSE. You can also find more information in our brochure, “VPN and the Cloud.”

Download our brochure now