SASE Basics Part 1: Network features

SASE combines modern network services such as SD-WAN with security features such as SSE. In our new series, we will introduce the essential network functions and then explore their special features.

SASE (Secure Access Service Edge) is one of the most important trends in professional IT in recent years. In the past, companies usually had to use separate solutions to operate and secure their networks. However, different systems always mean more effort in managing and securing them.

A modern SASE platform combines these functions in a single cloud solution. It does not matter from where the employees access the company IT systems – whether from the office, from home or from abroad. SASE ensures connection security by integrating advanced security features such as encryption and threat detection.

In short: SASE makes access to data and applications safer and easier by bringing together various security and network functions and making them accessible via the Internet. This saves time and money and makes it easier for companies to protect their data.

In this article, we will introduce you to the essential network functions that make up SASE. In future posts we will consider security features such as Zero Trust and explain the advantages of SASE in detail.

Why SD-WAN relies on software instead of hardware

Virtualization has massively changed information technology in companies. While initially individual systems or servers were virtualized, this technology has also expanded to the network with the introduction of software-defined wide area networks (SD-WAN).

Of course, there are still hardware such as switches, routers or gateways in the network. However, hardware now provides the pool from which the virtualized network functions are obtained. Before the introduction of SD-WAN, most companies had dedicated hardware to connect multiple locations. These devices had to be physically available.

One problem with this approach was that they all had to be installed, configured and maintained separately. This not only took a lot of time and money. If a company wanted to grow later or change its network requirements, it had to buy and install additional hardware. This is still a very complex and expensive process today.

Instead of physical devices, an SD-WAN relies on software and intelligent algorithms for managing and optimizing data traffic. In the meantime, it is possible to add additional locations quickly with the click of a mouse or to change existing configurations. New hardware is no longer needed for this, or at least less often. Different hardware or rented cloud capacities can also be integrated.

Compared to conventional wide area networks (WANs), routing in an SD-WAN no longer necessarily has to take place via a central point. Instead, the more cost-effective and usually more scalable Internet infrastructure can be used to prevent costly bottlenecks.

Benefits of cloud-based architectures

SASE solutions use a cloud-native architecture to ensure greater flexibility and scalability. Deployment and individual components are managed in the cloud and no longer in a local data center. Cloud-native architectures allow companies to respond quickly to changing requirements and scale resources as needed. For example, it is possible to increase or reduce the network capacity without additional physical hardware – depending on the current user and application requirements.

Many tasks in the deployment, configuration and management of services can also be automated in cloud-native environments. This reduces manual effort and the risk of human error. IT staff also have more time to focus on other tasks, such as planning or strategic alignment.

Cloud-native implementations are also usually more resilient than traditional solutions, as they are based on redundantly distributed systems. They can also be deployed across multiple data centers and geographic regions. 

Overall, companies can save significantly if they use cloud-based network services, as they require less or no hardware, fewer personnel and less operational effort.

Why edge computing also contributes to resiliency

Edge computing is also one of the most important components of most SASE implementations. "Edge" refers to the edge of the network, which is now gaining importance again after an initial focus on centralized computing services in the cloud. Edge computing refers to processing data and running applications close to their source, for example in a branch of an enterprise or in a remote IoT device.

By integrating edge computing with SASE, companies are not only reducing latency. They also make better use of the bandwidth, which is often only available to a limited extent, as data processing takes place locally before it is transferred to the cloud. Edge computing also plays a role in applications of artificial intelligence (AI) and machine learning (ML), for example when large amounts of data are processed by surveillance cameras in real time.

However, many networked IoT devices have only low security measures. They are therefore a popular target for cyber attackers, who use them to penetrate foreign networks. Modern SASE implementations automatically integrate these IoT devices as soon as they connect to the network. They also ensure the enforcement of security policies, which reduces attack vectors

We will discuss the other security aspects such as SSE and ZTNA in a later article. Without them, SASE would make very little sense.

Learn more about SD-WAN and SASE now.