Secure Access Service Edge (SASE) is an architectural concept introduced by Gartner, aimed at streamlining network access, simplifying security processes, optimizing network performance, and reducing the number of vendors and tools IT specialists need to work with.
Why do we need SASE? Here’s an explanation presented by our colleague Eduard Stoica (Presales Consultant) in a recent webinar hosted by Datanet Systems on this topic.
“A”The traditional architecture of data networks is steadily growing in complexity, presenting increasing challenges to efficient management. The manual application of configuration changes to our WAN equipment carries a notable risk of human error, a risk that amplifies as the network continues to expand. Furthermore, we contend with the unpredictable nature of transport link performance. Additionally, the absence of comprehensive monitoring with a meticulous focus on application performance can impose limitations on our visibility, especially when dealing with applications subject to stringent service level requirements (SLAs).
It’s also imperative for companies to acknowledge that the growing volume of traffic destined for the Internet, rendering the routing of traffic through a central hub, irrespective of the end user’s destination, progressively less efficient“, Eduard Stoica, Consultant Presales Datanet Systems.
SASE has emerged to address these needs. Technology evolves in step with businesses, striving to improve working conditions, safeguard the ever-growing network traffic, and streamline processes for enhanced efficiency. A new approach, such as SASE, becomes imperative for securing modern IT environments characterized by dispersed users, applications, and data.
Consequently, SASE has emerged precisely to meet the demands generated by digitization and cloud computing when it comes to security and providing access to various resources from anywhere and at any time.
Ce înseamnă SASE?
Secure Access Service Edge (SASE) is an architecture that combines network and security services as a converged service. It includes SD-WAN (Software-Defined Wide Area Network) and cloud-native security functionalities such as web proxy for applications, CASB (Cloud Access Security Broker) for granular control over known SaaS applications, cloud-based firewall with application-level visibility and IPS (Intrusion Prevention System) capabilities, as well as network access using a Zero Trust approach. These functions are delivered from the cloud and provided as a service by the SASE provider.
The SASE architecture combines SD-WAN functionality with security services in a cloud-based platform that enables secure and efficient connectivity between users and applications, from any device and location.
Conceptually, SASE is built on the model of the “Three Cs”:
- Connectivity to Applications: This is based on SD-WAN (Software-Defined Wide Area Network), which provides efficient and secure connectivity to various applications.
Control of Application Access: This involves filtering at the DNS level, firewall-as-a-service, secure web gateway, and Zero Trust principles. It ensures that access to applications is carefully controlled and secured.
Convergence: SASE unifies connectivity and secure control to achieve a high level of efficiency. It brings together the different aspects of networking and security into a cohesive framework.
Features and Benefits
Specifically, SASE provides an extensive set of features associated with each component (Cisco SD-WAN, Cisco DUO, AnyConnect, Umbrella, Cisco ThousandEyes, etc.), including:
- Remote Browser Isolation;
- Granular control over +40 popular SAAS applications, such as Dropbox, Google Drive, social media, etc.;
- Cloud-delivered firewall with IPS capabilities and access to Cisco Talos signature base
- Secure Web Gateway with malware scanning and analysis from multiple vendors
- Flexible Connectivity Methods and reduced dependence on transport links
- Traffic Tunneling over any physical connection
- Facilitating the transition to Zero Trust
- Access Security through Multi-Factor Authentication.
In terms of results, SASE provides:
- Simplified Management in on-premises and cloud infrastructures through a single interface.
- Adherence to SLA requirements application by monitoring performance metrics and automatically rerouting traffic to another transport link when necessary.
- Security and Inspection of Internet Traffic.
- Unified Enforcement of Security Policies and limiting user access only to the applications they need to perform their tasks, following the Zero Trust approach.
- Enhanced and unified visibility into the IT environment.
By combining convergence, cloud agility, and performance, SASE can support numerous use cases, whether it’s migrating from MPLS to SD-WAN, optimizing and securing access to IT resources, accelerating and controlling cloud applications, embracing remote work in various forms, securing remote endpoints, simplifying network management, and more. During the webinar, Eduard Stoica presented two specific SASE use case scenarios: securing office locations and securing remote users. You can explore these use case scenarios and the description of the SASE architecture and associated components by accessing the webinar recording below.( available in the Romanian language)
Datanet Systems’ team can assist you with any Cisco SASE project, leveraging their significant experience in this field through the implementation of numerous projects involving Cisco SD-WAN and security, with a focus on the cloud, in Romania. For additional details, please don’t hesitate to contact us at email@example.com.