What is SASE?

Secure access service edge, or SASE, is a cloud-based IT model that bundles software-defined networking with network security functions and delivers them from a single service provider. Gartner, a global research and advisory firm, coined the term "SASE" in 2019.

A SASE approach offers better control over and visibility into the users, traffic, and data accessing a corporate network — vital capabilities for modern, globally distributed organizations. Networks built with SASE are flexible and scalable, able to connect globally distributed employees and offices across any location and via any device.

What security capabilities does SASE include?

SASE combines software-defined wide area networking (SD-WAN) capabilities with a number of network security functions, all of which are delivered from a single cloud platform. In this way, SASE enables employees to authenticate and securely connect to internal resources from anywhere, and gives organizations better control over the traffic and data that enters and leaves their internal network.

SASE includes four core security components:

Secure web gateways (SWG)

An SWG prevents cyber threats and data breaches by filtering unwanted content from web traffic, blocking unauthorized user behavior, and enforcing company security policies. SWGs can be deployed anywhere, making them ideal for securing remote workforces.

Cloud access security broker (CASB)

A CASB performs several security functions for cloud-hosted services, including revealing shadow IT (unauthorized corporate systems), securing confidential data through access control and data loss prevention (DLP), and ensuring compliance with data privacy regulations.

Zero trust network access (ZTNA)

ZTNA platforms lock down internal resources from public view and help defend against potential data breaches by requiring real-time verification of every user and device to every protected application.

Firewall-as-a-Service (FWaaS)

FWaaS refers to firewalls delivered from the cloud as a service. FWaaS protects cloud-based platforms, infrastructure, and applications from cyber attacks. Unlike traditional firewalls, FWaaS is not a physical appliance, but a set of security capabilities that includes URL filtering, intrusion prevention, and uniform policy management across all network traffic.

What are the advantages of a SASE framework?

How does SASE compare to traditional networking?

In a traditional network model, data and applications live in a core data center. In order to access those resources, users, branch offices, and applications connect to the data center from within a localized private network or a secondary network that typically connects to the primary one through a secure leased line or VPN.

This model has proved to be ill-equipped to handle the complexities introduced by cloud-based services like software-as-a-service (SaaS) and the rise of distributed workforces. It is no longer practical to reroute all traffic through a centralized data center if applications and data are hosted in the cloud.

By contrast, SASE places network controls on the cloud edge — not the corporate data center. Instead of layering cloud services that require separate configuration and management, SASE streamlines network and security services to create a secure network edge. Implementing identity-based, Zero Trust access policies on the edge network allows enterprises to expand their network perimeter to any remote user, branch office, device, or application.

How organizations can implement SASE

Many organizations take a piecemeal approach to SASE implementation. In fact, some may have already adopted certain SASE elements without knowing it. Key steps organizations can take towards fully adopting a SASE model include:

Securing remote workforces

Placing branch offices behind a cloud perimeter

Moving DDoS protection to the edge

Migrating self-hosted applications to the cloud

Replacing security appliances with unified

How XcellHost enables SASE

XcellHost is uniquely architected to deliver a platform of integrated network and security services across data centers in over 275 globally distributed cities, eliminating the need for enterprises to purchase and manage a complex collection of point solutions.
XcellHost is a SASE platform that securely connects remote users, offices, and data centers to each other and the resources that they need. To get started with XcellHost, see the XcellHost product page. Or, learn more about ZTNA, a crucial technology behind SASE.