SASE Security – What is Secure Access Service Edge?

When the bulk of employees lived in one place and worked in a secondary location, accessing data centers in a very predictable manner, legacy security systems sufficed. These systems operated at the data server level, applying identity checks at the same point of access.

In 2022, things are quite different. SASE security has become the standard, with a 2021 study showing that 64% of businesses have implemented this approach, or will do so in the future, according to Security Magazine.

Exacerbated by the COVID-19 pandemic, we have an increasingly hybridized workforce. Regardless of how decentralized workforces become, the platforms we all rely upon to conduct our business still need to be protected against cyber-attack, unauthorized access, and espionage. SASE Security aims to provide the network best suited to the 21st century.

Gartner research recognized this when they published their seminal report in 2019, The Future of Network Security is in the Cloud. In that report, they outlined the convergence of various technologies to create a cloud-based security protocol designed to suit the agile environment in which we now live and work.

What exactly is SASE?

SASE stands for Secure Access Service Edge, and it’s pronounced “sassy”. SASE security has several components, often relayed as a confusing set of acronyms which we’ll explain below. These combine to make SASE the preferred solution for distributed workforces.

SD-WAN – Software-Defined Wide Area Network

As its name suggests, this is the network framework that SASE delivers – a private network that is as widespread as it needs to be. A WAN may cover a whole city, state, country, or large sections of the globe, depending on the number and distribution of users. A global corporation will adopt a WAN approach to enable multiple headquarters and distributed off-site workers to access the same secure network and resources.

The software-defined aspect means that the perimeter of the network is described within the software, rather than via traditional hardware routers. This allows the network definition to be adjusted securely and efficiently when it becomes necessary.

Related: SASE vs SD-WAN: Are They Worth Comparing?

ZTNA – Zero-Trust Network Access

Due to the distributed nature of a SASE network, Zero-Trust policies are adopted, where the identity of each user is never assumed or trusted. Under a ZTNA approach, users should expect to have to verify their identity each time they log on with a new device, often with MFA (multi-factor authentication) in place to prevent unauthorized access.

Such policies are defined centrally under a SASE and should operate uniformly throughout the network.

FWaaS – Firewall as a Service

Physical firewall infrastructure is replaced with next-generation software firewalls which operate in the cloud. These technologies use URL filtering, early threat detection, intrusion prevention and DNS security (the domain name system which identifies devices on the network). 

Software-based firewalls are much easier to upgrade and update as new threats present themselves, and are equally available to all users, whether it’s the CEO of a Fortune 500 company or the lowliest freelancer. All users benefit equally from the reassurance such systems provide.

CASB – Cloud Access Security Broker

A cloud access security broker ensures that third-party apps accessed via the cloud don’t present security threats to users on the network. They protect against malware, data leaks and regulatory non-compliance, putting a layer of security between the end-user and the app, regardless of where it’s being accessed.

SWG – Secure Web Gateway

This layer of protection prevents users on the network from accessing content containing malware or viruses. It restricts access to unsecured sites and stops inbound access attempts by bots and other cyberthreats.

Together, these technologies make up SASE, a package of measures designed for the 21st-century workplace and business ecosystem.

Related: Advantages of Partnering with an SD-WAN Managed Service Provider

What Benefits Does Adopting SASE Security Provide?

If this sounds like a lot of different technologies to get working in lockstep, it is. Fortunately there are a growing number of providers who have devised platforms to do just that. SASE is now delivered as an integrated and consolidated suite of security solutions, with most of the hard work of integration already achieved.

Partnering with a cloud-based SASE solution provider conveys the following benefits:

1. Cost and Efficiency Savings. Rather than individually sourcing these components, adopters of SASE buy tried and tested packages that deliver real cost savings and are ready to roll from day one.
2. Centralized Security Policymaking. When you’re using a WAN, you need to be reassured that security policies are being adhered to throughout the network, whether it’s in the headquarters in New York, a branch office in Singapore, or a coffee shop in Manila. SASE lets you set security policies centrally and insist on protocols being followed universally.
3. Straightforward Access Methodology. SASE strikes the right balance between ease of access and rigorous security. Users won’t have to use fiddly VPN devices or follow impossible password protocols. Once devices are trusted, secure yet feasible security measures are in place to permit access. Technologies, including facial recognition and thumbprint scanning, can be incorporated to ensure the highest-level security access.
4. Flexibility. Should additional security features be required, it’s easy to bolt on reinforcement for sandboxing, credential threat prevention and data loss reduction. You can design a SASE network that’s perfectly optimized for each use case.
5. Centralized Network Management. Should users experience problems accessing the service, they’ll always know who to contact. Centralized user support supplies excellent customer service across the WAN, with the same protocols and procedures in place to solve access issues.
6. Effectiveness and Peace of Mind. With SASE securely in place, users can rest assured that the network they are accessing presents no danger to them or their devices. Managers can feel confident that employees are following shared security protocols. IT managers will know that firewalls and SWGs are up to date with the latest threat alerts and patches.

Four Stages to Implementing SASE Security 

Before you move to SASE security, there are some steps that any organization needs to take. These take the form of four types of organizational audits.

Audit of Users and Usage.

You need to understand exactly who requires access, when, where and via what devices. While this need not pinpoint every unique device, it’s important to set the scope of the network. Do you need to allow for 10,000 users across five countries? Should they have access on mobile devices as well as laptops and desktops?

Data and Security Audit.

What kind of data will be kept in the cloud and who will access it? What type of security is required to prevent unauthorized access and how will data integrity be maintained? A private health insurance company might have very different security requirements from a skateboard brand. Remember to factor in geographical data security legislation such as GDPR and CCPA.

Apps and Platforms Audit.

What systems will it be vital for users to access on the network? Will some of them be accessed via mobile devices? You’ll want to draw up a list with the number of users, type of device access and geographical spread.

Management and Support Audit

The last part of the puzzle will be defining what sort of support you’ll require, as well as where and how it will be accessed. You’ll need to set expectations for levels of ongoing support. You’ll also have to decide who, within your own organization, will be the primary stakeholders in this respect.

Your SASE partner will be able to guide you through these processes to achieve an efficient and successful transition.

Choose BCM One as your SASE Security Partner

BCM One has been on board with SASE Security since the beginning. We’ve already provided secure networks for hundreds of blue-chip clients including Breitling, Revlon, Al Jazeera, Build-A-Bear Workshop, Swissport and many more.

Talk to us today about your SD-WAN needs. We’ll help you design a bespoke and secure network that works for all your employees, however centralized, decentralized, or distributed your workforce may be.