Secure Access Service Edge (SASE) is an emerging enterprise strategy that combines network and security functions with WAN capabilities to support the dynamic, secure access needs of today’s organizations. Conceptually, SASE converges SD-WAN and network security services—including next-generation firewall (NGFW), secure web gateway (SWG), Zero-trust network access (ZTNA), and cloud access security brokers (CASB)—into a single service model.
Secure Access Service Edge (SASE)
Delivering the Most Flexible SASE Solution
SASE is the future of security and networking. From SD-WAN, ZTNA, CASB, and NGFW, the Fortinet platform provides complete readiness for embracing SASE.
Download Fortinet Flexible SASE Solution White Paper
What is SASE?
Fortinet SASE - PacketPushers Podcast |
Why is SASE necessary?
Today’s organizations require immediate, uninterrupted access to network and cloud-based resources and data, including business-critical applications, no matter where their users are located. The challenge is that many of the problems resulting from digital innovation efforts—such as dynamically changing network configurations and the rapid expansion of the attack surface—mean that traditional security solutions no longer provide the level of speed, performance, security, and access control that organizations and users require. Therefore, the SASE concept is a logical evolution of needs and tech trends that have been converging in IT and security for years now.
The term SASE (pronounced “sassy”) was first described by Gartner in an August 2019 report called “The Future of Network Security in the Cloud.” Gartner notes that in the SASE market trend report, “Customer demands for simplicity, scalability, flexibility, low latency and pervasive security force convergence of the WAN edge and network security markets”.
|
Fortinet Flexible SASE Solution - CUBE Conversation
John Maddison, EVP of Products and CMO at Fortinet talks with John Furrier for a CUBEConversation from theCUBE studio in Palo Alto, CA about the evolution of Secure Access Service Edge(SASE) and what it means for customers.
Watch NowComponents of the SASE Model
SASE is all about secure access. In addition to connectivity, every SASE strategy must include a core set of essential security elements, including the following.
Industry’s most flexible SASE platform to secure users and edges
- Secure SD-WAN: Advanced WAN networking functions, such as dynamic path selection, self-healing WAN capabilities, support for demanding high-performance applications, and consistent user experience, are the core of a SASE solution.
- Zero-trust Network Access, while an essential SASE component, is more of a framework than a product as it includes several technologies working together. Within a SASE strategy, ZTNA’s primary job is to authenticate users to applications. Advanced context and role-based identity combined with multifactor authentication (MFA) are essential for securing access for users and devices, for both on and off-network.
- A NGFW (physical) or FWaaS (cloud-based) firewall: SASE also needs flexible security offering at the Edge and Cloud-delivered offering to protect Edges and users both on-network and off-network. A hybrid security strategy is required by organizations to enable internal segmentation preventing guests and/or Internet-of-Things(IoT) threats and at the same time enabling consistent security policies for users who are off the network.
- A Secure Web Gateway is used to protect users and devices from online security threats by enforcing internet security and compliance policies and filtering out malicious internet traffic. It can also enforce acceptable use policies for web access, ensure compliance with regulations, and prevent data leakage.
- A CASB service enables organizations to take control of their SaaS applications, including securing application access and eliminating Shadow IT challenges. Combining CASB with on-premises DLP further as an integrated system will also further ensure the protection of critical data.
Benefits of SASE
When properly implemented, a SASE approach allows organizations to apply secure access no matter where their users, workloads, devices, or applications are located. This becomes a critically important advantage as more users join a remote workforce, SaaS applications see rapid adoption, and data moves rapidly among data centers, branch offices, and hybrid- and multi-cloud environments.
SASE Offers:
- Flexible, consistent security: Deliver a comprehensive range of security services, from threat prevention to NGFW policies, to any edge, ensuring zero-trust network access to know who is on your network, know what is on your network, and protect assets both on and off the network
- Reduced total cost of ownership: Conquer point product sprawl once and for all by using a single platform approach and reducing or eliminating capex and opex costs
- Reduced complexity: Simplify your architecture by consolidating key networking and security functions from disparate point products into single solutions, all easily managed from a single-pane-of-glass management system
- Optimized performance: Leveraging cloud availability, your team members easily and securely connect to the Internet, applications, and corporate resources wherever they are located.
SASE and the Fortinet Advantage
For SASE to work well, all of its components need to interoperate as a single integrated system—connectivity, networking, and security elements alike.
Fortinet has been delivering core SASE requirements—plus much more—for years as part of our vision for security-driven networking. Now, along with our recent strategic acquisition of OPAQ Networks, Fortinet can deliver the most complete SASE platform there is.
Fortinet offers the most comprehensive and flexible SASE solution available today.
FAQs
What is SASE?
Secure Access Service Edge (SASE) refers to network architecture that combines security and software-defined wide-area networking (SD-WAN) in a cloud-hosted service. SASE has the potential to improve the security of a wide-area network (WAN) while also supplying adequate bandwidth for each application. SASE is scalable, and vendors typically charge according to usage.
What is the SASE Framework?
The SASE framework refers to the collection of cloud-based services that combine SD-WAN and security. How the SASE framework is set up depends on the client and the security policies needed. The specific security service and SD-WAN solution can be tailored for each organization’s requirements.
What are the key components of SASE?
The key components of SASE include an SD-WAN, a methodology for inspecting and enforcing security policies, and cloud architecture to host the SASE setup. Also, the identity of each user can include, but should not be limited to, an Internet Protocol (IP) address. This allows users to connect on several devices, depending on what they need to use.
What is SASE architecture?
SASE architecture refers to the framework used to implement SASE. It includes three key elements: an SD-WAN, security protocols, and cloud architecture for hosting the SASE. SASE architecture gives users the flexibility to access their WAN by logging in using the public internet through a protected, secure connection.