What is secure access service edge (SASE)?
Discover how the secure access service edge (SASE) framework unites wide area networking and Zero Trust security to safeguard cloud-based enterprises.
Key components of SASE
SASE can be broken down into six essential elements.
Software-defined wide area network (SD-WAN)
A software-defined wide area network is an overlay architecture that uses routing or switching software to create virtual connections between endpoints—both physical and logical. SD-WANs provide near-unlimited paths for user traffic, which optimizes the user experience, and allows for powerful flexibility in encryption and policy management.
Secure web gateway (SWG)
A secure web gateway is a web security service that filters unauthorized traffic from accessing a particular network. The goal of a SWG is to zero in on threats before they penetrate a virtual perimeter. A SWG accomplishes this by combining technologies like malicious code detection, malware elimination, and URL filtering.
Cloud access security broker (CASB)
A cloud access security broker is a SaaS application that acts as a security checkpoint between on-premises networks and cloud-based applications and enforces data security policies. A CASB protects corporate data through a combination of prevention, monitoring, and mitigation techniques. It can also identify malicious behavior and warn administrators about compliance violations.
Firewall as a service (FWaaS)
Firewall as a service moves firewall protection to the cloud instead of the traditional network perimeter. This enables organizations to securely connect a remote, mobile workforce to the corporate network, while still enforcing consistent security policies that reach beyond the organization’s geographic footprint.
Zero Trust Network Access (ZTNA)
Zero Trust Network Access is a set of consolidated, cloud-based technologies that operates on a framework in which trust is never implicit and access is granted on a need-to-know, least-privileged basis across all users, devices, and applications. In this model, all users must be authenticated, authorized, and continuously validated before being granted access to company private applications and data. ZTNA eliminates the poor user experience, operational complexities, costs, and risk of a traditional VPN.
Centralized and unified management
A modern SASE platform allows IT administrators to manage SD-WAN, SWG, CASB, FWaaS, and ZTNA through centralized and unified management across networking and security. This frees IT team members to focus their energy in other more pressing areas and boosts the user experience for the organization’s hybrid workforce.
Learn more about Microsoft Security
Zero Trust solutions
Embrace proactive security with Zero Trust.
Microsoft Defender for Cloud
Secure your multicloud infrastructure.
SIEM and XDR
Get integrated threat protection across your technological environment.
Microsoft 365 Defender
Secure your end users with threat protection technology.
Gain visibility across your entire organization.
Microsoft Defender for Cloud Apps
Protect your cloud apps with a cloud access security broker.
Get integrated protection for your multicloud apps and resources.
Explore this beginner’s guide to cloud computing.
Secure access service edge (abbreviated SASE) is a cloud-based security architecture that converges software-defined wide area network (SD-WAN) with a consolidated cloud-delivered security stack that features SWG, CASB, ZTNA, and FWaaS.
SASE architecture is a leading architectural model, powered by a global scalable network, that boosts hybrid workforce productivity and reduces complexity in today’s distributed enterprise environments.
SASE differs from traditional network security approaches in the way it inspects and connects users, endpoints, and remote networks to apps and resources. Where traditional enterprise network security options backhaul traffic to private networks and corporate data centers through secure web gateways and firewalls, SASE provides a global, consistent presence at the point of access.
This model eliminates the poor user experience, operational complexities, costs, and risk of traditional security models, reduces the enterprise attack surface, and enhances IT agility.
SASE solutions are made up of six essential elements, which provide a wide range of capabilities:
1. Software-defined wide area network (SD-WAN): An overlay architecture that creates virtual connections between endpoints.
2. Secure web gateway (SWG): A web security service that keeps unauthorized traffic from accessing a particular network.
3. Cloud access security broker (CASB): A SaaS application that acts as a security checkpoint between on-premises networks and cloud-based apps.
4. Firewall as a service (FWaaS): A solution that moves firewall protection to the cloud instead of the traditional network perimeter.
5. Zero Trust Network Access (ZTNA): An IT solution that requires all users to be explicitly authenticated, authorized, and continuously validated to access company apps and data.
6. Centralized and unified management: Policy management from a single console.
When properly implemented, SASE allows organizations to ensure secure access no matter where their users, devices, or applications are located. Additionally, SASE offers:
1. Flexible, comprehensive security—from threat protection to next-generation firewall.
2. Optimized performance and an improved user experience (for example, reduced latency and on-demand security).
3. Reduced cost and complexity, thanks to the consolidation of key networking and security functions into fewer solutions.
4. Agile, scalable network edge, which accelerates digital transformation and IoT adoption and enables the modern hybrid workforce with better productivity and reduce complexity across the organization.