SASE: A next-generation cloud-security framework

The ongoing pandemic has forced organizations across the globe to install work-from-home policies. A majority of the workforce in various industries, especially IT, have already adapting to working remotely. With a sudden rise in remote users and growing need and demand for cloud services, a huge volume of data is being transmitted between datacenters and cloud services. This has also given rise to the increased need for network security and a safer means of data transmission. The existing network security approaches and techniques are no longer dependable for the required levels of security and access control. To secure these surging digital needs, Gartner debuted an emerging cybersecurity framework in the form of what it calls SASE.

What is SASE?

The term SASE (pronounced “sassy”) is an acronym for “secure access service edge.” It is a burgeoning cybersecurity framework that promises cybersecurity while promoting safer cloud adoptions. SASE is an integration of several already existing technologies. In simple words, SASE is a hybrid cloud-based service model that accumulates a wide-area network (WAN) with network security services such as FWaaS (firewall-as-a-service), zero-trust network access, DNS, Cloud SWG, CASB (cloud access security brokers), and more. Since SASE is still in its infancy, there are no set industry standards for the service yet. However, the architecture allows service providers to customize it in accordance with the clients or companies adopting it.

SASE architecture model

How does it work?

Compared with traditional networking models, SASE has few unique differentiating aspects. Half of the technologies involved are designated for network traffic and the other half are meant to provide security. SASE framework is designed to allow enterprises to apply the relevant security context to their own implementation. This allows organizations to custom-choose the technologies, allowing them to focus on business requirements concerning security, performance, reliability, and cost.

SASE convergence

While there are dozens of feature sets and attributes associated with SASE, here are the primary characters of this new framework, which better explains how SASE works.

  • SASE providers need to provide a global SD-WAN service with its own private network with global points of presence (PoPs). All traffic needs to be routed across this private network avoiding the typical latency and security related issues associated with the Internet.
  • SASE, unlike many network protocols, is identity-driven. This means that both security and network access are provided based on the user and device identity along with the location information and not the IP address.
  • In SASE, network traffic is not delayed for security checks. Instead, all the security enforcements, along with other policies, will be enforced at PoPs.
  • SASE needs to be provisioned using cloud services and should avoid service chaining. However, service providers can allow users to have a multi-tenant environment for price friendliness. Moreover, the SASE service provider should be able to rapidly upscale more cloud instances and services on a need basis.

SASE benefits


Offers threat prevention and mitigates the possibility of intruders sniffing or tapping data during transmission. Moreover, integrating SASE with data protection services and policies can prevent unauthorized access and abuse of confidential data.

Reduced costs

SASE can be accessed in a multi-tenant environment, making the service more cost effective. Moreover, the flexible and adaptable nature of this architecture allows organizations to choose the services they need.


SASE is served on a global SD-WAN with dedicated points of presence. This reduces network congestion, and since the data transactions and network requests are served on private network lines, traditional latency-related problems can also be drastically reduced.

Less overhead

All the security services are provided dynamically and are maintained by the service providers. This reduces the effort and financial overhead from organizations.


SASE is a cloud-based infrastructure that is an accumulated service of several security services such as data protection, DNS security, credential stuffing prevention, and data loss or prevention. Users are flexible in choosing the services that best suit their organization’s own needs.

Future of SASE

It has just been a year since SASE was announced by Gartner in its August 2019 report. While the architecture is still in its infancy, considering the benefits and flexibility it offers to secure the cloud environment and data transfer, we can expect a quick adaption of the service. But this is not an easy framework to implement. Vendors need to have a strong and reliable global presence to set up SASE. Gartner predicts that the current adoption rates for SASE might be less than 1 percent globally. However, they also predict over 40 percent of enterprise adoption by 2024.

Featured image: Shutterstock

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top