Secure Access Service Edge (SASE)

---

Secure Access Service Edge (SASE) is a networking and security architecture that provides secure access to cloud applications and services while reducing complexity.

• is a network architecture that combines WAN technologies and cloud-based security services to provide secure access to cloud-based applications and services
• offers a centralized approach to security and access
• prompted by the shift of on-premise servers to cloud
• combines
  • SD-WAN technologies
    • used to implement secure tunnels from remote sites to enterprise services
    • “A” for access
  • with a Security Service Edge (SSE)
• when a user initiates an SD-WAN connection,
  • endpoint is not to a cloud service directly
  • instead to a mediating SSE service
• operates under a zero trust security model
  • does not define security through network boundaries but instead via resources such as users, services, and workflows
• is a confluence of:
  • Wide Area Networks, WANs
  • and Network Security Services
    • such as Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS), and Zero Trust
  • in a cloud-delivered service model
• aims to simplify the complexity of managing multiple network and security services by combining networking and security functions into a single cloud-hosted service
• eliminates the need for dedicated hardware

Security Service Edge

The Security Service Edge (SSE) is a set of technologies that mediate access to cloud services and web applications.

• e.g.,
  • Identity and access management (IAM)
    • define user rights, such as login credentials, privileges, and policies
    • facilitates single sign-on
  • secure web gateway (SWG)
    • on premises SWG is a proxy-based firewall, content filter, and IDS/IPS system that mediates user access to Internet sites and services
  • Zero trust architecture
  • cloud access security broker (CASB)