Just under two years ago, Gartner introduced the concept of Secure Access Server Edge (SASE)—a combination of network security and WAN capabilities designed to meet the changing security needs many organizations face. SASE encompasses a variety of different applications, including SD-WAN and cloud access security broker (CASB), offering a ton of functionality for many businesses.
As SASE gains popularity, more businesses are choosing it over traditional VPNs thanks to the advantages it offers. Although this is just a small piece of SASE’s full capabilities, it’s a good starting point when deciding whether it’s the right choice for your business. We’ll cover the basics of SASE in this article and discuss whether you should replace your current VPN solution.
SASE considerations for network security
- SASE packages several tools into one
- Zero trust options for remote employees
- Lower latency than traditional VPNs
- SASE saves businesses money
SASE packages several tools into one
With the growth of remote work over the past year and a half, edge and cloud computing are taking large roles in enterprise IT. Virtual private networks (VPNs) have nearly become a standard in businesses to allow these remote employees to access secure data. However, latency has required that companies improve their delivery methods to allow employees to access data faster. SASE and edge computing move the resources closer to employees, so it doesn’t have to travel as far to get to them.
Rather than a standalone tool, SASE is more of a full-suite solution that combines several security and networking platforms into one. Within the platform, SASE includes:
- Cloud access security broker (CASB)
- Zero trust network access (ZTNA)
- Firewall-as-a-service (FWaaS)
- Secure web gateway (SWG)
Along with these core capabilities, SASE can also detect malware, identify sensitive data, continuously monitor sessions for risks, and quickly decrypt content. With these capabilities, businesses can take better advantage of edge computing capabilities instead of keeping everything in a central data center that employees need remote access to.
Zero trust options for remote employees
Home WiFi networks usually don’t have the same level of security that enterprise networks do. Because of this and the fact that employees are logging in from a variety of locations, zero trust is critical for remote work to be successful. SASE includes ZTNA to continuously authenticate users with multifactor authentication and behavioral analysis to prevent attackers from stealing credentials and getting access to the network through them.
ZTNA also protects against internal threats because employees only get access to the data they absolutely need to do their jobs. This means your marketing team doesn’t have access to payroll data and HR doesn’t get sales records or customer information. This data segmentation helps prevent misuse of data and allows IT to more quickly quarantine a breach if one does occur. Typically, VPNs don’t offer the same level of access control.
Lower latency than traditional VPNs
With traditional VPNs, employees are mimicking the IP address of the location of the central data server, so they can gain access. This results in latency because the request has to travel all the way to the data center, get approved, and then the data travels all the way back to the user. Instead, SASE pushes data out onto the edge of the network, allowing employees to get quicker access. Latency can cause frustration for employees and add up to major delays over time.
Lower latency also keeps data more secure because it reduces the amount of time the data is in transit. By transferring data only short distances, it’s less vulnerable to interception than data that’s traveled from a central server.
SASE saves businesses money
While it may look expensive at face value, SASE can save businesses money on both capital expenses and operational expenses. Because SASE is several applications bundled together, it’s generally cheaper than purchasing several standalone applications. Additionally, IT teams only have one application to learn and manage, so it reduces operating costs. With traditional VPNs, you’d still have to purchase several additional applications to get the same level of functionality, and then your IT team would have to figure out how they work together.
Should SASE replace VPN for your business?
While not every company needs to replace their VPN solution with SASE, if you’re currently using applications for the other platforms SASE includes, like CASB or SD-WAN, it’s definitely worth looking into. Additionally, if you’re experiencing high levels of latency within your organization and you have a large remote team, SASE may be able to reduce that and help your employees be more productive. Overall, SASE is a great choice for companies looking to provide secure and direct access to the cloud for both remote and in-office employees.