SASE – Secure Access Service Edge 安全存取服務前端

social_icon_fb social_icon_twitter social_icon_line social_icon_line

SASE (pronounced sassy) is a new enterprise networking technology concept introduced by Gartner in 2019. SASE converges the functions of network and security solutions into a unified cloud-native service. In essence, it transitions network security as a service and moving it to the edge of cloud. It combines network security along with WAN capabilities to offer a platform that can keep up with the every more dynamic and the ever-looming threat of zero-day vulnerabilities.

People working from home have exploded in 2020 and will continue well into 2021, perhaps definitively changing way business is conducted for the next few years. Keeping organizations’ data safe in the turbulent sea of the wider internet is the highest priority. Many organizations have only just begun to allow data stored and processed outside of their own directly controlled hardware. Enabling more functions powered by the power of cloud is the next logical step.

SASE - Secure Access Service Edge

There are multiple proposed SASE model from thin to heavy. Thin model utilize the bare minimum cloud based functions, such as SD-WAN and firewall. A heavy SASE stack may include things like DLP, VPN, router, UTM, and more through the usage of virtual appliances. Many solutions provider already provide virtualized and cloud native appliances that could be integrated into a SASE stack.

To optimize the user experience, these services are not hosted by some far-away datacenter but on the edge. The closer proximity compared to the cloud will reduce the perception of latencies introduced. Capacities are infinitely scalable via offloading to the cloud on-demand. This simplifies hardware infrastructure planning due to not having to balance typical workloads versus peak loading.

SASE is an interesting model. However, due to it’s nature, it requires a large overhaul of an organization’s infrastructure. The biggest hurdle is that SASE compatible portfolio is incomplete and may take years to mature. It remains to be seen whether or not organizations will take on the SASE model piece-meal, or will wait until the market matured and transition in whole. Another issue is whether or not organizations are ready to entrust the cloud for critical network security services. Perhaps SASE can be a prime candidate for hybrid cloud use where it is a happy median between control over private data and boundless power of the cloud.

Palo Alto, one of the leading network security solutions provider, has graciously provided the full Gartner report here (registration required):