What Are SASE Services?

Secure Access Service Edge, or SASE, is an emerging model for managing networking and cybersecurity at a time when IT networks and workforces are increasingly distributed. First described by Gardner in 2019, SASE combines Software-Defined Wide Area Networking (SD-WAN) with various security services in a single, cloud-delivered model. 

SASE services deliver security by focusing on authenticating identities with real-time context rather than backhauling and inspecting traffic in a central data center. As a result, SASE technology enables faster, more secure access to cloud services and on-premises resources no matter where in the world workers are connecting. With SASE, VPN technology and hard-to-manage point solutions no longer need to be part of the security mix. 

SASE services are IT offerings that bundle some or all of the core SASE technology. Some SASE providers offer comprehensive solutions where technology is sourced and supported by a single vendor. Others offer point products or partner with multiple providers to deliver more complete SASE solutions.
 

Convergence of networking and security functions is the principal idea behind the SASE framework, but many approaches exist to make that happen. However, most organizations deploy several core SASE Services.

• Software-Defined Wide Area Networking (SD-WAN) uses software-defined networking to route traffic more intelligently and cost-efficiently across a wide area network. By virtualizing the management of network connections, SD-WAN allows organizations to use a wider range of connections, including multiple low-cost commodity connections like DSL and fiber, along with standard MPLS connections. By centralizing management and offering application-aware routing, SD-WAN improves application performance, delivers better user experiences, increases agility and reduces IT costs.
• Cloud Access Security Broker (CASB) is a technology that sits between cloud service providers, an organization’s users and internal infrastructure, serving as a gatekeeper to monitor cloud usage and block cloud-related threats. CASBs perform various tasks, including enforcing the policy around authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization and malware detection.
• Secure Web Gateway (SWG) technology protects IT assets from attacks and infection and enforces a company’s acceptable use policies. SWGs inspect web traffic to filter out malware and viruses and prevent users from visiting malicious websites and web resources. Secure Web Gateways include technology for filtering URLs, detecting malicious code, placing controls on the use of applications, preventing data loss and other essential security functions.
• Zero Trust Network Access (ZTNA) solutions apply a Zero Trust approach when authorizing users for remote access to private web applications. Zero Trust requires strict and continuous verification for every user and device, blocking visibility and access to all other resources. Unlike VPNs, which grant access to an entire network or portions of it, ZTNA technology grants access only to specific services or applications for as long as a user has a legitimate need.

The market for SASE is new and evolving, with providers offering many different configurations of SASE Services. As IT teams consider their options, there are several essential differences between SASE providers to consider.

• Comprehensive vs. limited solutions. While SASE architecture converges networking and security, not all SASE service providers offer comprehensive services. Some providers offer one or more components or partner with other providers to present a fuller package. IT teams must consider whether they prefer a single-vendor solution that includes enterprise-grade networking and security services or whether they wish to work with multiple vendors.
• Hyperscalers vs. privately run data centers. Some SASE platforms are built on global hyperscaler clouds, while others provision servers and networking from their own privately-run cloud data centers. Solutions built in hyperscaler clouds like AWS and Google Cloud Platform will be able to support rapid growth more easily.
• Global vs. limited scale. Businesses that choose SASE providers with a global network backbone will experience superior and reliable performance anywhere in the world. Providers that connect through the public internet or MPLS lines may not deliver the reliability and low-latency connections required for global use.
• Ease of use. While any SASE solution will combine multiple technologies, not every SASE service provider offers an intuitive and easy-to-use interface that reduces the complexity of managing SASE architecture.

When choosing SASE services, organizations must also decide whether to adopt an access-centric or data-first approach.

Access-centric SASE is geared toward quickly and securely connecting users to the applications and data they need on the web, in the cloud or in internal private data centers. Usually delivered as a cloud-based platform, access-centric SASE offers centralized control over who has access to critical business systems and provides protection from malware, ransomware and other advanced threats. What this approach needs to provide is continuous control over the use of data, making it easier for data to leave the organization through uploads and downloads to websites, cloud apps, corporate, private apps and personal devices like USB flash drives or printers.

While also allowing users to access data safely, data-first SASE monitors and manages how users interact with data and digital and physical systems. This way, data-first SASE identifies risky user behaviors that may result in breaches. Putting data at the center of SASE enables IT teams to automatically enforce security policies based on the level of risk a user presents at a specific moment. Data-first SASE makes uniform enforcement available everywhere – on endpoints, the web, the network and the cloud.
 

Recognized as a leader in cybersecurity by Forrester, Gartner, NSS Labs and others, Forcepoint offers data-first SASE services that take Zero Trust principles one step further. 

Blending the proven networking capabilities of Forcepoint FlexEdge Secure SD-WAN with a cutting-edge Security Service Edge (SSE) platform, Forcepoint ONE delivers better control over how users access business applications and use sensitive data. The result is an easy-to-use security stack, a safer organization and a better user experience.

With Forcepoint SASE services, organizations can:

• Deliver safe, fast access to business data everywhere people need it.
• Automate security for sites while providing superior performance for remote workers.
• Make it easier to adopt Zero Trust with the integration of uniform identity, intelligent adaptive access control and strong data security.
• Centrally configure and enforce security policies in the cloud for sites or endpoints for people working from home. 
• Eliminate the latency of cloud-only approaches and enable secure web browsing that runs up to twice as fast.
• Automatically route risky or unknown websites through Forcepoint Remote Browser Isolation service to access sites, even when they may harbor malicious code.
• Sanitize documents with Forcepoint Zero Trust Content Disarm and Reconstruction (CDR).
• Access enhanced reporting with threat and data security dashboards.