Infrastructure security

Secure access service edge (SASE)

Combines network security with WAN capabilities to provide secure and direct access to cloud services and applications from any location.

Unifying network security and connectivity for the cloud era

Secure access service edge (SASE) is a cloud-based security model that combines network security functions with wide-area network (WAN) capabilities to support the dynamic secure access needs of organizations. For cloud security engineers, SASE represents a shift in how network security is delivered, moving from traditional perimeter-based approaches to a more flexible, cloud-native model.

SASE architectures typically include a range of security and networking services, such as Secure Web Gateways (SWG), Cloud Access Security Brokers (CASB), Firewall-as-a-Service (FWaaS), and Zero Trust Network Access (ZTNA), integrated with WAN capabilities like SD-WAN. This convergence allows organizations to apply consistent security policies regardless of where users, applications, or devices are located.

In cloud environments, SASE offers several key benefits. It provides a unified approach to securing access to cloud services, reducing complexity and improving visibility across distributed networks. SASE enables organizations to implement zero trust principles more effectively, as security policies can be applied based on the identity of the user, device, and application, rather than network location. The cloud-delivered nature of SASE also means that security services can be scaled and deployed more flexibly to meet changing business needs. For cloud security engineers, implementing SASE can help address challenges such as securing remote workforce access to cloud applications, protecting against cloud-based threats, and maintaining consistent security policies across hybrid and multi-cloud environments. By adopting SASE, organizations can enhance their security posture while improving network performance and reducing the complexity of managing multiple point solutions.

Product vendors

Cisco
Cloudflare
Fortinet
Palo Alto Networks
Twingate
Zscaler

Similar categories

Zero trust network access (ZTNA)
Implements a "never trust, always verify" approach to network access, providing secure, granular access control for users and devices in cloud environments.
Cloud access security broker (CASB)
Provides visibility and control over cloud service usage, enforcing security policies and compliance between users and cloud applications.
Software-defined wide area network (SD-WAN)
Applies software-defined networking principles to WANs, enabling centralized control and optimization of traffic between cloud resources and branch offices.
Firewall-as-a-service (FWaaS)
Provides cloud-based network security, offering firewall capabilities as a service to protect distributed networks and cloud resources from threats.