What is Secure Access Service Edge (SASE)?

SASE is a framework designed to integrate security & network connectivity technologies into a unified, cloud-delivered platform. Discover more with Lookout.

SASE defined

As defined by Gartner, SASE is a framework designed to integrate security and network connectivity technologies into a unified, cloud-delivered platform to enable the secure and fast adoption of cloud services. Through the convergence of networking and network security, SASE meets the challenges of digital business transformation, edge computing, and workforce mobility.

As organizations seek to accelerate growth through the use of cloud services, the traditional enterprise security perimeter has evolved into a fluid, constantly moving edge. Users now interface with enterprise apps, data, and other users from wherever they may be, effectively moving the perimeter edge to their current location.

Despite this shift from a physical perimeter to a fluid edge, network architectures have not changed. They are still designed to pass traffic through a defined  enterprise perimeter and then back out again — often via expensive and inefficient technologies. This potentially insecure loop creates significant challenges in terms of service availability, user performance and productivity — challenges that can be effectively addressed through a SASE framework.

Security architectures need to adapt to today’s increasingly cloud-based business models and accommodate a perimeter that is now constantly on the move. Visibility and control of valuable and often irreplaceable enterprise resources can be easily lost when users, devices, and data are created and stored virtually anywhere.

Read SASE blog

Gartner 2021 strategic roadmap for SASE convergence

According to the Gartner 2021 Strategic Roadmap for SASE Convergence, “Security and risk management leaders need a converged cloud-delivered secure access service edge (SASE) to address this shift.”[1] the Gartner SASE model has emerged as a comprehensive framework for enabling secure and fast cloud transformation based on a suite of dynamic edge security and connectivity capabilities delivered as an on-demand cloud service.

The framework provides for the dynamic creation of a policy-based, secure-access service edge, regardless of both the location from which users are requesting services and the location of the networked services they are seeking access to. On the security side, SASE prescribes a converged offering that delivers unified threat and data protection capabilities. This converged service is based upon a low-latency, ubiquitous footprint that is very close to the user location (i.e., the edge), regardless of where they are.

The route to SASE is gaining speed and urgency. Gartner has predicted that, “by 2024, at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than 1% at year-end 2018.”[2]  The reality is that SASE adoption has accelerated significantly in part due to the pandemic driving businesses to transform to a primarily remote workforce.

How SASE works

SASE merges network traffic and security controls, threat and data protection and direct, ultra-fast network-to-cloud connectivity. While SASE initially sacrificed speed for control, improved technology now offers speed and control, enabling enterprise security professionals to apply identity and context to specify the exact level of performance, reliability, security and cost desired per network session.

Organizations employing SASE can realize increased speed and greater scale in the cloud while addressing cloud security challenges. For instance: let’s say a company is seeking greater efficiency by enhancing the mobility of its field salesforce. But accessing apps and data over public Wi-Fi can pose serious security risks. By implementing a SASE solution, the company is able to maintain high-performance connectivity while providing strict security controls of users, data, apps and devices traversing the network.

Read SASE Whitepaper

Benefits of SASE

There's more to knowing beyond what SASE is.  According to a Gartner report: “In cloud-centric digital business, users, devices, and the networked capabilities they require secure access to are everywhere. . .What security and risk professionals in a digital enterprise need is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where to connect entities to the networked capabilities they need access to.” [3]

Further, Gartner asserts that the benefits to the enterprise of implementing an SASE architecture include:

  • Lower Costs and Complexity – Consolidating vendors and technology stacks to deliver network security as a service results in reduced cost and complexity
  • Greater Agility – Launch new digital business scenarios (e.g., apps, services and APIs) and see improved collaboration and less risky data sharing with partners and contractors
  • Better Performance – Leverage latency-optimized routing for a performance boost
  • Ease of Use/Transparency – Fewer agents per device; less agent and app bloat; consistent experience anywhere, on any device; and reduce operational overhead by not requiring new hardware or software for updating threat protection and security policies
  • Secure User to App Connectivity – Provide a secure direct connection from users to apps, data and services with granular, context-aware policies, and simultaneously eliminate potential lateral movement in the event a user account is compromised.
  • Better Use of Network Security Staff – Shift to strategic projects like mapping business, regulatory and app access requirements to SASE capabilities
  • Centralized Policy with Local Enforcement – Cloud-based, centralized management with distributed enforcement and decision making
A group of people standing outside a building and talking

SASE represents the best way to achieve a direct-to-cloud architecture without compromising security, visibility, control, performance, complexity or cost. The Lookout Security Platform facilitates comprehensive monitoring and control at both the activity and content levels, whether users are on-premises or remote, on a mobile device or using mobile apps or browsers. Moreover, Lookout enables you to differentiate policy enforcement between managed (corporate) and unmanaged (personally owned) devices. Lookout is the only cloud security solution that covers all types of cloud traffic regardless of location, device or network.

The Lookout Security Platform enables you to consolidate your SASE strategy into a unified security platform that reduces cost and complexity while simplifying management of security and access across your endpoints, clouds and on-prem infrastructure.