A technician works on a laptop in a data center environment

What Is SASE? Secure Access Service Edge

SASE encompasses a growing set of cloud-hosted security capabilities that help protect the edge network and enables enterprises to implement centralized security policies.

SASE Key Takeaways

  • SASE is a cloud-hosted security framework that is emerging as enterprises are becoming more distributed globally.

  • SASE includes a growing list of security capabilities such as next-gen firewalls, secure web gateway, and zero-trust network access, delivered via SaaS offerings.

  • Intel® solutions empower SASE with a broad range of high-performance processors, best-in-class network interface controllers (NICs), and programmable network switches.

author-image

โดย

Why SASE

Enterprises are becoming more cloudified, and enterprise cloud networking is transforming. The ability to support remote workforces with work-from-home (WFH) technologies is helping make businesses more resilient, more efficient, and more connected against marketplace disruptions. This shift has brought about the prevalence of software-defined wide area networks (SD-WANs) as a form of virtual overlay connectivity to help streamline the management of access and services to branch offices in a classic hub-and-spoke model.

However, SD-WAN is challenged by a complex security perimeter that spans many distributed architectures and personal devices attempting to use cloud services through the corporate network. SASE is taking off because of the need for more-advanced security and brings an extended security posture with cloudlike agility to SD-WAN. Enterprises can fully realize the benefits of cloud connectivity with the assurance that SASE can offer centrally managed security capabilities to help fortify the network from end to end.

Capabilities of SASE

SASE is still in an emergent phase with some established use cases and many more on the horizon. The core capabilities of SASE have also come to be known as the Security Service Edge (SSE) and WAN edge services. The SSE includes Firewall as a Service (FWaaS), cloud access security broker (CASB), the secure web gateway (SWG), remote browser isolation (RBI), and zero-trust network access (ZTNA). WAN edge services include SD-WAN, WAN optimization, quality of service, routing, and CDN caching.

Firewall as a Service (FWaaS)

FWaaS is a cloud-hosted firewall that filters data and traffic going to and coming from an enterprise network. Enterprise IT uses FWaaS to establish rules for accepting good traffic and prohibiting digital threats.

Cloud Access Security Broker (CASB)

CASB enables enterprise IT to apply security policies across a distributed environment of many architectures, devices, and workloads. From a single point of orchestration, IT can govern access to specific services, apps, and data for the entire enterprise network.

Secure Web Gateway (SWG)

SWG offers the same functionality as on-premises content security gateways. As users connect to the internet over the enterprise network, SWG enables URL filtering and URL threat mitigation to help prevent malware from compromised websites and phishing links.

Zero-Trust Network Access (ZTNA)

The ideology of ZTNA is to trust nothing and no one. With ZTNA, every single connection is encrypted and authenticated, and crypto keys are exchanged at every endpoint.

Benefits of SASE

Enterprises that take advantage of SASE benefit from a single-stack architecture that delivers cloud access to remote users and branch offices fast, autonomously, and at scale. The SASE framework will continue to evolve to be smarter and more cloud native in the future.

Network Performance

Branch offices and remote workers gain fast, direct access to the internet and cloud apps. IT departments maintain centralized control over policies and data flow, without the need to channel traffic through the central hub office.

Reduced Complexity

SASE makes it simpler and easier to implement security policies across the enterprise and for remote workers. IT departments can also consolidate a multitude of security tools and capabilities into a single cloud-hosted layer that they control directly.

Threat Protection

SDN-enabled features including firewalls and SWG provide robust network security with cloudlike agility. Distributed environments can be as flexible as they need to be to support remote workers and WFH without a large performance overhead for across-the-board encryption.

Hybrid and Multicloud Friendly

SASE infrastructure integrates seamlessly with cloud architecture, including cloud service provider (CSP) instances. Enterprises can rely on SASE to help secure their data and workloads in CSP environments with greater transparency and control.

Implementing SASE

In the SASE model, workloads for both security functions and SD-WAN traffic are hosted in remote locations, often in a colocation or telco point-of-presence (POP) facility. Colocation describes privately owned servers in a third-party data center, whereas POP describes privately owned servers in a data center owned by a telco. SASE can be hosted in the public cloud as well.

SASE capabilities are software defined by nature, relying on the same architecture as data center and cloud server technology paired with software vendor solutions to enable features such as FWaaS, CASB, and SWG.

SD-WAN vs. SASE

SASE embraces SD-WAN by bringing a unified security framework and running it end to end on SD-WAN infrastructure. Decision-makers will not choose one or the other; rather they will deploy a fully integrated solution that uses SD-WAN as a foundation for connectivity, with flexible security capabilities enabled by SASE.

Why Choose Intel for SASE

Intel’s breadth of expertise includes everything cloud combined with a deep understanding of data center server architecture, enterprise workstations, and embedded computing. This comprehensiveness empowers enterprises to build a cohesive edge-to-cloud infrastructure based on Intel® technology. Intel also works with a vast ecosystem of cloud service providers and software vendors to optimize performance on Intel® hardware, helping to ensure that enterprise customers get the most value out of their SASE investments.

The Intel recipe for SASE includes the following:

  • Intel® Xeon® Scalable processors offer exceptional data center performance with hardware-enabled cryptography and AI acceleration.
  • Intel® Xeon® D processors deliver system-on-chip (SoC) performance for space- or power-constrained environments, ideal for smaller SASE POP locations or SD-WAN deployments at the edge.
  • Hardware acceleration in select SKUs of Intel® processors boosts the performance for data processing, AI, and encryption using features such as Intel® AES-NI, Intel® QuickAssist Technology (Intel® QAT), Intel® Deep Learning Boost (VNNI), and Intel® Software Guard Extensions (Intel® SGX).
  • Intel® distributions of popular software frameworks and select solutions for operating systems like Ubuntu and CentOS deliver optimized performance and low TCO when paired with Intel® hardware. These distributions include OpenSSL, DPDK, TensorFlow, and PyTorch.
  • Intel® Ethernet products provide high-bandwidth, low-latency connectivity up to 100GbE.
  • Intel® Intelligent Fabric Processors for Ethernet switches enable programmable signal and traffic routing.
  • Intel® Smart Edge Open is a software toolkit for building edge platforms. It speeds up development of edge solutions that host network functions alongside AI, media processing, and security workloads with reference solutions optimized for common use cases powered by a Certified Kubernetes cloud-native stack.

The Future of SASE

As of 2021, 64 percent of enterprises have or plan to deploy SASE-based services in some form.1 The state of flux that enterprises currently find themselves in also generates a high potential for innovation. For example, SASE is on the verge of integrating endpoint security capabilities like malware detection with event log correlation and AI. SASE can use these capabilities to intelligently predict threats and autonomously regulate network traffic. As enterprise needs evolve, so will SASE capabilities and the ease of implementation.

Frequently Asked Questions

SASE, or secure access service edge, is a growing set of cloud-hosted capabilities used to augment SD-WAN and help secure the enterprise network in a more robust manner. While there is no set definition, SASE most often integrates key functions such as Firewall as a Service (FWaaS), cloud access security broker (CASB), secure web gateway (SWG), and zero-trust network access (ZTNA).

The benefits of SASE include the ability to consistently manage a robust security framework across the enterprise network and ultimately enable fast, direct access to cloud apps and services for enterprise branch offices and distributed workforces.