What is SASE?

SASE improves network security and business efficiency by pushing access control and security enforcement to the edge

Decentralization is a fundamental force driving the evolution of enterprise networking and Secure Access Service Edge (SASE) is where Gartner expects these changes to take us. Recognizing that the classic “network perimeter” no longer exists, the SASE framework pushes security and access control out of the corporate data center to the edge. SASE’s recent coinage, however, makes distinguishing facts from hype problematic. Yet the very real operational, financial, and cybersecurity benefits Secure Access Service Edge offers require consideration.

What is SASE?

Analysts at Gartner coined SASE (and pronounced it “sassy”) to describe the convergence of several trends: the decentralization of enterprise networking, the rise of software-defined wide-area networking (SD-WAN), and the emergence of identity-based network security frameworks such as Zero Trust Network Access (ZTNA).

Before the internet, companies could trust people in an office, devices in an office, and resources in an office. Network security focused on protecting the office’s trusted network perimeter. Expensive WAN services and then more affordable internet-based virtual private networks (VPNs) connected remote offices to central data centers. VPN later evolved to support remote access from a relatively small number of trusted employees.

Today’s decentralized IT environment upends this classic approach to network management. Resources are no longer limited to on-premises servers. They could be co-located elsewhere, running in a hybrid cloud, or fully managed as SaaS applications. No longer limited to on-site employees, the company’s user base consists of a dynamic population of remote employees, contractors, consultants, and other stakeholders. And the devices they use are a mix of managed and unmanaged desktops, laptops, tablets, and smartphones.

In this environment, the “perimeter” no longer exists. Providing access to resources while securing business information becomes much more challenging. Traditional technologies, such as VPN, have become expensive, difficult to maintain, and a vector for cybersecurity threats. Running all network traffic through centralized data centers results in high-latency connections - especially for remote users passing through the bottleneck of a VPN gateway to reach cloud services.

Gartner envisions a future where companies get third-party SASE solutions through a scalable, usage-based X-as-a-Service business model. These services will provide SD-WAN capabilities with globally distributed Points of Presence. Both access control and network security features will be delivered to the network edge through identity-based ZTNA.

What are the benefits of a SASE model?

SASE platforms such as Twingate’s eliminate the performance and security issues created by legacy network architectures. Providing scalable access to critical business resources becomes simpler, cheaper, more secure, and more consistent.

Identity-based network security

Rather than granting access to a network, ZTNA grants access on a per-resource, per-session basis. Context such as the user’s device, location, and network connection determines whether the user gets through. Thanks to the detailed activity logs ZTNA generates, administrators can improve network performance and conduct forensic investigations.

Simpler and less expensive

Since ZTNA limits access to the specific resources users need, there is no need to manage complex collections of subnets. Adopting a SASE architecture eliminates the expense and overhead of managing VPN gateways and other network hardware.

Better network performance

Rather than routing network traffic through a data center, SASE networks connect users directly to resources and eliminate latency-inducing backhaul. Administrators can also better-manage quality of service on a resource-by-resource basis.

Better business performance

With the SASE framework’s usage-based cloud service model, IT capacity can scale up and down with business demands. Budgets operate on a more predictable OpEx basis. In addition, IT staff can devote more attention to higher-level tasks since they are no longer patching brittle legacy network security systems.

Seamless, consistent experience for users

The user experience improves dramatically in a SASE environment. They will have fewer agents running on their devices. Single sign-on and consistent access policies apply regardless of which device they use or where they work. Finally, user productivity improves once high-latency VPN gateways become a thing of the past.

Challenges with SASE

Secure Access Service Edge is Gartner’s vision of the future, not its description of the present. The phrase is meant to guide decision-makers as they set their long-term strategies. In reality, no SASE vendor offers the full range of services and features that Gartner envisions. Secure Access Service Edge is more than hype but companies must be aware that there is no turnkey SASE solution.

Incomplete vendor experience

Security hardware vendors and networking hardware vendors are rebranding themselves as SASE solution providers. Without a cloud-native perspective or deep experience with identity-based zero-trust access control, their interpretation may not deliver on SASE’s promise.

Integration overhead

Until cloud-native single-source SASE solutions are available, companies will migrate to SASE in stages as they integrate features from different vendors into their legacy networks. Vendors should be evaluated based on their compatibility with this phased approach.

Take Your Network to the Edge with Twingate

Twingate offers an easier path to SASE. You do not need to change your enterprise network infrastructure, buy more hardware, or do anything to users’ devices other than installing the Twingate Client. Twingate allows you to implement foundational aspects of the SASE framework by first replacing your legacy VPN with a Zero Trust Network Access solution that is built around the concept of Identity-First Networking.

Benefits for administrators

Twingate SASE makes it easier to increase IT productivity while improving network security. For example, using Layer 4 transport proxies lets Twingate handle any resources using TCP, UDP, DNS, and other protocols. Your network security team can count on Twingate to work with almost any cloud or legacy resource.

  • Easy, rapid deployment
    • No need to configure resources
    • Compatible with multi-cloud and hybrid-cloud environments
    • Works with legacy network and VPN
  • More security, less overhead
    • Integrates with existing network security stack
    • No public endpoints so resources remain hidden
    • Easy-to-use admin console and extensive logging
  • Better performance and reliability
    • Globally-distributed cloud-hosted infrastructure
    • Lower latency with direct user-to-resource connections
    • Reduced network burden with split tunneling and intelligent routing

Benefits for users

After suffering from the inconvenience and high latency of VPN-based network security, users’ experiences will improve the minute they switch over to the Twingate Client. With the realities and challenges of remote work, Twingate can even improve end users’ experiences, as video calls, remote desktop applications, and server access no longer trombone to the corporate data center and back.

  • Better performance
    • Low-latency direct routing to resources
    • No bottlenecks when accessing VPN gateways
  • Better experience
    • Network security becomes transparent and easier to adopt
    • Remote access becomes as frictionless as on-premises access

Benefits for business

Decentralizing access control and security with Twingate makes companies nimbler and more efficient. Suppose your company has a one-time project that your infrastructure cannot handle. Instead of making permanent investments that create unused capacity, Twingate’s usage-based service model lets you scale up and down when needed.

  • Reduced security risks
    • Compliance increases when security is easier for users
    • Hidden resources and identity-based access minimize the attack surface
  • Future-proof scalability
    • Adapts to the new work-from-anywhere workforce
    • Business planning is easier with OpEx budgeting

As remote working becomes standard operating procedure and as you migrate more resources to the cloud, Twingate simplifies access and security while making network management more efficient.

Contact Twingate to learn more about securing your remote workforce.

"We’ve invested heavily in automation at Blend and Twingate is a powerful platform that allows us to programmatically deploy and maintain a zero trust approach to our infrastructure."
Paul Guthrie
Information Security Officer at Blend

Get set up in minutes

Try Twingate today and give your team access to private applications in minutes