Contributed by Edwin Doyle, Global Security Strategist, Check Point Software.

Cloud technologies enable companies to scale up at a faster rate. At the same time, these technologies present a challenge as well: using the cloud means using resources that are outside the boundaries of the in-house network. But, many companies still require employees and users to pass everything through the network, which affects productivity. Secure Access Service Edge (SASE) is a security solution for this problem:

SASE is a security framework that delivers security and network connectivity through a single cloud-based service directly to the user or location. In this article, we’ll look at the background, features, and challenges of the framework.


SASE, pronounced sassy, was introduced by analyst firm Gartner. In a 2019 blog, the firm describes it as a technology that combines network security functions (such as SWG, CASB, etc.) with WAN capabilities (i.e., SDWAN) to help with “the dynamic secure access needs of organizations.”

The term SASE was coined by analysts Neil MacDonald and Joe Skorupa. The concept has been described in multiple Gartner publications, with the July 2019 published hype cycle for networking reports, being one of the first ones.

In the above-mentioned post, Gartner further describes SASE as a package of technologies consisting of SD-WAN (an acronym of software-defined networking and wide area network), SWG (Secure Web Gateways), FWaas (firewall as a service), CASB (Cloud Access Security Brokers), and ZTNA (Zero Trust Network Access) at its core. This package can identify malware and sensitive data and decrypt it at line speed.


The features of SASE architecture include:


A SASE architecture enables users to have the same access experience regardless of the location of the resources. ZTNA networking is based on the user, device, and application, not the IP and location.


Combining cloud computing with a single provider of WAN and security reduces complexity. A SASE management application allows control of the entire service. In a traditional system, there are usually different vendors of the different security appliances required by the enterprise.


Cost is reduced by implementing SASE, in two main ways. Firstly, the security framework reduces the costs of sourcing and maintaining different point solutions, because these are now the responsibility of the SASE provider. This not only eliminates the cost of buying physical and virtual appliances, it also reduces the number of monitoring and maintenance staff needed by the enterprise. To combat any new security threats, the SASE provider implements solutions, with no new hardware costs for the user. Secondly, the cost model also changes: up-front costs are replaced by subscription fees for using the cloud-based system.


In a traditional model, the user authenticates to a centralized authority that may also route traffic through that central location, resulting in delays. SASE reduces latency by optimizing and routing the traffic through high-performance networks.


Security is improved because the same security policies and functions are applied regardless of the user’s location. Traditional remote access appliances may not offer security features. For instance, traditional cloud solutions lack features for reducing network visibility. So, enterprises may need additional security solutions. With SASE, the single provider provides the same level of protection to all applications.


The framework can help with scalability by reducing the manual work required with traditional point solutions.


Along with the benefits, there are also some challenges with SASE: Being a complete WAN solution, implementing SASE may require a redesign of the legacy network. In contrast, while it provides limited security, a CASB (Cloud Access Security Broker) solution can be integrated into the existing network.

To learn more, read our article about SASE.