Real-World Business Problems Solved by SASE
Business Challenge: Reduction in complexity and costs
By consolidating secure access services from a single provider, the overall number of vendors will be reduced, the number of physical and/or virtual appliances in a branch will be reduced, and the number of agents required on an end-user device will be reduced. Costs should also be reduced over the longer term as more SASE services are adopted; savings will come from the consolidation of vendors and technology stacks.
Business Challenge: Enabling digital business scenarios
SASE services will enable enterprises to make their applications, services, APIs and data securely accessible to partners and contractors, without the bulk risk exposure of legacy VPN and legacy demilitarized zone (DMZ) architectures.
Business Challenge: Improvement in performance/latency
Leading SASE vendors will provide latency-optimized routing across worldwide points of presence. This is especially critical for latency-sensitive apps such as collaboration, video, VoIP, and web conferencing. Based on policy, users can be routed through the SASE provider’s high-bandwidth backbones (and its peering partners).
Business Challenge: Ease of use/transparency for users
Implemented correctly, SASE will reduce the number of agents required on adevice (or the amount of customer premises equipment [CPE] at a branch) to a single agent or device. It reduces agent and appliance bloat and should automatically apply access policy without requiring user interaction. This provides a consistent access experience for users, regardless of where the user is, what they are accessing and where it is located.
Business Challenge: Security
For SASE vendors that support content inspection (identification of sensitive data and malware), any access session can be inspected and the same set of policies applied. An example is scanning for sensitive data in Salesforce, Facebook and cloud-hosted applications all using a consistent policy that is applied consistently regardless of where the user/device is located.
Business Challenge: Low operational overhead
As threats evolve and new inspection mechanisms are needed, the enterprise is no longer limited by hardware capacity and multiyear hardware refresh rates to add new functionality. With cloud-based SASE offerings, updating for new threats and policies requires no new deployments of hardware or software by the enterprise and should allow quicker adoption of new capabilities.
Business Challenge: Enable zero-trust network access
One of the principles of a zero trust networking approach is that network access is based on the identity of the user, the device and the application — not on the IP address or physical location of the device. (See “Zero Trust Is an Initial Step on the Roadmap to CARTA.”) This shift to logically defined policies greatly simplifies policy management.
SASE provides protection of the entity’s session seamlessly and consistently on and off of the enterprise network. Further, assuming the network is hostile, SASE offerings will provide end-to-end encryption of the entire session and optional web application and API protection (WAAP) services (see “Defining Cloud Web Application and API Protection Services”). Leading SASE vendors will extend this all the way to the endpoint device with public Wi-Fi network protection (coffee shop, airport and so on) by tunneling to the nearest POP.
Business Challenge: Increasing effectiveness of the network and network security staff
Instead of the routine tasks of setting up infrastructure, network security professionals can focus on understanding business, regulatory, and application access requirements and mapping these to SASE capabilities.
Business Challenge: Centralized policy with local enforcement
SASE allows cloud-based centralized management of policy with distributed enforcement points logically close to the entity and including local decision making where needed; for example, local to a branch office using a CPE appliance. Another example is local agents on managed devices for local decision making