Secure Access Service Edge — or what is better known as SASE — is a new architectural model for enterprise networking and network security, defined by Gartner as a means of supporting the fast and secure application access needs of today’s workforce. SASE architectures converge networking and cloud-delivered security into a high-performance, single-pass architecture with unified management.
Explore additional SASE topics
There are three primary market trends driving the shift to SASE in networking and security:
Today’s enterprise needs to empower all employees with a fast, consistent and secure experience, no matter the location or device. Enterprise IT teams have to become more agile and operationally efficient, focusing on the delivery of new digital services rather than managing complex networking and security stacks.
What is SASE’s role in addressing these trends? It is a framework for ensuring that networking and security both evolve and converge, to enable:
SASE converges comprehensive WAN and network security capabilities into a single-pass architecture, administered via a unified management plane for networking and cybersecurity. Gartner, which coined the term SASE, has listed “Core” and “Recommended” capabilities for SASE architectures1:
The above capabilities must be delivered in a unified “thin branch, heavy cloud” model – SD-WAN functionality is offered as a “thin” branch appliance, while security functionality is provided as a “heavy” cloud service.
SASE architectures were designed with the intent of enabling fast, reliable and secure access to cloud applications by mobile and remote workers, while concurrently also improving IT agility. Assuming that enterprises pay attention to the nuances in functionality offered, such as unified management across networking and security, single-pass architectural design and powerful SD-WAN functionality, enterprises can achieve the following benefits from a SASE deployment:
Improved User Experience, Collaboration and Engagement – Direct Internet Access eliminates latency from backhauled connections. However, SDWAN and WAN optimization functionality within SASE solutions is required to ensure consistent performance even as Internet performance fluctuates. Singlepass architectures ensure that the inspection and policy engines themselves do not added unnecessary latency.
Improved Security Regardless of Employee Location – Identity-aware, zero-trust access is enabled for sanctioned applications. This reduces the attack surface and impedes lateral movement of malware within the enterprise network. For web and unsanctioned applications, comprehensive, cloud delivered security ensures a consistent security posture, regardless of employee location.
Simplified Operations with Better IT Agility – SASE architectures can help consolidate vendors across networking and security. Single-vendor solutions offer deeper integrations and unified management which simplifies deployment, configuration, reporting and support services. Since SASE architectures require moving security to the cloud, overall hardware footprint is reduced which in turn improves architectural elasticity and scale.
While many vendors promote the individual components of a SASE architecture, delivering all of the requisite functionality is critical, as the unified whole is greater than the sum of the parts.
Only with a full “SASE stack” can enterprises enable fast, consistent and secure access to all apps, from anywhere and any device while also improving IT agility. The most powerful SASE architectures include the following nuances that differentiate them from the competition:
Organizations need to evolve their enterprise networking and security infrastructure in response to changing usage patterns — i.e., which apps are accessed, and from where — in order to meet employee expectations as well as business requirements. This evolution will support broader strategic initiatives, such as enabling a “work-from-anywhere” workforce and improving business continuity through agile, elastic and efficient infrastructure deployment.
Broadly, the downstream IT use-cases can be broken into three categories:
Citrix converges all SASE capabilities into a single, unified architecture. The Citrix unified approach to SASE offers 5 key benefits:
Citrix is trusted by 100 million users across 400,000 organizations to empower them to do their best work. We’d love to join you on your journey toward a more productive, agile and efficient architecture.
1Gartner, The Future of Network Security is in the Cloud, Neil MacDonald, Lawrence Orans, and Joe Skorupa, 30 August 2019
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.