Essential Features for a SASE Solution


According to Gartner, secure access service edge or SASE is “the future of network security.” However, like any major security trend, there can be confusion about what is and isn’t “SASE.” Understanding the core features of a SASE solution can be invaluable when evaluating the available options.

What is SASE?

SASE is designed to provide a secure, cloud-based corporate WAN. SASE is deployed as a network of virtualized points of presence (PoPs) in the cloud. Each SASE PoP integrates a range of networking and security functionality into a single solution, enabling it to provide network performance guarantees and inspect and secure the business traffic flowing over the corporate WAN.

Crucial SASE Networking Features

SASE is intended to be the backbone of the enterprise WAN, meaning that it needs to provide high-performance, reliable, and scalable network infrastructure. As the corporate WAN supplants the corporate LAN and organizations become more reliant on latency-sensitive Software as a Service (SaaS) applications and remote work, business traffic needs to flow quickly and reliably from anywhere to anywhere.

To accomplish this, a SASE solution and network should have certain core networking features, including:

  • Software-Defined WAN (SD-WAN): SD-WAN is one of the core functions of a SASE solution. SASE is deployed as a network of cloud-based PoPs, and SD-WAN provides optimized network routing between these PoPs. This eliminates the inefficient routing of traditional architectures built around an on-prem security stack.
  • Dedicated Backbone: SD-WAN provides optimal routing over the available transport media, but optimal routing over broadband Internet does not guarantee modern business needs. SASE must be supported by a dedicated web of high-performance network links to ensure that traffic over the network meets service level agreements (SLAs). Otherwise, the SD-WAN’s performance may be worse than routing traffic directly to its destination, which may cause employees to stop using it.
  • Global Network: With the rise of cloud computing and remote work, an organization’s infrastructure and workers can be anywhere worldwide. A global SASE network is necessary to ensure that the trip to the nearest SASE PoP – which occurs over broadband Internet – is not so long that it creates significant network latency. With SASE, traffic must detour through the network for security inspection before being forwarded to its destination.
  • As businesses increasingly transition to a remote workforce, a secure remote access solution is essential to any network infrastructure. Zero-Trust Network Access (ZTNA): ZTNA – a software-defined perimeter (SDP) – is a secure remote access solution. With ZTNA/SDP, organizations achieve higher security than is available with traditional virtual private network (VPN) solutions in a more scalable and efficient system than VPN infrastructure.

Security Must-Haves for SASE

SASE is more than just a networking solution; it is designed to provide a complete security stack in a single cloud-native solution. By integrating networking and security functionality into a single application, SASE eliminates the need to route network traffic through the enterprise LAN for inspection and security policy enforcement by a perimeter-based security stack.

To accomplish this, a SASE solution needs to include certain security functionality, such as:

Selecting a SASE Solution

As organizations design and build their networks for the “new normal,” investing in a SASE solution is essential. However, selecting an actual SASE solution is necessary. When evaluating different offerings, pay attention to the feature sets and implementation details to ensure that a particular product implements the full range of the required networking and security functionality within a fully integrated SASE solution.