SASE (Secure Access Service Edge)

A cloud-delivered model that combines networking and security functions into one service to securely connect users to applications anywhere, replacing fragmented point solutions.

What is SASE?

Secure Access Service Edge (SASE, pronounced “sassy”) is a cloud-delivered model that combines networking and security functions into a single service so users can connect to applications securely, wherever they are. The term was first defined by Gartner in its 2019 report “The Future of Network Security is in the Cloud.” Instead of routing all traffic back through a central data center for inspection, SASE delivers security at the cloud edge, close to the user, which suits remote work and cloud-first environments.

Why did SASE emerge?

  • The perimeter dissolved: Users, devices, and applications moved outside the office, so the old model of routing everything through a data center became slow and inefficient.
  • Point-solution sprawl: Buying, sizing, and maintaining separate products for networking and each security function was complex and costly.
  • VPN limits: Traditional VPNs struggled to support a large remote workforce securely and with good performance.

What functions does SASE combine?

  • SD-WAN: The networking foundation that intelligently routes traffic to the internet, cloud apps, and data centers.
  • SWG (Secure Web Gateway): Filters web traffic and blocks malicious or risky sites.
  • CASB (Cloud Access Security Broker): Gives visibility and control over SaaS apps and helps prevent data loss.
  • FWaaS (Firewall-as-a-Service): Delivers scalable, cloud-based firewall protection without on-premises hardware.
  • ZTNA (Zero Trust Network Access): Grants access based on identity, device posture, and context rather than placing users on the network, replacing legacy VPNs.

What are the benefits of SASE?

  • Simpler architecture: One cloud platform replaces many separate point solutions.
  • Consistent security everywhere: The same policies follow the user regardless of location.
  • Better performance: Inspecting traffic at the nearest point of presence reduces the latency of backhauling to a data center.
  • Identity-driven access: Policies are tied to user and device context, supporting a zero trust approach.

How does SASE relate to SSE?

  • SSE is the security half: Security Service Edge, introduced by Gartner in 2021, includes the security functions of SASE (SWG, CASB, FWaaS, ZTNA) but without the SD-WAN networking component.
  • SASE is the full model: SASE is SSE plus SD-WAN, combining both networking and security in one service.