SASE: Useful technology wrapped in an unhelpful term.

By Graham Robinson, Chief Technology Officer, Data#3 Limited 

[Reading time: 3.5 minutes] 

Our industry is full of language which wraps useful technologies in unhelpful terms, and unfortunately, that language often confuses the very people who would most benefit from those technologies. 

SASE (Secure Access Service Edge) is one such term.  

Coined by Gartner in 2019, SASE is somewhere between an approach, a grouping of features and functions, and a security architecture that describes how to protect your company in the face of distributed networks, multi-cloud services, and a hybrid workforce. 

However, while the technologies underneath the SASE wrapper often offer real value, SASE itself has grown from an analyst buzzword to a marketing term championed enthusiastically by vendors trying to level the playing field by claiming they have a SASE strategy too. It is somewhat equivalent to Ford positioning itself as a viable alternative to Ferrari on the grounds that Ford also has a ‘personal mechanical transport strategy’. It’s easy to invoke a false equivalency when you’re adding layers of abstraction. 

Reach out to our security team today about designing, implementing and maintaining superior security.


That doesn’t mean that what SASE is trying to convey isn’t important, but just that the language creates an additional layer of abstraction, further detaching people from the specific problems they’re trying to solve. It makes it hard to separate the wheat from the chaff. If SASE, in context with other terms like cloud, edge, WAN, workforce etc is explained well, it makes a lot of sense in our post-pandemic world – unfortunately, it’s rarely explained well. 

Focusing on the underlying problems though yields a different result. Until recently, remote working used VPNs for secure access to corporate apps resulting in hairpinning Internet traffic via security services located in data centres. However, this approach falls short in today’s work-from-everywhere, cloud-heavy world, and VPNs stand in the way of application performance. 

Direct to cloud isn’t just what our employees want, but it’s what we need too. Employee apps continue to use more bandwidth and every meeting is now a video meeting, so hairpinning their traffic via our data centres isn’t a viable option unless we want to deal with a mountain of performance complaints. 

Direct access also bypasses the security controls we’ve carefully built out over the last decade, and so now we scramble to extend those same security controls and protect our cloud-based assets, our cloud-connected sites, and our cloud-native workforce. From SD-WAN to Web Application Firewalls, Cloud Access Security Brokers (CASB) and Secure Internet Gateways (SIG), we look to combinations of security tools to protect our people… which, by the way, is what SASE is. 


What products do I need for SASE? Does it really matter? 

Securing the edge isn’t a new concept, and most of the customers I talk to aren’t asking about SASE anyway. They’re seeking solutions that will support their digital transformation strategy; one which now includes the secure transition to the cloud with a scalable hybrid working model. Yes, a salesperson might describe them as SASE solutions, but using the term does nothing to help us solve the problem – which perhaps explains why many still find the term confusing.  


The SASE term is the answer to a question no one was asking.  

The question is “how do I secure my assets when neither my people nor my information, have anything to do with my data centre?” Cloud-enabled workers require cloud-enabled security. Moving away from legacy-centralised strategies requires us to think about security from a few perspectives:  

  • There are your legacy data centre assets, so you still need to access enforcement at the edge 
  • There are also your cloud assets, so you need to validate identity and limit cloud access 
  • Of course, there are your people, so you protect them and the device they’re on. 

Creating a solution that addresses all three requires a common element – identity. Distributed work practices require a user-centric security model with consistent enforcement to secure our assets, irrespective of where someone is working, or what they need to access. 

Vendors have rushed to market with a range of excellent “SASE” solutions, and many businesses have deployed them with enthusiasm, but they often come with a hidden complexity tax. Products from different vendors bring feature overlaps, meaning you’re paying twice for similar functionality, and without deep cross-product testing, you’re likely to find there are still gaps in your protection. Add to this the administrative cost of multiple management dashboards and you’re commonly left with TCO blow-outs, an avalanche of uncorrelated security alerts, and exposed assets. 


Less is more. 

The days of relying upon standalone best-of-breed products are over. Regardless of whether the technologies are from the same or different vendors, integration is everything.   

This is perhaps the area where the principles behind SASE stand up. Starting from an expectation of deep integration can help us piece together security solutions for today’s work practices which provide a user-centric approach to securing distributed assets. 

Our security practice often works with Cisco for exactly that reason. Their platform approach means products are tested to ensure alignment without overlap, and a broad set of enforcement technologies, which can be added as it makes sense. This approach of integrating the old and the new enables us to protect almost any type of asset, anywhere. Where Cisco’s expertise stops, their integration frameworks allow us to ingest information from security partners and present the findings to operational support teams in a clear and actionable manner.  

So, while Cisco (like many others) continue to wrap their security technology in SASE, underneath that unhelpful term is a suite of useful tools that are perfectly aligned to protect today’s workforce.  

Ultimately, look beyond the SASE marketing and ask questions about what the vendor will actually deliver compared with the specific problems you have. Look for an identity-based framework with deep integration across components. One that offers consistent enforcement but doesn’t have you paying twice for the same features, and one that avoids a complexity tax on your already stretched support team.  

Don’t buy it because it’s SASE, buy it because you’re sure it will work. 




Cisco Webex Desk Pro

Contact us here

Tags: Data#3 Corporate, Data#3 News, News



Information protection in an age of information theft

Managing and safeguarding data across various apps, clouds, and endpoints is an uphill battle. It’s led to organisations relying on…

Customer Story: Knight Frank

Cloud Transition an Azure Success Story for Knight Frank Download Customer Story Contact a Specialist Objective…

3CX Desktop App Critical Vulnerability Alert

The Australian Cyber Security Centre has issued a warning about a new supply chain attack that has targeted a…

Managed Services eBook
Your guide to Data#3 Managed Services

Digital disruption is causing significant changes in the workplace, leading to higher expectations for access, security, and support regardless of…

JuiceIT Guest Blog | How XDR can help when time is of the essence

The only thing worse than cyber threats is an inability to detect those threats in time. Organisations need the…

JuiceIT Guest Blog | Veeam Platform: Reliable and Fast Recovery from Ransomware in a Hybrid World.

Ransomware attacks have become a growing concern for organisations of all sizes in Australia and New Zealand, resulting in significant…

Customer Story: Pernod Ricard Winemakers

Azure Migration gives Pernod Ricard Greater Flexibility and Improved Performance Download Customer Story Contact a Specialist…

Why would you deploy SASE?
If Secure Access Software Edge (SASE) with Cisco Meraki is the destination, what does the journey to get there look like?

Firstly, let’s set the scene. The term SASE was first mentioned by Gartner Analysts in July 2019 and Gartner continues…