The term SASE (Secure Access Service Edge) was coined by Gartner analysts Neil MacDonald and Joe Skorupa in late 2019. It refers to a cloud-delivered service that combines network functions (SWG, CASB, FWaaS, ZTNA, etc.) with networking functions (primarily SD-WAN), thus making up the next generation secure access tool.
Per Gartner, key characteristics of SASE include:
- It converges security and networking capabilities
- It relies on identity as the currency
- It applies real time context and security policies
Existing security and networking paradigms are fast becoming obsolete with the transition to the cloud and the increasingly distributed nature of the enterprise (especially nowadays). SASE lays out some important principles that allow for a more flexible model to securely connect the modern enterprise. Gartner predicts that by 2024, at least 40% of enterprises will have a strategy to adopt SASE.
While Gartner came up with a single definition, other analyst firms have different definitions, such as Secure Service Access (SSA). And indeed, we are seeing different implementations. Two distinct types of SASE have emerged: Egress SASE for "Internet access" and Ingress SASE for "private access". Some vendors may focus on one of these types of SASE, or offer both.
Egress SASE facilitates secure Internet access to the Internet and to SaaS applications. To achieve this, most SASE vendors typically deploy many points of presence (POPs) around the world, connect enterprise branches to the nearest POP, and use the POPs to inspect the traffic through their Secure Web Gateway (SWG) or Cloud Access Security Broker (CASB) services. A key benefit of this architecture is that there is no longer a need to run such a solution on-premise and backhaul the traffic through it. Instead, each branch can connect to the nearest POP and get a more efficient, modern, cloud-native experience.
Ingress SASE, or private access, addresses the access to some of the enterprise's crown jewels residing across internal applications, typically in the data center or private cloud. As such, Ingress SASE may be called upon to facilitate highly secure and efficient access by remote users, as well as inter-branch or even multi-cloud server communications. Such internal applications often use many protocols and legacy protocols, such as SMB, SSH, RDP, IMAP, LDAP, as well as HTTPS. In many ways, Ingress SASE is harder to implement than Egress SASE, as it requires the enterprise to run the solution both on the source and destination nodes, and requires more granular control over the communication routes.
While Gartner has defined some of the principles behind SASE, it did not specify how SASE is to be implemented, and implementations vary. Many SASE solutions today are based on existing centralized products that are put together to check most of the SASE checkboxes. Ananda Networks’ solution introduces a whole new distributed architecture, since a distributed architecture is required to solve the distributed enterprise challenge.
Our architecture, coupled with our networking and security knowhow, allows us to create the fastest, most robust network on the market. The distributed nature of the Ananda network allows it to easily and efficiently deliver superior "ingress sase" or "private access" that connects any two internal network nodes (remote users, applications, devices) optimally, without having to backhaul traffic through a centralized gateway or POP. For customers who require Egress SASE, Ananda is able to extend its network to support private access to SaaS applications and to inspect WAN traffic with a SWG.
Putting it all together, Ananda provides a unified fabric than can solve virtually any networking use case – whether it’s the WAN, LAN, cloud, or inter-branch. For more information, see our white paper.