● SASE Guide
What is SASE?
SASE (Secure Access Service Edge), pronounced “sassy,” is a cloud delivered architecture that converges wide area networking (WAN) capabilities with network security functions into a unified platform. First defined by Gartner in 2019, SASE combines SD-WAN, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS), and Zero Trust Network Access (ZTNA) to provide secure, optimized connectivity for users, devices, and applications regardless of their location.
Core components of SASE Architecture
A complete SASE architecture brings together networking and security technologies that traditionally operated as separate products. These five core components work together to deliver consistent protection across all users, locations, and applications.
How SASE works?
Traditional network architectures route all traffic through a central data center for security inspection. This approach creates bottlenecks and latency issues, especially when users access cloud applications from remote locations.
SASE changes this model by delivering security functions from the cloud edge, closer to users and applications. When a user connects to a corporate resource or cloud application, the SASE platform:
The architecture uses identity based access control as its foundation. Rather than trusting users based on their network location, SASE continuously verifies identity, device health, and context before granting access to specific applications and data.
Benefits of SASE Architecture
Organizations adopting SASE gain several advantages over traditional approaches that rely on separate networking and security products.
SASE vs Traditional Network Security
Traditional security architectures were designed when most applications ran in corporate data centers and most users worked from offices. Traffic flowed through a central perimeter where firewalls and security appliances inspected it before allowing access.
This model breaks down when users work from anywhere and applications run in the cloud. Routing traffic through a central data center creates bottlenecks and latency issues. Remote workers may bypass security controls entirely by connecting directly to cloud applications.
| Aspect | Traditional security | SASE |
|---|---|---|
| Architecture | Perimeter based, data center centric | Cloud native, distributed edge |
| Security delivery | On premises appliances | Cloud delivered services |
| Access model | VPN with broad network access | Zero Trust with application level access |
| Traffic routing | Backhaul to data center | Direct to cloud via nearest PoP |
| Management | Multiple separate consoles | Unified platform |
| Scalability | Hardware dependent | Elastic cloud scaling |
SASE vs SSE: understanding the difference
SSE (Security Service Edge) is a subset of SASE that focuses exclusively on the security components: SWG, CASB, ZTNA, and FWaaS. SSE does not include SD-WAN networking capabilities.
Organizations that already have SD-WAN infrastructure may adopt SSE to add cloud security without replacing their existing network. SASE provides a more complete solution for organizations looking to modernize both networking and security simultaneously.
Teldat’s be.Safe portfolio: SASE “Made in Europe”
Teldat, a European technology leader with more than 40 years of experience in networking and cybersecurity, has developed the be.Safe portfolio a modular, scalable SASE suite fully integrated with its SD-WAN platform.
Designed for organizations of all sizes, be.Safe enables a progressive security approach without replacing existing infrastructure.
SASE Platform
Advanced Threat Detection
Key Advantages
✓ Native SD-WAN integration
✓ Centralized management (CNM)
✓ Hybrid deployment (on prem + cloud)
✓ Zero Touch Provisioning (ZTP)
✓ Cybersecurity “Made in Europe”
Frequently Asked Questions (FAQ’s)
❯ What does SASE stand for?
SASE stands for Secure Access Service Edge. The term was coined by Gartner in 2019 to describe a cloud delivered architecture that converges wide area networking (WAN) and network security functions into a unified service.
❯ What is the difference between SASE and SD-WAN?
SD-WAN (Software Defined Wide Area Network) optimizes network connectivity between locations by intelligently routing traffic across multiple connection types. SASE includes SD-WAN as one component but adds cloud delivered security services like SWG, CASB, ZTNA, and FWaaS. SD-WAN focuses on network performance while SASE combines networking with security.
❯ What is the difference between SASE and ZTNA?
ZTNA (Zero Trust Network Access) is one component within a SASE architecture. ZTNA provides identity based access control to specific applications, following Zero Trust principles. SASE is a broader framework that includes ZTNA along with SD-WAN, SWG, CASB, and FWaaS capabilities.
❯ Is SASE suitable for small businesses?
Yes. SASE solutions are particularly beneficial for small and medium businesses because they consolidate multiple security and networking tools into a single cloud delivered service. This reduces the need for on premises hardware and specialized IT staff while providing enterprise grade security capabilities.
❯ How does SASE support remote workers?
SASE enables remote workers to connect securely from any location through cloud delivered security services. Rather than using VPN connections that route traffic through a corporate data center, SASE provides direct access to cloud applications while applying consistent security policies.
❯ Can SASE work with existing network infrastructure?
Most SASE solutions are designed to integrate with existing infrastructure. Organizations can adopt SASE incrementally, starting with specific capabilities like SD-WAN or SWG and adding additional services over time. Hardware agnostic SASE platforms can work with third party routers through standard protocols like IPSec tunnels.
