Topics in this article

As employees around the world have broken free from the constraints of office-bound work to embrace hybrid and remote working, cybersecurity needs have spilled over the traditional network perimeter and now require a new approach to protect your organization’s sensitive data.

And employees working from home more frequently isn’t the only trend creating new security risks – the migration to cloud has further eroded the concept of setting up a perimeter around office-bound enterprise applications.

From a network security perspective, connecting distributed enterprise resources to private, public or hybrid clouds to reach software-as-a-service and other cloud-native applications demands a different approach.

Security: a three-way trade-off of cost, performance and risk

To enforce security protocols in distributed enterprises, organizations have traditionally deployed resource-intensive appliances such as on-premises firewalls or cloud access security brokers, with encryption protocols programmed into virtual private network or software-defined wide area network (SD-WAN) routers.

SD-WAN is more scalable than a traditional WAN, but it uses a networking overlay that lacks the access controls that you need to defend your organization’s network in a cloud environment.

Organizations have also forced their users to authenticate through centralized security that may include routing their traffic through that central location, leading to potential bottlenecks.

This approach does not scale well, and it was already showing its age before COVID-19 hit. Now, in 2024, its complexity and potential to slow down operations undermine an organization’s ability to remain both competitive and secure.

For CIOs, security boils down to a trade-off between cost, performance and risk: stronger security may come with more complexity and slower performance, but prioritizing better performance may compromise security and simplicity.

But what if the physical security tools could be swapped for a distributed, cloud-based resource?

SASE: a cloud-delivered solution for secure networking

This is where secure access service edge (SASE, pronounced “sassy”) is making a real difference. It combines SD-WAN and security functions into a cloud-delivered solution that gives you a single, centralized view of your entire network while enforcing consistent security for mobile employees, branch offices and retail locations anywhere in the world.

SASE can be deployed as a service, working with public, private or hybrid clouds. It allows you to quickly identify users, devices and endpoints, apply the relevant network access and security policies, and securely connect users to their applications and data.

Once users are authenticated, they have direct access to the resources they need. This reduces latency that may affect mission-critical tasks.

SASE enriches your enterprise WAN with security features such as secure web gateways, data loss prevention, application programming interface protection, cloud access security brokers and firewall as a service. It also protects against distributed denial-of-service attacks, shores up network privacy protection and provides zero trust network access.

Optional capabilities include Wi-Fi hotspot protection, support for legacy VPNs and protection for offline edge-computing devices or systems.

The advantages of SASE

  • It provides a holistic view of your network so you can better protect it. You have centralized control of actions that must remain in-house, such as setting user policies, and you can apply security policies consistently to stop cyberattacks.
  • It simplifies network complexity and management by combining SD-WAN and other network infrastructures into a single, cloud-based platform.
  • SASE providers can tailor the service so that each application gets the bandwidth and network responsiveness it needs.
  • Because you use a single platform rather than multiple point products, you deal with fewer vendors and deploy less hardware in branch offices and other remote locations – all of which helps to reduce costs.
  • SASE decreases the number of agents on user devices, improving usage and performance at branch level.
  • Users get immediate, secure access to your network, no matter where they are and what device they’re using. Your IT team can set policies centrally via a cloud-based management platform, and the policies are enforced at distributed points of presence close to users.

If you are concerned about your organization’s ability to implement SASE – for example, because of a lack of IT skills – consider a managed SASE solution, which delivers all the expertise you need as a service, with cost-effective, full-time support.

A welcome paradigm shift in networking and security

The ultimate goal of bringing together such a range of security technologies under the SASE umbrella is to give you dynamic yet consistent security, better performance and less complexity – all at a lower total cost of ownership.

This represents a major paradigm shift in networking and security, and vendors are evolving their networking and security appliances to comply with the SASE approach. The top SASE vendors are also investing in advanced capabilities such as 5G support for WAN links, advanced behavior- and context-based security, and integrated AIOps for troubleshooting and automatic remediation.

The global SASE market is expected to grow from USD 1.9 billion in 2023 to USD 5.9 billion by 2028, at a compound annual growth rate of 25%. This is the ideal time to step up your security in the new world of work.

How to get started with SASE

So, where do you start? As with most technologies, it’s a good idea to draw up a roadmap for your SASE implementation, taking into account the following steps:

  1. Assess your network architecture: Evaluate your existing infrastructure and security posture. What are the gaps or limitations to be addressed?
  1. Define your requirements: What are your organization’s goals for adopting SASE? Consider factors such as scalability, security and user experience.
  2. Conduct a risk assessment: Identify potential security risks and vulnerabilities in your network. If these risks materialize, how will they affect your organization’s data, applications and users? This will help you prioritize your security measures and select the right SASE solution.
  3. Choose a trusted SASE provider: Evaluate different SASE providers to find one that offers a comprehensive suite of security services, including data-loss prevention and zero trust network access, and support capabilities.
  4. Plan your migration strategy: You need a detailed plan for migrating to SASE. Consider network connectivity, bandwidth requirements and user access policies. A phased approach will minimize business disruptions.
  5. Implement and integrate SASE components: With the help of your SASE provider, deploy components such as secure web gateways and cloud-based firewalls. Integrate these components with your existing network and security infrastructure.
  6. Monitor and optimize: Keep monitoring your SASE implementation for optimal performance and security. Review logs, metrics and user feedback to identify issues or areas for improvement.
  7. Educate your employees: Provide training and awareness programs to educate your employees about the benefits and proper usage of SASE. Emphasize the importance of maintaining a secure network environment.

Remember, implementing SASE isn’t a one-off process; it requires ongoing evaluation, adaptation and improvement to meet your evolving security and business needs.


Read more about NTT DATA’s Secure Access Service Edge offering and build the resilient security posture you need to protect your valuable assets.