Secure access service edge, or SASE, is a cloud-based IT model that combines networking and security services.
Cet article s'articule autour des points suivants :
Copier le lien de l'article
Secure access service edge, or SASE, is a cloud-based IT model that bundles software-defined networking with network security functions and delivers them from a single service provider. Gartner, a global research and advisory firm, coined the term "SASE" in 2019.
A SASE approach offers better control over and visibility into the users, traffic, and data accessing a corporate network — vital capabilities for modern, globally distributed organizations. Networks built with SASE are flexible and scalable, able to connect globally distributed employees and offices across any location and via any device.
SASE combines software-defined wide area networking (SD-WAN) capabilities with a number of network security functions, all of which are delivered from a single cloud platform. In this way, SASE enables employees to authenticate and securely connect to internal resources from anywhere, and gives organizations better control over the traffic and data that enters and leaves their internal network.
SASE includes four core security components:
Depending on the vendor and the needs of the enterprise, these core components may be bundled with additional security services, including web application and API protection (WAAP), remote browser isolation, or Wi-Fi hotspot protection.
L’approche SASE présente plusieurs avantages par rapport à un modèle de sécurité réseau traditionnel articulé autour d’un datacenter :
Dans un modèle de réseau traditionnel, les données et les applications sont stockées au sein d’un datacenter centralisé. Afin d’accéder à ces ressources, les utilisateurs, les bureaux locaux et les applications se connectent au datacenter à partir d’un réseau privé localisé ou d’un réseau secondaire généralement relié au réseau principal via une liaison sécurisée ou un VPN.
This model has proved to be ill-equipped to handle the complexities introduced by cloud-based services like software-as-a-service (SaaS) and the rise of distributed workforces. It is no longer practical to reroute all traffic through a centralized data center if applications and data are hosted in the cloud.
By contrast, SASE places network controls on the cloud edge — not the corporate data center. Instead of layering cloud services that require separate configuration and management, SASE streamlines network and security services to create a secure network edge. Implementing identity-based, Zero Trust access policies on the edge network allows enterprises to expand their network perimeter to any remote user, branch office, device, or application.
Many organizations take a piecemeal approach to SASE implementation. In fact, some may have already adopted certain SASE elements without knowing it. Key steps organizations can take towards fully adopting a SASE model include:
These steps are broken down further in the white paper "Getting started with SASE," available for download here.
Cloudflare is uniquely architected to deliver a platform of integrated network and security services across data centers in over 250 globally distributed cities, eliminating the need for enterprises to purchase and manage a complex collection of point solutions.
Cloudflare One is a SASE platform that securely connects remote users, offices, and data centers to each other and the resources that they need. To get started with Cloudflare One, see the Cloudflare One product page. Or, learn more about ZTNA, a crucial technology behind SASE.
À propos du Zero Trust
Navigation dans le centre d’apprentissage