Understanding the Architectures of Secure Access Service Edge (SASE)

Published on 09 Nov 2021

Secure Access Service Edge (SASE)

People's working methods have evolved. Enterprises must account for these changes when planning future infrastructure expenditures, architectures, and schedules for delivering new digital services, among other things. Keeping up with these changes is critical if you want to have a positive influence on real markers of company success including operational performance, financial costs, staff engagement, and customer pleasure.

IT teams want underlying networking and security infrastructure that can allow rapid, consistent, and secure access to cloud apps by all employees, including remote workers. Unfortunately, today's hub-and-spoke networking and security architectures were intended for a time when on-premise applications and branch-based employees were linked through private WANs. To be able to accommodate bigger technological trends that may substantially affect company performance, these fundamental infrastructures must change.

See also: A Roadmap to SASE for Better Network Security

A Modern Enterprise Architecture Must-Have Functionality

Access to the Internet Instantly

All apps must be accessible to employees through a direct channel from the employee to the application. This relationship, however, must be protected.

A User-Following Security Measure

Direct Internet Access is not permitted with data center security. As a result, regardless of employee location, a security architecture that permits security in-path between the person and the application is required. This can only be accomplished via the use of cloud-based security services. 76 percent of organizations want to shift their security to the cloud, as expected.

Application Performance Improvement Using WAN Services

Direct Internet Access reduces the amount of time it takes between the employee and the application. It does not, however, address changes in application performance caused by the unpredictability of commodity or commercial Internet connections. As a result, extensive features such as software-defined WAN (SD-WAN) and WAN optimization are required by organizations to assure application performance via Direct Internet Access connections.

Architecture With One Pass

Enterprises must use a single-pass design to reduce the extra delay caused by service-chained inspection engines in a traditional security stack. Single-pass architectures open and examine communication just once, allowing many policy engines to handle it. A single-pass design, for example, would only open and examine an encrypted packet once for examination by the malware protection and data loss prevention engines.

Management Coordination

Administration plane integrations in networking and security must make whole lifecycle operations easier – provisioning, policy-based management, visibility, and troubleshooting – possible. For example, IT Administrator teams must have a single picture of the whole corporate architecture spanning networking and security, including branch office locations, security points of presence, tunnels, and network use. This removes blind spots and simplifies setups throughout the whole architecture, reducing the possibility of human mistakes.

Edge Secure Access Services

SASE intends to replace existing hub-and-spoke infrastructures with secure Direct Internet Access. The integration of cloud-delivered security, zero-trust access, and complete WAN capabilities ensures a safe and consistent employee experience regardless of employee location or application hosting location.


Download Citrix's whitepaper to learn more about Secure Access Service Edge (SASE) and how we need to rethink network and security architectures to meet modern requirements. 


You will receive an email with a download link. To access the link, please check your inbox or spam folder