What Is a SASE Provider?

Secure Access Service Edge, or SASE, is an emerging cloud-based model for managing networking and security in IT environments. SASE combines software-defined networking with cloud-based security functions, allowing organizations to provide resilient connectivity and more robust protection for hybrid workforces and highly distributed systems. 

By making it easier for workers anywhere to quickly connect to IT resources and pushing security closer to the edge, SASE services help reduce risk, improve productivity, enable secure work from anywhere and streamline the management of networking and security functions.

SASE providers are technology companies that offer one or more of the core components of a SASE platform. Along with Software-Defined Wide Area Networking (SD-WAN), SASE providers may offer solutions known collectively as the Security Service Edge (SSE): Cloud Access Security Broker (CASB) software, Secure Web Gateway (SWG) solutions and Zero Trust Network Access (ZTNA) technology. Some providers offer additional solutions such as data loss prevention, remote browser isolation and content disarm & reconstruction services that provide extra protection.
 

As SASE is a relatively new model for IT environments, the market for SASE providers continues to evolve. Organizations looking for a SASE provider must choose between various capabilities and service models.

• Providers with global scale or limited scope. A SASE vendor with a global architecture will provide more reliable performance for use cases worldwide. 
• Providers with privately-run data centers or hyperscalers. Some SASE providers provision servers and networking equipment from their own privately-run cloud data centers. Others offer solutions running on hyperscaler platforms like AWS and Google Cloud Platform, which may better support rapid growth or enormous spikes in demand.
• Providers offering comprehensive or point solutions. While the SASE framework combines networking and security functions into a single cloud-native service, not all providers offer every component of a SASE platform. IT teams will need to consider whether to choose a single-vendor solution with technology that is sourced and supported by one company or a multi-vendor scenario that requires more coordination and integration.
• Providers that minimize complexity or require more IT resources. Some SASE providers offer intuitive, easy-to-use interfaces that reduce the complexity of managing SASE environments. Others leave IT teams to develop their interfaces or integrate disparate components independently.

SASE providers fall into two separate camps: those that offer access-centric technology and those that provide data-first solutions.

Access-centric SASE software is primarily concerned with safely connecting users to data and applications on the web, in the cloud, or private data centers. These SASE services are typically delivered as a cloud and centralize control over who can use business-critical systems. While access-centric SASE solutions can quickly connect users with the business data they need, these technologies don’t provide continuous control over how that data is used. Some solutions may also require multiple endpoint agents for different security services, resulting in sprawl and conflicts among the agents.

Data-first SASE overcomes the limitations of access-centric solutions by enabling continuous control over how data is used and allowing administrators to monitor how users interact with data, digital and physical systems. This enables teams to more easily identify the types of behavior that create risk and may lead to breaches. With data at the center of a SASE deployment, teams can automate the enforcement of security policies based on the risk each user represents at any given moment. A data-first SASE application is ideal for distributed enterprises and hybrid workforces where users access cloud services outside corporate walls.
 

There are several essential capabilities to consider when considering a data-first SASE provider.

• Uniform data protection. Data-first SASE providers offer a single set of data security policies that can be uniformly enforced across the network, in the cloud and to each endpoint. Superior solutions offer controls that prevent data from leaving employee devices without authorization, such as when data is printed, copied or moved to a cloud service or flash drive.
• Advanced threat protection. Superior providers offer edge protection, deep content inspection, remote browser isolation and advanced malware detection.
• Application security. Data-first SASE should enable visibility and control of applications, shadow IT and manage unmanaged devices. Technologies like URL filtering, deep content inspection and cloud app visibility help block the use of unsanctioned cloud services.
• Network security. Cloud- and site-based firewall services enable safe access to the internet and provide inspection of encrypted traffic along with defenses against advanced threats.
• Network connectivity. SD-WAN should provide direct connections between branch offices while endpoint agents securely connect remote users. 
• Risk-based policy enforcement. Automatically personalizing security according to the risk each user’s behavior presents adds additional layers of protection.
• Unified data security policies enable teams to define policies once and enforce them everywhere, from the endpoint to the cloud.

As a leader in user and data security, Forcepoint is a single-vendor SASE provider with solutions that improve threat protection, simplify security, streamline management and make it simple to connect people and offices to the right resources everywhere. 

Forcepoint’s SASE solutions provide identity-aware and context-aware network and security access to connect users, devices and locations with digital resources and secure data applications anywhere and anytime.

As a SASE provider, Forcepoint offers best-of-breed solutions that include:

• FlexEdge Secure SD-WAN. Safely connect offices, branches and remote sites to the cloud. Manage connectivity from a single console. Proactively identify app performance issues before they interrupt workers’ productivity. Replace multiple-point products with one solution to lower costs.
• Zero Trust Network Access (ZTNA). Provide simple, safe and scalable remote access to internal and private cloud applications – without a VPN. Control access to private apps from anywhere, even data in use across managed or unmanaged devices.
• Cloud Access Security Broker (CASB). Protect sensitive data in the cloud and on devices. Gain complete visibility and control over data in any application, including shadow IT, for safe and high-performance use everywhere.
• Secure Web Gateway (SWG). Securely access any website or download any document while not compromising on the high-speed performance that teams require. Forcepoint SWG integrates with Forcepoint Remote Browser Isolation (RBI) to securely render risky sites and with Content Disarm & Reconstruction Zero (CDR) to thoroughly sanitize downloadable documents.