SASE 101: How to get started with secure access in a cloud-first world

As more organisations embrace cloud applications and adopt flexible work patterns with distributed teams, many are rethinking how users can securely access data and applications. Secure Access Service Edge (SASE) has emerged as a popular topic in these discussions, but for many teams, knowing where to start can feel a bit daunting.

This article serves as a practical introduction for teams new to SASE. We’ll break down what SASE is, why it came about, how it differs from Security Service Edge (SSE), and how businesses can leverage SASE as a contemporary framework for secure access. The aim is to create a shared understanding before jumping into tools or technical options.

Secure Access Service Edge (SASE) represents a cloud-based approach that integrates both networking and security functionalities into a cohesive access model.

Instead of depending on centralised data centres and rigid network boundaries, SASE provides secure access closer to where users and applications actually are, utilising cloud services to enforce policies in most user locations.

At its core, SASE transforms the focus of access and security from being network-centric to identity-centric. This is why SASE often features prominently in early-stage discussions surrounding security modernisation, including Zero Trust principles.

Many organisations look into SASE because traditional methods don’t keep up with today’s work environment.

Traditional beliefs:

• Users predominantly worked from corporate offices
• Applications were housed within data centres
• Network location determined user trust

Current scenarios:

• Employees operate remotely or in hybrid settings
• Applications exist across various clouds and Software as a Service platforms
• Contractors and partners need controlled access
• Devices connect through numerous different networks

SASE provides a solution that aligns secure access with these realities, presenting a logical entry point for organisations looking to modernise without overhauling their entire setup.

It’s crucial to note that SASE isn’t simply a one-size-fits-all technology or deployment; it’s a framework built on several essential concepts:

• Cloud-Delivered Networking
  This model adjusts connectivity based on user and application locations instead of forcing traffic through fixed locations.
• Integrated Security Controls
  Security measures are uniformly applied across all users, devices, and destinations.
• Identity-Aware Access
  Access decisions are informed by user identity and the context of their requests, not merely the network they connect from.
• Globally Distributed Delivery
  Services reach users via a cloud structure operating close to them, wherever they are in the world.

Grasping these concepts early on aids teams in defining what SASE entails for their unique environment before assessing vendors or technologies.

SASE closely aligns with Zero Trust principles, which emphasise continual access verification and avoid placing implicit trust in any user or connection.

Instead of replacing Zero Trust, SASE provides a scalable framework that supports it in distributed, cloud-first settings. It helps enforce identity-based access policies consistently, regardless of where users or applications are located.

For many businesses, adopting SASE is a practical step towards implementing Zero Trust in real-world access situations.

When delving into SASE, teams may come across the related term Security Service Edge (SSE). Understanding the difference can clarify the scope and expectations.

What Is SSE (Security Service Edge)?

SSE is a cloud-based security model specifically designed to safeguard user access to:

• The web
• Cloud and SaaS applications
• Private applications

SSE focuses solely on security controls and policy enforcement, without addressing network optimisation or routing.

How SASE and SSE Relate:

• SASE encompasses a broader architecture that merges networking with security.
• SSE constitutes the security segment within the SASE framework.

In simpler terms, SSE is a subset of SASE. Many organisations begin their modernisation journey with SSE since it enhances user access security before broader networking adjustments are made.

When first diving into SASE, real-world scenarios can help illustrate the concepts. For example:

• A remote employee securely accesses applications without sending traffic through a corporate office.
• A contractor gains limited, identity-based access without needing to join the internal network.
• A branch office connects directly to cloud services without relying on intricate on-premises setups.
• These examples highlight the outcomes SASE enables, aiding teams in evaluating how well it fits their needs.

Conversations about SASE often involve various roles, even in initial discussions:

• IT leaders are considering future access models
• Security teams are working on Zero Trust initiatives
• Network professionals are adapting connectivity to cloud-centric delivery
• Business leaders are focused on minimising complexity and risk

Since SASE integrates aspects of both networking and security, early collaboration among these teams is vital for achieving long-term success.

Microsoft Global Secure Access guides organisations in starting their SASE journey by providing identity-aware, cloud-based access controls. Here’s how to get started:

• Implement the traffic forwarding client to route user traffic through Microsoft’s global network for policy enforcement.
• Utilise Conditional Access policies to enforce identity-driven access decisions.
• Activate shadow AI visibility to oversee and manage unauthorised app usage.

Taking these steps helps organisations put Zero Trust principles into practice while building towards an entire SASE architecture.

See Microsoft Global Secure Access in action

Initiating your SASE journey doesn’t start with tools or implementations; it begins with cultivating a shared understanding. SASE offers a framework for secure access that is:

• Cloud-centric
• Identity-focused
• Consistent for users and locations

For organisations navigating hybrid work and cloud integration, comprehending SASE concepts early helps lay the groundwork for designing scalable secure access strategies.

Next Steps

-Sule Tatar, Senior Product Marketing Manager

Additional resources

Learn more about Microsoft Entra
Ensure protection against identity attacks, guarantee least privilege access, unify access controls, and enhance user experience with comprehensive identity and network access solutions across on-premises and cloud environments.