The Secure Access Service Edge (SASE) Architecture: Here’s Where Your Digital Business Network Starts

Dave Greenfield

In its recent “Hype Cycle for Enterprise Networking, 2019,” Gartner identified the next transformation of enterprise networking and security. The Secure Access Service Edge (SASE, pronounced “sassy”) converges enterprise security and networking into a cloud-based service. The category is so strategic that Gartner labeled SASE as “transformational.” To put that in context, SD-WAN, with all of its impact on enterprise networks, has never reached a transformational rating by Gartner in a Hype Cycle. Cato has been named as “sample vendor” in the SASE category.

For a deep dive on SASE and how Cato delivers SASE capabilities, click here to read this whitepaper.

Why Now and What Makes SASE so Transformational?

SASE is emerging in response to the needs of today’s digital business. The digital business is all about speed and agility. We operate faster and we operate everywhere with remote offices and mobile users. Pulling teams and resources together regardless of location to develop new products faster, deliver them to the market sooner, and respond to changing in business conditions quicker are hallmarks of digital business transformation. Technology is essential to those changes; witness the widespread adoption of cloud computing. The benefits of SASE technology help to usher in this emerging era.

But while the cloud is agile, elastic, and ubiquitous, enterprise networking and security infrastructure have been just the opposite. The network is rigid and static. Security is fragmented between physical locations, cloud resources, and mobile users. Together, networking and security are slowing down the business as silos erected decades ago are stretched and patched to accommodate emerging business requirements.

The very way enterprises have long designed their networks is outdated. Thinking in terms of stitching together SD-WAN devices, firewalls, IPS appliances, and the rest of the basket of security and networking solutions to solve network problems has become the problem itself. As Gartner writes, “Digital transformation and adoption of mobile, cloud and edge deployment models fundamentally change network traffic patterns, rendering existing network and security models obsolete.”

What is SASE Network Architecture?

The SASE Cloud architecture addresses this problem. It provides a single network that connects and secures any enterprise resource – physical, cloud, and mobile – anywhere. In this, the SASE Cloud is marked by four main characteristics: It is identity-driven, cloud-native, supports all edges, and is distributed globally:

  • Identity-driven.  User and resource identity, not simply an IP address, determine the networking experience and level of access rights. Quality of service, route selection, applying risk-driven security controls — all are driven by the identity associated with every network connection. This approach reduces operational overhead by letting companies develop one set of networking and security policies for users regardless of device or location.
  • Cloud-native Architecture. The SASE architecture leverages key cloud capabilities including elasticity, adaptability, self-healing, and self-maintenance to provide a platform that amortizes costs across customers for maximum efficiencies, easily adapts to emerging business requirements, and be available anywhere.
  • Supports All Edges. SASE creates one network for all company resources — datacenters, branch offices, cloud resources, and mobile users. For example, SD-WAN appliances support physical edges while mobile clients and clientless browser access connect users on the go.
  • Globally Distributed. To ensure the full networking and security capabilities are available everywhere and deliver the best possible experience to all edges, the SASE cloud must be globally distributed. As such, Gartner notes, they must expand their footprint to deliver a low-latency service to enterprise edges.

SASE is not your Telco-managed Network Service

The SASE Cloud service runs a single-pass, traffic processing engine that process traffic from any “edge” — sites, the cloud, and mobile users. It efficiently applies all network optimizations, security inspection, and policy enforcement with rich context before forwarding traffic onto its destination.

In this, SASE is a fundamentally different approach to the way telco services integrated bundles of point solutions. While this approach masks the complexity of the underlying network, enterprises still see their spend increase to pay for both the products and the people to manage them.

By contrast, with a single-pass, cloud-based, architecture, SASE Cloud not only appears to be leaner, it is leaner. All functions are converged together. It processes traffic faster with more context than stringing together multiple point products. SASE is built with the scalability, self-service, and agility of the cloud. Your telco isn’t.

The same is true for network providers that run virtual machines in the cloud or, for that matter, service chain solutions. In both cases, the specific VNFs (Virtual Network Functions), VMs, and services need to be sized, scaled and managed separately. As for security providers integrating various security capabilities in the cloud, they still lack the key SASE elements of controlling network flows and natively supporting the WAN edge.

Ultimately, SASE offers convergence as the key defining attribute. Failing to deliver networking and security capabilities, maintaining them as discrete appliances, or relying on service chaining isn’t convergence but loosely coupled linking of point solutions.

Cato Cloud is the World’s First SASE Platform

Since its inception, Cato has focused on the convergence of networking and security into the cloud and today provides a wide range of SASE capabilities. Every day, the Cato Cloud connects and secures more than 400 enterprises worldwide with thousands of branch offices, cloud instances, and mobile users.

More specifically, Cato Cloud is:

Identity driven. With user awareness, IT can tie security and networking policies to the user’s identity.

Cloud-native. Cato has converged networking and security into a software platform that meets the five attributes of a cloud-native platform: multitenancy, scalability, velocity, efficiency, and ubiquity.

Support all Edges. Cato connects all enterprise edges — physical locations, cloud resources, and mobile devices — to one another and the Internet. Physical locations connect via Cato SD-WAN devices; mobile users rely on Cato’s client and clientless access; Cato’s agentless configuration connects cloud resources into the Cato Cloud.

Globally distributed. The Cato Private Backbone is a global, geographically distributed, SLA-backed network of nearly 60 PoPs, interconnected by multiple tier-1 carriers. Every PoP runs the complete Cato converged software stack and extends the strict SASE definition by including WAN and cloud optimization to improve global access to applications everywhere.

Cato is honored to have been named as a sample vendor in the SASE category. While many of our competitors have either ignored convergence or have pushed for convergence in appliances, poor strategic moves on both accounts, Cato has long advocated for what IS a SASE platform. As Shlomo Kramer, CEO and co-founder of Cato Networks, puts it, “Since Cato’s founding, we’ve focused on converging networking and security into the cloud, creating one, global, cloud-native architecture that connects and secures all locations, cloud resources, and mobile users everywhere.”

Learn more about what Cato has to offer by comparing CASB vs SASE, ZTNA vs SASE and by clarifying what is not SASE. Consider starting your journey with our SASE for Dummies guide, or become a certified SASE expert with our available course and exam. Contact us and start your SASE journey today!

** Gartner, “Market Trends: How to Win as WAN Edge and Security Converge Into the Secure Access Service Edge,” Joe Skorupa and Neil MacDonald, 29 July 2019


Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.