HomeGuidesUnderstanding SASE: A comprehensive overview for modern network security | 15 min read

SASE explained

A comprehensive overview for modern network security.

15 min read


What is SASE?

SASE is a cloud-based framework that seamlessly integrates software-defined wide area networking (SD-WAN) and Zero Trust security solutions, a next iteration of network security that mitigates security concerns associated with local breakouts and numerous network access points by de-centralising network security.

Here's what you need to know:

Identity-driven access:

  • SASE grants access based on user and device identities. Authentication and authorisation play a central role
  • Users and endpoints are securely connected to apps and resources, regardless of their physical location

Cloud-native approach:

  • Both infrastructure and security solutions are delivered via the cloud
  • This flexibility allows for scalability, agility and efficient resource utilisation

Protecting all edges:

  • SASE safeguards every edge, including physical, digital and logical boundaries
  • Whether its a remote worker, branch offce or IoT device, SASE ensures consistent security

Global distribution:

  • Users are secured anywhere they work, whether in the office, at home, or on the go
  • SASE eliminates the need for backhauling traffic to traditional data centres for security inspections

Key components of SASE:

Traditional CPE’s consist of specialized hardware devices to perform dedicated functions. These hardware-based functionalities are known as Physical Network Functions. These consist of provider-owned, specialized hardware devices, such as a device for Firewall from Palo Alto, a router from Cisco and a switch from Juniper, which are then deployed to a customer premise, or a data centre.

In the past, this would mean that businesses would need multiple devices on site, helping them move data from one end to the other safely and correctly.

Having to comply with these kind of hardware devices and this model of working can be a challenge for a business. For example, opening a new office, or simply adding a new network function, would involve:

Software-Defined Wide Area Networks (SD-WAN)

SD-WAN creates virtual connections between endpoints (both physical and logical), optimising user traffic by providing near unlimited paths, enhancing user experience

Firewall as a Service (FWaaS)

FWaaS moves firewall protection to the cloud, extending security beyond the organisation's geographic footprint. Remote and mobile workers connect securely to the corporate network while adhering to consistent security policies.

Secure Web Gateway (SWG)

Secure Web Gateway filters unauthorised web traffic before it reaches the network perimeter. Technologies like malicious code detection, malware elimination and URL filtering enhance security.

Zero Trust Network Access

Zero Trust Network Access ensures trust is never implicit. Access is granted on a need-to-know basis. All users, devices, and applications undergo continuous validation before accessing private resources.


Stay secure beyond borders

With employees working remotely and critical systems moving to the cloud, traditional network perimeters have exploded and businesses need to stay secure beyond borders to enable success. Download the guide to discover a guide to SASE implementation, to help you find the right pathway for your business.

How does SASE compare to traditional network security solutions?

1. The location of the security perimeter

Traditional security relies upon protecting a defined boundary. It often employs various on-premises security hardware and software solutions, such as VPNs, firewalls and SD-WANs

SASE adopts a decentralised approach to network edge security. It integrates networking and security capabilities into a single cloud service.

2. Network Architecture

Traditional security requires distant users to connect the business network via VPN tunnels or proxies. Centralised security enforcement can become a bottleneck.

SASE inspects traffic at the nearest point of presence (PoP). This cloud-native approach ensures consistent data protection across all edge locations.

3. Security Services

Traditional security often involves backhauling traffic through data centrees. It relies on a mix of separate solutions for different security and networking demands.

SASE leverages the power of the cloud to provide secure access to applications from any location. It integrates identity-centric security, continuous monitoring and a suite of network security services.

4. Authentication

Traditional security may use various authentication methods but lacks the holistic approach of SASE.

Prioritises user and device identities for access. Authentication is a fundemental component.

5. Flexibility

Traditional security can be rigid and less responsive to evolving needs.

SASE offers agility by adapting to changing network requirements. It accomodates remote work, mobile devices and dynamic access scenarios.

6. Scalability

With traditional security, scaling often involves complex adjustments to on-premises hardware.

SASE is completely scalable, allowing organisations to grow without major infrastructure changes.

7. Cost model

Traditional security may involve higher upfront costs and ongoing maintenance expenses.

SASE reduces costs by eliminating the need for extensive on-premises security infrastructure.

In summary, SASE provides a more adaptive, cloud-based and holistic approach to network security. It assists enterprises in staying ahead of new threats while simplifying their security landscape. However, the choice between SASE and traditional security depends on specific organisational needs and priorities.

How to get the most out of a SASE deployment:

The objective of any SASE deployment is to deliver as secure a network as possible from a mix of locations. To help network managers get there, here are four essential considerations in order to get the best results:

Define your security and business objectives

A common objective for SASE is to replace a disorderly jumble of disparate solutions with simplicity and manageability. Many organisations currently struggle with a messy mix of security appliances and point solutions, provisioned at different times by different departments and with different needs in mind. The right SASE solution will replace this with secure network access of a uniform quality at all end points. It functions, if done right, as a single pane of glass offering a full view of your network.

You will also need to decide how you want to deploy SASE. You might have in-house IT expertise on hand to make your choice of SASE solution work. Or you might prefer to turn to a partner to deliver it as a managed service. Doing it this way means you can rely on ongoing support to ensure day-today operational success. Your partner will be part of ensuring that your network is able to grow and evolve along with your business requirements. A partner can also help you navigate the increasingly complex network environment in which we all find ourselves.

You will also need to give thought to capital and operational costs. What is the best way to balance increasingly complex networking requirements with budgetary constraints? What returns can you expect from an outlay on SASE if you buy your own solution? How might the alternative of a managed SASE service help with cost of ownership and return on investment?

Critical questions to ask:

Is this something you will cover with capital or operational costs?

What is the best way to balance increasingly complex networking requirements with budgetary constraints?

What returns can you expect from an outlay on SASE if you buy your own solution?

How might the alternative of a managed SASE service help with cost of ownership and return on investment?

Understand your network perimeter

A SASE deployment is all about enabling businesses to activate secure connectivity wherever it is needed. With a hybrid workforce, the perimeter of your business is no longer fixed and defined. It will embrace remote locations and on-prem ones. It might be in the cloud, out in the field, or a combination of all these. All enterprises will have different types of requirement that must be considered before SASE can be effective.

You need to understand where your users are, how they’re connecting and which devices they’re using. It will also be necessary to define their access profile. The inherent attributes of SASE makes this easier than with legacy security methods. Remember that SASE security is policy-driven, and not contingent on the location of the user. It is also open to a range of different device types. Access and security are based on a user’s identity rather than a physical IT-controlled device or network access point. SASE offers flexibility in where and when security services are applied, and meshed traffic patterns are handled with efficiency. You will need a handle on what security you already have in place, and how that might fit with SASE. You must consider the security requirements of individual applications too, and have an idea of their performance needs, mapped by location groups.

Critical questions to ask:

How will your users and devices connect? Identify all access points: home offices, mobile devices, IoT endpoints etc.

What security services are applied at the perimeter? Are these services cloud-native or on-premises?

Does your SASE solution integrate with your identity provider e.g. Active Directory?

How will you balance network visibility and user experience? 

Avoid just making short-term fixes

Organisations need to be planning for the long term and secure networks must be central to that process. We’re well beyond the early days of the pandemic when network technology rose to the challenge of keeping huge numbers of remote workers connected and operational. Looking ahead, the challenge is no longer about a quick fix to get us through an emergency.

The short-term solutions put in place at the beginning of the pandemic, like legacy VPN connections, will not be up to supporting the complexities of hybrid work. Older solutions, created before the cloud era, will not protect against latest threats, and are difficult to scale and expensive to operate. These drawbacks will inevitably have a negative impact on network performance. New approaches and new technologies are needed, either to replace all older solutions wholesale or perhaps just to manage them better under a single platform. This is where a managed SASE solution can fit in.

Critical questions to ask:

How will you prepare for multi-cloud connectivity? Which providers will you use? How will SASE integrate with them?

Are you prioritising secure branch networking? Evaluate how SASE enhances connectivity for remote locations.

How can you modernise your applications? SASE thrives on agility. Are your legacy apps hindering SASE adoption?

Avoid a piecemeal approach to security

Not all SASE solutions are the same. A common pitfall is to invest in SASE that is made up of many different bits and pieces, only superficially united under one fabric. It is important to ask if the solution you have in mind follows the Gartner guidelines:

  • Can it be delivered as a managed service?
  • Is it designed for the cloud from the ground up by people who fully understand the needs of the cloud?
  • Does it offer a truly integrated approach based around a single dedicated platform?

SASE with the right qualities is a sustainable solution that is secure and scalable – both in terms of the number of end points and geographic reach – as well as cost-effective, easy to manage and quick to set up. All in all, it should provide a good experience for many different types of end-user. SASE must provide policy-based, software-defined access to work with the most fluid of network fabrics. It should let network managers and security professionals specify the level of performance, reliability and security of every network session, based on identity and context. It must define and control all the dynamic access requirements that digital transformation entails, allowing secure connectivity between a variety of distributed users, locations and cloud-based services. If it doesn’t do all this it is not true SASE, and may well end up as an expensive headache.

Deliver world-class secure access for the hybrid generation.

Colt has formed a partnership with leading SASE vendor Versa Networks to deliver a truly integrated approach to networking and security. Colt’s global next generation network and leadership in the SD WAN market has been teamed with VOS™ (Versa Operating System) to answer the needs of today’s hybrid working patterns.

The latest Remote Access feature, one of the first to be based on Versa SASE, builds on the success of Colt’s award-winning SD WAN service to allow remote access without compromising network security, integrity and performance, and is based on an easy-to-scale, cost-effective model. Colt and Versa offer SASE connectivity that is built from the ground up as a true enterprisegrade solution. The result is a wide global footprint combined with massive bandwidth and a software layer designed for both networking and security. As the market continues to evolve, it’s important to have a partner with a strong roadmap. Colt and
Versa together have the resources and skills to make connectivity both secure and future proof

Recommended solutions:



SD-WAN is a more intelligent, software defined way to build a WAN. See why 93% recommend our award-winning SD-WAN solution.


Colt Edge Compute

On-premise Edge compute, bringing the power of the cloud closer.


Stay secure beyond borders

With employees working remotely and critical systems moving to the cloud, traditional network perimeters have exploded and businesses need to stay secure beyond borders to enable success. Download the guide to discover a guide to SASE implementation, to help you find the right pathway for your business.

Important links: