Get your daily dose of tech!

We Shape Your Knowledge

SASE, the model that connects and protects modern IT infrastructures

Kirey

  

    Modern companies must ensure high-performing, always-on connectivity for people and digital assets, while also guaranteeing effective protection of their resources. While this has always been true, today’s conditions are profoundly different from the past: distributed work is the norm and business applications increasingly reside in the cloud—factors that make it significantly more complex to maintain adequate levels of performance and security.

    In this article, we explore the SASE model as a concrete response to the needs of the modern enterprise.

    Key Points

    • Companies must modernize their networking and security model: distributed work, cloud adoption, and increasingly dynamic traffic patterns make perimeter-based models ineffective.
    • SASE is an architectural model that unifies networking and security into a single cloud-based platform, enabling consistent management of access, traffic, and controls.
    • The benefits include greater control and visibility, reduced complexity and costs, and a tangible improvement in user experience and productivity.

    Performance and security without a perimeter: the challenge

    In the traditional IT model, users, applications, and data resided within a well-defined perimeter, typically coinciding with the corporate data center. Traffic followed predefined routes within the WAN (Wide Area Network), controls were centralized, and policies were enforced in a rigid manner.

    Today, the situation is very different. Applications are distributed across public clouds, private clouds, on-premises environments, and SaaS services; users access them from the office, from home, and from anywhere else, often using heterogeneous devices. Most importantly, traffic no longer follows a single path but moves dynamically across the internet, public cloud, local provider clouds, and on-premises environments.

    Ensuring high performance remains a priority and means avoiding inefficient routing and bottlenecks, while ensuring security means applying consistent controls over access, data, and behavior wherever users and applications are located.

    The challenge arises from the fact that these two objectives, once concentrated in a single control point, are now spread across a much wider and more fragmented surface. The result is a significant increase in complexity: more access points, more tools, less visibility, and greater difficulty in maintaining consistent policies.

    SASE: the architecture that connects and protects modern IT environments 

    Performance and security cannot be achieved simply by adding a tool or platform. They require rethinking the model through which organizations manage connectivity, traffic, access, and controls, making them inherently consistent with the operational context.

    At the same time, the new model must simplify management, providing unified visibility and centralized control without reintroducing the limitations of the past. In other words, it must preserve what worked in the traditional model while adapting it to fundamentally different technological environments. This is where Secure Access Service Edge, or SASE, comes in.

    What is Secure Access Service Edge (SASE)

    SASE is not a technology but an architectural model that unifies networking and security capabilities into a single cloud-delivered platform. In practice, SASE combines two fundamental components.

    1. On one side, networking capabilities (SD-WAN), which enable intelligent and efficient traffic routing to on-premises and cloud applications, regardless of the user’s location, device, or access network.
    2. On the other side, a set of cloud-based security services, such as Zero Trust access (ZTNA), web traffic protection, and data loss prevention, is applied along the entire access path.

    The result is a model in which access to resources no longer depends on network location but on user identity, device posture, and operational context. Policies are defined centrally but enforced close to the point of access, ensuring consistency, scalability, and a better user experience.

    How SASE works: a practical example 

    To understand how SASE works in practice, let’s consider a common scenario: an employee accessing a cloud-based business application, such as a CRM, from home.

    • In the traditional model, this access goes through the corporate network, often via a VPN, before reaching the application.

    • With SASE, the user connects to the internet as usual and, after authenticating through corporate systems, traffic is routed to the nearest SASE provider cloud node. Here, controls come into play: identity, device posture, and access context are verified, and only if conditions are met is access granted to the specific application, without exposing the entire corporate network. Traffic is then routed to the destination via the most efficient path and, throughout the entire session, remains continuously monitored: it can be inspected, filtered, and analyzed regardless of where the user and application are located.

    The result is a model in which access, performance, and security are no longer managed separately but are part of the same automated flow. The user experiences a seamless interaction, typical of consumer applications, while the organization maintains control and visibility.

    SASE Architecture: key components

    A SASE architecture is based on the integration of multiple components working in synergy. On one side are networking technologies, centered on the SD-WAN model; on the other, a set of security services.

    •  SD-WAN (Software-Defined WAN)
      This is the foundation of the networking component. SD-WAN creates an intelligent logical layer above available connectivity options and dynamically manages traffic between users, sites, and applications. In a SASE context, its role is central to performance: it analyzes line conditions in real time and routes each flow along the most efficient path, reducing latency, errors, and congestion, including for cloud, edge, and SaaS applications.
      SD-WAN also enables advanced segmentation logic and relies on a centralized management model, with a unified control plane that provides end-to-end visibility and allows policies to be defined and automatically enforced across all sites and users.

    •  ZTNA (Zero Trust Network Access) 
      ZTNA represents the security component. Zero Trust Network Access is the model that governs application access based on the principle “never trust, always verify.” In this approach, every request is evaluated based on user identity, device posture, and usage context.
      Access is never implicit or permanent: it is granted only to the specific requested application and continuously verified over time. This significantly reduces the attack surface and limits the risk of lateral movement in case of compromise.
    • Secure Web Gateway (SWG)
      SWG protects users' web browsing by filtering internet traffic, blocking malicious sites, and enforcing usage policies. It acts as an advanced proxy that inspects traffic and prevents threats.
    • Firewall as a Service (FWaaS)
      FWaaS brings traditional firewall capabilities to the cloud, enabling network traffic control and filtering without the need to deploy physical appliances across different sites. It provides visibility and control over protocols, ports, and applications, enforcing policies consistently.
    • CASB (Cloud Access Security Broker)
      CASB is the security component focused on cloud and SaaS applications. It provides visibility into usage, identifies unauthorized applications (shadow IT), and enforces controls on access and data, for example, preventing the leakage of sensitive information. 

    Greater security, lower costs, and better UX: the benefits of SASE 

    At this point, many of the advantages of the SASE architecture should already be clear. However, it is worth summarizing them, also to highlight less obvious but particularly relevant benefits in modern IT environments. 

    • Optimal control over users, data, and corporate resources
      SASE enables granular access governance, reducing risk while maintaining control even in highly complex environments.  
    • Reduced operational complexity 
      The integration of networking and security eliminates the fragmentation typical of tool-based models, simplifying management, configuration, and updates.  
    • Full visibility across IT environments
      SASE provides a unified view of traffic, users, and applications, enabling continuous monitoring of infrastructure activity and rapid response to anomalies or issues.  
    • Cost optimization 
      Reducing physical appliances, redundant solutions, and operational overhead helps optimize costs and make them more predictable over time. 
    • Improved user experience (UX) 
      Optimized network paths and direct application access reduce latency and disruptions, improving individual productivity and team collaboration.  

    Kirey, the right partner to evolve networking and security architecture 

    At Kirey, we support organizations in modernizing their IT architectures, with the goal of ensuring high performance and maximum security even in modern, distributed environments.

    Implementing a SASE architecture is a strategic lever. Thanks to strong field experience and partnerships with leading vendors, we can support companies throughout the entire journey: from initial advisory and consulting activities, to architecture design and implementation and through ongoing operations and long-term evolution.

    If you want to address the evolution of networking and security in your organization in a concrete way, contact us to start a discussion.

    Related posts:

    Banking Cyber Resilience: How Frontier AI Models A...

    As a cornerstone of the modern economy, the banking sector relies on some of the highest cybersecuri...

    Multi-agent architectures in cybersecurity, the ne...

    According to Gartner forecasts, by the end of 2026, 40% of enterprise applications will integrate ta...

    NIS 2 in manufacturing: why it is a challenge and ...

    NIS 2 marks a step change in the way the manufacturing sector addresses cybersecurity. The European ...