Secure Access Service Edge (SASE) is a cloud-based IT model which bundles together Network-as-a-Service features with Network-Security-as-a-Service functions. This architecture is part of the transition from an outdated Castle-and-Moat architecture (not adapted to cloud hosting) to a Zero Trust model.

  • Network-as-a-Service (NaaS) is the provision of network services from a cloud provider. It aims at replacing private VPNs and MPLS connections. It relies a lot on Software Defined Networking technologies.
  • Network-Security-as-a-Service (NSaaS) is the provision of network security services from a cloud provider. The security aspect of SASE is also called Security Service Edge (SSE).

This modelling highlights the move from traditional on-premise features, to cloud-native solutions. Just follow the arrows ! :stuck_out_tongue:

Note: A Wide Area Network (WAN) connects Local Area Networks (LANs) across long distances. In order to speed up connections, many companies use specific Multi Protocol Label Switching (MPLS) hardware instead of classic routing.

Note: Based on original learning material from Cloudflare engineers.