Don't miss an insight. Subscribe to Techopedia for free.


SASE (Secure Access Service Edge)

What Does SASE (Secure Access Service Edge) Mean?

Secure access service edge (SASE) is a network architecture in which security services are delivered over the internet directly to SD-WAN connections through a private backbone that is managed by the SASE provider.


The goal of SASE, which is pronounced “sassy," is to consolidate multiple networking and security functions into one native-cloud software stack that's billed as a single, on-demand cloud service.

Depending upon the provider, a SASE stack may include the following:

  • Support for Zero-trust Network Access (ZTNA)
  • Cloud Access Security Broker (CASB) services
  • Secure Web Gateway (SWG) services
  • Deep packet inspection services
  • Virtual private network (VPN) services
  • Firewall as a service (FWaaS)
  • Data loss prevention (DLP) services

Techopedia Explains SASE (Secure Access Service Edge)

SASE consolidates cloud-based networking and security services into a single, cloud-native software stack. Access to resources is identity and access (IAM) driven, which means that access can be granted, denied or limited based on user or resource identity and location, not just IP address. SASE builds upon the Zero Trust model to deliver a fully integrated network through all of the core component technologies.

SASE services can be thought of as next-gen VPN. They are intended to make it easier for enterprises to provide security for devices at the edge of the network by:

  • Reducing the cost of deploying and managing multiple siloed services.
  • Providing centralized management, including orchestration, for complex hybrid-cloud deployments.
  • Allowing Zero Trust policies to restrict access based on user, device, location, IP address or application identity.
  • Ensuring packet inspection is enforced across all of the SASE provider’s point of presences (PoPs).

Related Terms