More and more companies are realizing that their traditional infrastructure is no longer sufficient to secure data and applications. To adapt to the demands of a modern IT environment, they usually resort to SASE or Secure Access Service Edge. It offers the best security for a complex IT landscape in which both users and applications are widely distributed. But as with any fast-growing concept, there are some persistent myths that make it difficult for organizations to understand exactly what SASE can do for them.

SASE is no longer an unknown concept in most organizations, but only a minority have already taken the first step towards architecture. Often they don’t know where to start and what to do to transform their current IT environment. It all starts with the right knowledge, which is why we debunk four common SASE myths that companies stumble upon.

1. SASE is exclusively for the large multinational companies

Quite a few smaller companies associate SASE with large, international organizations. In principle, this is a logical fallacy, because as a cloud-native solution, SASE has the ultimate goal of enabling users all over the world to have the same consistent user experience. At first glance, a company whose employees are based exclusively in Belgium benefits little from this. But actually, this conclusion comes from a misinterpretation of SASE. For small, locally-oriented companies, users can be located outside of the office and you want to be able to ensure a continuous, direct connection to your applications there as well.

Many companies are unaware of the location of these applications. Because they run primarily in the cloud, your data can be hosted almost anywhere. For example, most organizations work with Microsoft Office 365. To ensure smooth access to applications, Microsoft immediately redirects users to another component in this network in the event of network problems. This is often a different location than before, which means that local companies’ data-related activities can suddenly reach far beyond national borders.

Thanks to SASE, you don’t have to worry about the location of applications. Your organization remains in control of the movement of data at all times. Therefore, SASE does not care where users are located or how global your organization is. You need to think about where your data resides. This makes SASE an interesting solution for companies of all sizes.

2. The basis of SASE is Zero Trust Network Access (ZTNA)

Zero Trust Network Access or ZTNA is just one of the crucial features of the SASE framework. The term was coined by Netskope employee Steve Riley while he was working at research and consulting firm Gartner. Today he would choose a different terminology: ZTAA or Zero Trust Application Access.

ZTNA is often cited as a replacement for VPN technology. VPN means that a workstation has to establish a connection to another workstation on which an application is located. After connecting both systems, too many permissions have already been granted. A VPN connection typically also unblocks applications that are hidden behind the corporate firewall – the local perimeter that must protect the most important assets. ZTAA limits these privileges to the bare minimum. It grants a validated identity access to the requested application in the system, but without exposing applications from the outside.

The threat that comes with a VPN solution is therefore gone. But in a modern IT landscape, that’s not enough. Finally, ZTNA is limited to applications behind the perimeter of the network and does not take into account SaaS applications (Microsoft 365, Salesforce, …) for which users do not need a VPN. Since a SASE architecture is adapted to a cloud-oriented application landscape, you can also grant access to these applications without granting more permissions than necessary. It immediately explains why Steve Riley would prefer to use the term Zero Trust Application Access (ZTAA) today.

3. SASE is built on an SD-WAN foundation

SD-WAN stands for Software-Defined Wide Area Networking, which is just part of SASE. SD-WAN gives companies the ability to connect different locations or offices via an internet connection. SASE begins with “Secure Access,” which is about making a resource available. The strength of SASE lies in the decoupling of this network from this network – be it SD-WAN, 4G/5G or public networks. SD-WAN provides a path to the applications or data you want to reach, but SASE is about making all resources available to all users securely, reliably, and quickly, in a way that is consistent for the user and so that you can access it at any time limit the risk of the transaction in time.

4. Deploying SASE requires difficult implementation

Finally, companies see the implementation process as a major obstacle when moving to a SASE architecture. Ultimately, it’s a new type of security that they need to incorporate into their existing infrastructure, so they expect adoption to be the start of a long and arduous journey. Nothing could be further from the truth, and adopting SASE doesn’t have to be difficult…

This is a post by Andy Quaeyhaegens from Netskope. Learn more about this topic? Then come to Cybersec 2023 in Brussels on April 19th or 20th. Netskope experts are happy to give concrete insights during a session that clear up even more myths about SASE and show you that a SASE transformation is not difficult at all, just simplified.