What is SASE
SASE stands for Secure Access Service Edge. Its purpose is to provide a unified secure layer using WAN, VPN and Zero Trust security solutions that connects all players that are working with classified company information regardless of their location in a mostly transparent way. SASE is a cloud service sitting on the network between Service providers (your enterprise applications, your enterprise data) and Service Consumers (User devices, other applications) that is to provide a single point where organizations can enforce security related policies on who can access what information or service under which conditions.
The declared purpose of SASE is to streamline network connectivity and security into a single service model that supports the dynamic access needs of organizations' digital environments. It is to provide a form of access that is transparent to users and applications, adding security and protection for the company information assets and applications, streamlining access without additional burdens to users or applications.
The core principles and objectives are:
1. Identity-Driven: SASE architecture is built around the identity of users and devices, granting access based on verified identities to ensure security.
2. Cloud-Native: It leverages cloud infrastructure for delivering both network and security solutions, enabling scalability and flexibility.
3. Support for All Edges: SASE protects every physical, digital, and logical edge within an organization's network.
4. Global Distribution: It ensures that security and network policies are enforced consistently, regardless of the geographical location of the users.
5. Transparency: It adds protection to applications and information assets without users or applications having to change
The key components of SASE include Software-Defined Wide Area Network (SD-WAN), Firewall as a Service (FWaaS), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA). These elements work together to optimize the user experience, enhance security, and reduce the complexity of traditional network architectures. The elements create a network in which the following conditions are enforced:
- Only identified participants are allowed to communicate
- Access is only granted to permitted resources
- Depending on the capabilities of the solution elements, traffic is inspected
So, What is the Issue?
When using SASE on devices that serve both private and professional purposes, privacy issues can arise. These concerns are primarily related to the potential for corporate oversight of personal data and activities. SASE architectures must be designed to safeguard user identities and related data, ensuring that privacy is maintained while providing secure access to digital resources.
The inherent privacy issues, especially when coupled with a mistrust in the organization, have users concerned about their employers using the solution. User rejection can be measured by analyzing the amount of traffic that should be considered as private as per the destination of the traffic. If the traffic decreases, users are adopting a strict separation between devices for professional use subject to SASE and private, uncontrolled devices. This behavior, while evoking a more healthy work-life balance for the users, is detrimental to the adoption of mobile devices in companies and to the investments made to extend work processes to mobile devices.
How Unified Endpoint Management can help
The combination of SASE with Unified Endpoint Management (UEM) on mobile work devices allows for the centralized management of all end-user devices, including smartphones and tablets. This integration facilitates the enforcement of security policies and ensures secure access to corporate resources while managing network connectivity.
UEM can help mitigate these privacy issues by creating a segregated work container on managed devices. This approach allows for the separation of corporate and personal data, ensuring that personal content is not subject to corporate policies or monitoring. Privacy settings within UEM solutions can be configured to collect only necessary data and to restrict certain remote actions, such as full device wipes, which could affect personal content. This segregation helps maintain user privacy while still enabling the secure management of corporate resources on the device.
It is important to educate the workforce about the possibilities of the SASE and UEM solutions and to transparently inform them, how these solutions are used in the organization. This transparency, enforced by repeated audits and reviews of the processes and the settings are key to a good user acceptance.
In summary, the integration of SASE with UEM solutions on mobile work devices offers a robust framework for secure connectivity and endpoint management, while also addressing the critical need for privacy in dual-use device scenarios.
Want to know more?
Frank Harenberg, Founder & CEO
Frank is a results-oriented technology leader with over 20 years of experience in designing, implementing, and managing complex IT solutions. Frank has worked as Product Manager, Architect and Consultant in the domain of Information Protection, Workplace Management and is an Expert in the domain of Endpoint Management.
Frank is a Swiss national with a BA in Business Information Technology.
The founder of aexpert L.L.C, Frank has led multiple initiatives in creating security products for business customers all over the world. Creating visionary concepts for new services using modern technologies such as Blockchain / Web3 and AI is what Frank thrives for.