What is SASE?
SASE (pronounced "sassy" / Secure Access Service Edge) is an approach that delivers networking and security functions together as a single cloud-based service. It was proposed in 2019 by the research firm Gartner. Now that cloud services and remote work have become the norm, it has become an essential concept when rethinking a company's IT environment. This article organizes everything from the basic idea to the major products, the pros and cons of adoption, and a typical rollout path for small and mid-sized businesses.
Why SASE became necessary
Traditional corporate networks were built around the idea of defending the boundary between "inside" and "outside." If you were inside, you were safe; from outside, you connected via VPN.
In recent years, however, several shifts have taken place.
- ✓The spread of cloud services. Business data and applications moved from in-house servers to the cloud, such as Microsoft 365.
- ✓More diverse work locations. Working from outside the office — from home, on the road, or at satellite offices — has become far more common.
- ✓The limits of VPN. As more users connect, communication slows down, and routing everything back through the office creates waste.
As the things that need protecting moved outside the office, defending the boundary alone could no longer keep up. This gave rise to the idea of placing networking and security together in the cloud and applying the same controls no matter where access comes from. That is SASE.
The core idea of SASE
- ✓Users can access resources under the same security standards wherever they are.
- ✓Traffic is inspected in the cloud instead of being routed back through the office, so it is fast.
- ✓Decisions are based on who, on which device, is accessing what.
- ✓Multiple security products can be operated as a single service.
The key point is that SASE is not a single product name but a framework that combines several functions. The security-only part of SASE is sometimes referred to as SSE (Security Service Edge).
The main components of SASE
SASE is broadly made up of four functions. Each can be used on its own, but combining them achieves a state where people can work securely from anywhere. Detailed explanations of each function will be added over time.
SWG (Secure Web Gateway)
Inspects access to websites and blocks connections to dangerous sites or sites unnecessary for work. It keeps web use safe even from outside the office.
CASB (Cloud Access Security Broker)
Provides visibility into which employees are using which cloud services, and controls the use of unauthorized services and the leakage of data.
ZTNA (Zero Trust Network Access)
Rather than assuming "you are safe because you are on the internal network," it verifies the user for each application every time before granting access. It is drawing attention as an approach that replaces VPN.
FWaaS (Firewall as a Service)
Delivers the firewall (the mechanism that controls inbound and outbound traffic) as a cloud service. It can be managed centrally without placing hardware at each site.
Major SASE / SSE products
Below are some of the leading vendors that provide SASE. Each has different strengths and origins. They should not be ranked uniformly; it is important to choose based on the fit with your own environment (existing products, number of sites, and cloud services in use).
Microsoft
(Entra Suite / Global Secure Access)
Its greatest strength is integration with Microsoft 365 and Entra ID. For companies already using M365, it is easy to build alongside identity and device management (Intune) and threat protection (Defender), helping to keep additional learning costs low.
Official site ↗Zscaler
A major SASE/SSE specialist. With a cloud-native design, it has extensive experience in large-scale, global deployments and with companies that have many sites and users.
Official site ↗Palo Alto Networks
(Prisma Access)
Delivers the advanced threat prevention cultivated in its next-generation firewalls from the cloud. Suited to mid-sized to large companies with strict security requirements.
Official site ↗Netskope
Grew from CASB (visibility and control over cloud use). Strong in fine-grained SaaS control and data protection (DLP).
Official site ↗Cloudflare
(Cloudflare One)
Leverages a high-speed global network. Relatively simple and easy to keep costs down, making it easy to adopt even for small and mid-sized companies.
Official site ↗Cato Networks
Integrates inter-site networking (SD-WAN) and security from the ground up. Well suited to companies with multiple sites that want to rethink their network as a whole.
Official site ↗Cisco
(Secure Access)
High affinity for companies already using existing Cisco products such as Cisco Umbrella.
Official site ↗Fortinet
(FortiSASE)
Pairs well with companies that have already deployed FortiGate firewalls, making it easy to extend while leveraging existing assets.
Official site ↗* Product names and features are general information as of 2026. Please check each vendor's official site for the latest specifications and pricing.
Benefits of adoption
- ✓Centralized security management. Move from a patchwork of separate products to a single, unified mechanism.
- ✓Consistent policy regardless of location. The same standards apply in the office, at home, and on the road.
- ✓No VPN and faster communication. Because inspection happens directly in the cloud, the waste of routing back through the office is reduced.
- ✓Lower operational burden. Management consoles are unified, making policy changes easier to apply.
- ✓Gradual adoption is possible. There is no need to replace everything at once.
- ✓Improved visibility. You can see who, on which device, is accessing what.
Drawbacks and considerations
- !Running costs. Billing is mainly per user per month, so the burden varies with scale.
- !Migration and initial design effort. Switching from an existing environment requires planning and validation.
- !Dependence on internet connectivity. Line quality and outages can readily affect operations.
- !Vendor lock-in concerns. Once embedded, switching can be costly in some cases.
- !The need for operational skills. Know-how in policy design and exception handling is required.
- !Sorting out overlap with existing products. You need to clarify the division of roles with security products you already have.
A typical rollout path for small and mid-sized businesses
SASE does not have to be introduced all at once. For many small and mid-sized businesses, the realistic approach is to build on the environment already in use and proceed in stages, starting with the highest-priority areas. Here is a typical flow organized into six steps.
How SASE relates to Zero Trust
A term often discussed alongside SASE is "Zero Trust." Zero Trust is a security philosophy of "trust nothing, always verify."
It becomes easier to understand if you think of SASE as the concrete realization of this Zero Trust philosophy in the form of networking and security mechanisms. The philosophy is "Zero Trust," and one of the means of achieving it is "SASE."
Our approach
Many small and mid-sized businesses are already using Microsoft 365. In that case, Microsoft solutions that can be built together with Entra ID, Intune, and Defender become a realistic option that helps keep additional investment and learning costs low.
On the other hand, when there are many sites or you want to rethink the network as a whole, a different approach may be more suitable. Rather than starting from a specific product, we begin by organizing your current state and challenges and propose a form that fits your company.
Frequently Asked Questions
- QWhat is SASE?
It is a concept (framework) that delivers networking and security functions together as a single cloud-based service. It was proposed in 2019 by the research firm Gartner. It is not a single product name but a framework that combines multiple functions. - QHow does SASE differ from SSE and Zero Trust?
SSE is the term for the security portion of SASE. Zero Trust is a design philosophy of "trust nothing, always verify," and SASE is the framework that realizes that philosophy in the cloud, including networking. - QWhat are the main components of SASE?
It is made up mainly of four functions: SWG (web access control), CASB (visibility and control over cloud use), ZTNA (per-application access control), and FWaaS (cloud-based firewall). - QCan small and mid-sized businesses adopt SASE too?
Yes. Because it is cloud-based and requires no hardware at each site, it can be adopted in stages. A realistic first step is to understand your current network and how it is being used. - QWhat are the pros and cons of adoption?
The benefits are that you can apply the same security standards regardless of location and operate multiple security functions in a unified way. The drawbacks are the monthly running costs and the certain level of skill required for the initial design and operation.
Considering adopting SASE?
Starting from challenges such as "VPN is slow," "remote-work security feels uncertain," or "cloud use is increasing," we support organizing your needs based on the SASE approach. It is perfectly fine even if you are at the stage of not knowing where to begin.
Contact us