SASE brings together networking and security functions that have traditionally been delivered as separate products. These services extend secure access not only to users, devices, and applications, but also to branch and campus locations. On the networking side, SASE includes software-defined wide area networking (SD-WAN). On the security side, SASE includes at a minimum secure web gateway (SWG), cloud access security broker (CASB), firewall-as-a-service (FWaaS), and zero trust network access (ZTNA). Many security providers deliver functionality beyond that core. These services are delivered from the cloud and applied at distributed enforcement points close to users and applications.
Gartner introduced the SASE category in 2019 to describe the convergence of wide-area networking and network security functions into a primarily cloud-delivered model for dynamic secure access. SASE is a key architecture that organizations use to operationalize the zero trust principles described in NIST Special Publication 800-207, which calls for verifying every user, device, and request rather than trusting based on network location.