Christian M. 6 min read

Secure Access Service Edge (SASE) for businesses

Switching to remote work isn’t as simple as installing a business VPN and logging in from anywhere. While this might work for small teams using basic apps, it’s too slow and insecure for established businesses with sensitive data.

Enter Secure Access Service Edge (SASE), a network solution built for complex cloud applications and secure remote access. This article explains SASE, who it’s for, how it works, and offers tips on finding the right UK provider to meet your needs. Here’s what we cover:


What is SASE?

Secure Access Service Edge (SASE) is a network architecture that combines multiple security and networking technologies into a single, customised, cloud-based solution.

It is designed to suit contemporary working arrangements involving remote connections and heavy use of cloud-based apps. It moves away from traditional network designs, which are suitable until employees start working from home or entirely remotely.

SASE makes it easy for employees to safely log into business networks and applications from anywhere in the world without VPNs or slower performance than in the office.

The key components of SASE

To achieve the promise of high-performance, super secure remote work, SASE combines the following technologies:

  • SD-WAN: Optimises local or remote connections by routing traffic through the best available path, enhancing speed and reliability.
  • Zero Trust Network Access (ZTNA): Allows employees to securely log in from anywhere, inside or outside the office, without relying on VPNs, by verifying each user’s identity instead of their devices.
  • Secure Web Gateway (SWG): Protects users by blocking access to dangerous websites and harmful content, ensuring safe browsing from any location.
  • Cloud Access Security Broker (CASB): Controls and secures access to cloud apps, both locally and remotely, preventing data leaks and enforcing security policies.
  • Firewall as a Service (FWaaS): Provides cloud-based firewall protection, securing data and blocking unauthorised access regardless of user location.

SASE vs traditional architecture

To better understand SASE, let’s compare it to traditional network architecture from an employee’s perspective:

Employee ActionTraditional ArchitectureWith SASE
Accessing applications remotelyRequires VPN login, often slow and unreliable.Seamless login through Zero Trust, no VPN needed, with faster, more secure access.
Connecting to cloud appsLaggy connections due to centralised data centre routing (a longer journey!)Direct and optimised routing courtesy of SD-WAN.
Browsing the internetLocal firewall protection; potential exposure to threats when offsite.Secure Web Gateway (SWG) blocks dangerous sites and content, protecting users anywhere.
Using personal devices for workOften unsupported, with security risks and access issues.Zero Trust policies allow safe access from any approved device, securing personal and work devices alike.
Accessing sensitive dataRestricted or delayed access from outside the office.Cloud Access Security Broker (CASB) provides secure, compliant access to sensitive data from any location.
Moving between work locationsNetwork access varies by location, with potential disruptions.Consistent, high-speed network access via SD-WAN, no matter where the employee is.

Who is SASE for?

SASE architecture is not for small marketing agencies that use cloud applications like Google Docs, Sheets, and Canva. In these cases, a traditional firewall, VPNs, strong passwords and multi-factor authentication offer sufficient remote security and usability.

SASE is for specialised, cloud-heavy businesses with multiple branches, a distributed workforce and important cybersecurity compliance requirements.  It’s for engineering consultants who rely on cloud-based project management software, logistics operators who handle complex supply chain management software, and global tax advisors who handle sensitive client data from their tax-efficient locality.

Here are a few other examples and why SASE is suitable for them:

BusinessesSASE SuitabilityExamples
Remote workforceProvides secure, reliable access to critical applications across locations, beyond simple office tools.Sales teams accessing Salesforce; Support teams handling sensitive customer data
Multiple branchesCentralised, cloud-based security ensures seamless, protected access for multiple office locations with high data needs.Regional offices with ERP systems like SAP; Multinationals with extensive internal data sharing
Cloud-dependent organisationsEnsures optimised, secure access to advanced cloud applications integral to operations, such as infrastructure and analytics platforms.SaaS providers using AWS or GCP; E-commerce platforms using Tableau

Who SASE isn’t for

Most businesses don’t need SASE as it’s complex and expensive. Besides the obvious village newsagent and local cafe that certainly don’t need any complex IT infrastructure, these businesses would find SASE overkill:

Business TypeWhy SASE Isn’t Necessary
Single-location call centresCentralised operations mean traditional firewalls and VPNs can adequately handle security and access needs.
Boutique marketing agenciesTypically use simpler tools like Google Workspace or Dropbox, which can be secured without full SASE architecture.
Mid-sized retailers with a few branchesLimited cloud dependency; traditional network security and POS-specific protections are generally sufficient.

How does SASE work?

To best understand SASE’s benefits, let’s examine a hypothetical case:

A UK-based renewable energy consultancy with 120 employees across Europe faced challenges with remote access, slow cloud application performance, and growing cybersecurity threats.

Before SASE, the company relied on a traditional VPN and basic firewalls (like everyone else before the COVID pandemic) for remote access. This significantly slowed down workflows due to slow, burdensome access and left gaps in cybersecurity during remote working.

The consultancy transformed its network into an agile, secure, and cost-effective system by implementing SASE through a UK provider.

With SD-WAN, they saw immediate improvements in network speed, allowing remote employees to connect to cloud applications more reliably from smaller satellite offices or even a hotel’s Guest WiFi.

Transitioning from a VPN to a Zero Trust approach added an extra security layer, verifying each user’s identity before granting access. This reduced the risks of unauthorised access, becoming an issue as they shifted to a hybrid workforce alternating between office and remote work.

The Secure Web Gateway provided additional protection, blocking harmful websites and keeping employees safe from cyber threats without extra hardware.

Altogether, SASE strengthened the company’s essential cybersecurity, made its network more efficient, and reduced IT costs, allowing the business to focus on its core mission of sustainable energy.


SASE providers

Implementing SASE in your business is a significant IT endeavour. It’s not plug-and-play or something the average IT team can implement. It requires careful planning and customisation to suit a business’s network needs.

So, unless your in-house IT team is stellar and well-resourced, you will likely need the expertise of Managed Service Providers (MSPs) to design and implement your SASE.

UK Managed Service Providers (MSPs)

Over 11,000 IT service providers in the UK offer their network infrastructure services. However, only a handful have the resources and expertise to implement and manage SASE, including:

Choosing a SASE MSP

We recommend working with a reputable Managed Service Provider with industry experience and a Service Level Agreement (SLA) that makes them accountable. Here are the four main pointers when comparing:

  • Industry-specific experience: Prioritise MSPs with direct experience in your industry for a better fit with compliance and security needs. Seek client references with similar challenges to see how the MSP performs in real scenarios.
  • Migration plan & timeline: Request a detailed implementation plan and timeline to assess their readiness and expertise. Ensure they have a roadmap for continuous improvement to keep your network up-to-date with evolving threats.
  • Integration capabilities: Verify compatibility with your current tools (e.g., Microsoft 365, AWS) and ask for examples of past integrations.
  • SLAs: Look for measurable guarantees for accountability, like response times and uptime.

How is SASE implemented?

A SASE implementation can take several weeks to a few months, depending on the scale and complexity of the network and the cybersecurity requirements.

Here is an overview of the different steps your IT team and your chosen MSP will follow in a typical SASE implementation:

  1. Assess business needs: Identify network requirements, security gaps, cloud dependencies, and compliance needs.
  2. Choose a SASE provider: Select a Managed Service Provider (MSP) that offers the required SASE components, such as SD-WAN, Zero Trust, and Secure Web Gateway.
  3. Plan the network transition: Develop a phased rollout plan to transition from legacy systems, minimising disruptions to operations.
  4. Deploy SD-WAN: Implement SD-WAN to enhance connectivity, speed, and network reliability across locations.
  5. Integrate Zero Trust security: Configure Zero Trust policies to verify each user and device before granting access, ensuring secure connections.
  6. Set up a secure web gateway (SWG) and CASB: Add a Secure Web Gateway to filter web traffic and a Cloud Access Security Broker (CASB) to secure cloud application access.
  7. Test and optimise the system: Run tests to monitor network performance and security, making necessary adjustments.
  8. Provide ongoing monitoring and support: Ensure continuous monitoring, updates, and support to maintain optimal security and network efficiency.

Can SASE integrate with existing network infrastructures?

Yes, SASE can work alongside existing networks, allowing a phased transition. Many solutions support hybrid setups, combining legacy systems with SASE components as needed. However, a significant overhaul is needed and even preferred in some cases.

Are there any challenges to implementing SASE?

Implementation can be complex, involving integration with legacy systems, user training, and initial costs. Vendor compatibility and configuration also require careful planning.

How does SASE impact compliance with data privacy regulations?

SASE enhances compliance by securing access and monitoring data across cloud applications, supporting standards like GDPR and PCI DSS through tools like CASB and Zero Trust.

Talk to a Networking Specialist

Related