Contact Us

SASE Series, Part 1: SD-WAN’s New “SASE” ("Sassy") Friend


Over the last several years, across all industries and types of enterprises, there has been a titanic shift away from traditional data centers to the cloud. As the workforce becomes more mobile and employees need access to a growing list of resources on the network, legacy security architectures simply aren’t equipped to safeguard against threats. That’s because the old approach involved securing physical locations or access points along the network—an entirely insufficient option when there are seemingly endless numbers of devices and users needing secure network and cloud access. A better solution is a security fabric that brokers identity-based control and context.

Enter SASE (pronounced “sassy”) the acronym for Secure Access Service Edge.

SASE is a relatively new concept promoted by Gartner that “combines network security functions with WAN capabilities to support the dynamic secure access needs of organizations.” As Gartner explains, SASE can transform enterprise networking and security and “provide a holistic, agile, and adaptable service to the digital business.”


Now, imagine marrying SASE’s improved security architecture with the benefits of a Software-defined Wide Area Network (SD-WAN). To a Managed Service Provider (MSP) like Hughes, the potential of SD-WAN paired with SASE is an exciting prospect.

There are a few different ways in which SASE and an SD-WAN solution work better together. The first is by ensuring that security envelopes the network, expanding network protection to cover any access or endpoint. This secures each device and user rather than just points along the network itself.

Another way is by facilitating the network through a “cloud-native” environment—one which supports all apps, but especially those that are built in, run from, and reside in the cloud. Having the cloud as a host adds both flexibility and the type of robust security processing (and updating) required by networks today. Combining this with a secure SD-WAN network that successfully deploys the latest firewall, intrusion detection, and virus/ransomware alert technologies provides increased control to augment the access and resource controls offered by SASE.

SASE essentially combines the mobile, cloud, and site access capabilities into a single service; reducing network threats from remote employees and meeting the needs of the enterprise. Together, SASE and an SD-WAN solution provide the reliably secure connectivity and service level assurance that applications, devices, and users expect.

Looking Ahead

Experienced providers—especially one like Hughes that is both an MSP and a Managed Security Service Providers (MSSPs)—are proficient at delivering security to the edge in a distributed world, as well as to tens of thousands of SD-WAN sites. Such providers not only possess the skills and expertise but are also familiar with the challenges and best practices of integrating the two. They are also adept at scaling their offerings to suit enterprise networks.

For the typical enterprise, however, orchestrating and delivering a SASE fabric may prove to be a resource-intensive and complex exercise, since it likely requires agents to be deployed and managed at legacy or thick endpoints (another capability that the MSP/MSSP have implemented for years).

While SASE is still an emerging service, Hughes is positioned to begin thinking about and planning to pair SASE with Managed SD-WAN. As the SASE fabric takes shape and policy enforcement tightens, Hughes will be able to apply our deep knowledge of network complexity, performance optimization, application assurance, and end-to-end security, to develop a solution that will use Managed SD-WAN to power SASE connections to the cloud. That alone will ensure that enterprises don’t need to turn to different vendors to find a solution.

In Part 2 of our series, we’ll look more closely at how SASE secures the network.