VMware SASE: Optimizing and Securing Cloud Connectivity

Tue 27 September 2022, telkomtelstra

As well as speeding up the digital transformation process, the Covid-19 pandemic over the last two years since 2020, has also changed employees’ ways of working. The term ‘work is no longer one place’ requires support access anytime, anywhere, so employees can work well, securely and uninterruptedly, to maintain productivity.

As observed by Nada Azura, Territory Account Manager at VMWare in the webinar entitled ‘Deliver High-Performance and Reliable Network Infrastructure with SD-WAN’, since 2020 the majority of employees have changed their work location. No more working from the office, employees are now used to working from home.

Recently even this has shifted to work from anywhere. This cannot be separated from the change in distributed work. This work from anywhere shift has meant that the majority of employees use their own laptop or infrastructure for work. This has been popularized with the phrase Bring Your Own Device (BYOD).

Previously in traditional enterprise operations, everything was centralized in a data center at head office. As a result, enterprise data center security was tight. However, after the digitalization era, this changed to become a distributed enterprise. Users require a certain treatment to be able to access any application from anywhere with any device.

The nature of this distributed work creates security challenges. A number of questions arise. For example: How can I ensure excellent network performance in remote locations? How can I provide unlimited access to increase productivity? How do I protect my data? How much can I trust the device I am using? How do I restore secure access? Can I support the personal device I am using? There are, of course, many other questions.

The next challenge is linked to the company’s IT network and infrastructure. This cannot be separated from the current condition where the majority of employees work remotely through a variety of devices. The increasing number of distance-working employees and the minimal network infrastructure have created an increased need for network excellence.

This condition has pushed businesses or organizations to require a solution which facilitates a smooth and secure working process for employees. Employees working from wherever, whenever, obviously increase the network traffic volume. As a result, traditional network solutions can no longer fulfil business needs, as device configuration is increasingly complex.

This issue can be managed with the implementation of a new virtual network model, such as SASE (Secure Access Service Edge), which technology can be scaled, flexible, and of course, secure. Many companies are now starting to utilize SASE as a cloud-native technology, which creates network security as its main function. Adopting SASE provides speed and security to overcome issues faced, as well as being a key to business sustainability in the mobile and cloud adoption era.

The term SASE was first triggered by Gartner in August 2019 in a report entitled ‘The Future of Network Security is in the Cloud’. In this report on SASE market trends, Gartner noted that ‘clients will demand simplicity, scalability, flexibility, low latency and pervasive security convergence which infiltrates from WAN Edge and the network security market.’

Gartner also predicts that in 2023, approximately 20 percent of companies will adopt solutions such as SWG, CASB, ZTNA, and FWaaS from the same vendor. Meanwhile, in 2024, at least 40 percent of companies will commence large-scale strategies to adopt SASE. Gartner states that SASE can now be accepted by vendors and end users, making the potential market greater than $3 billion.

In the same webinar, Joko Irawan Mumpuni, Technical Consultant at VTI explained that SASE is network architecture, comprising a combination of multiple networks and security technology, such as ZTNA (Zero Trust Network Access), CASB (Cloud Access Security Brokers), SWG (Secure Web Gateway), with functions which run on the cloud and are provided as a service.

As a result, the main aim of SASE architecture is to provide a smooth user experience, optimal connectivity, and comprehensive security, supporting dynamic and secure business digital access needs. SASE makes it possible for long distance systems and devices to access applications and resources smoothly, wherever and whenever, without returning traffic to traditional data centers or private networks to check security.

SASE is also known for its WAN-centered software defined security framework (SD-WAN) and Zero Trust security solution to cloud-based platforms, which connect users, systems, end points and long-distance networks to applications and resources securely.

SASE has four main characteristics. First, it is identity based. Access is given based on user and device identity. Secondly, it is cloud-based, with infrastructure and security solutions provided through the cloud. Thirdly, it supports all Edge, whether physical, digital and logistic Edge protection. Finally, it is globally distributed, so users remain secure, wherever they work.

Providing a Different Value

VMWware conducted an employee survey and obtained data showing that 61 percent of employees see remote working as the new working trend. Around 90 percent of these employees agreed that companies and organizations need to undertake remote working by providing access to digital tools according to their needs.

Application is not only in the data center, but also in the cloud and edge. This gives rise to network and security challenges for the distributed workforce. This is strengthened by the work shift, which has never previously happened, namely being able to work from wherever and whenever.

There are several challenges connected to inefficient cloud/SaaS access, where traditional network architecture to access branches and long-distances is not efficient for multi-cloud hybrid and SaaS, namely:

  • (unreliable or inconsistent application delivery to end user desktop, with limited analytic ability).
  • e (operational complexity and support from separate network and security solutions increases cost and delays problem resolution).


Given these problems, an organization will experience sub-optimal employee experiences, fragmented security and excessively complex operations. This will obstruct companies and organizations from promoting employment engagement and also productivity.

VMware SASE users are able to provide a different value, because this technology is an architecture which combines cloud networking and cloud security. Reasons companies should use VMware SASE include: this technology is globally acknowledged as a cloud platform, single-pass security for performance, integrated management which facilitates operations, and finally, cloud native, open and extensible platform. Additionally, VMware SASE is used so a company or organization remains competitive, because this technology is capable of providing network security procedures for security infrastructure.

Of course, VMWare SASE is able to optimize and secure connectivity through the cloud. This VMWare SASE is a single architecture platform which combines network and security in the cloud as a solution, providing SASE POP, which allows users to access applications and a cloud data center from anywhere. This operates as a solution which brings them closer to user locations and closer to the optimal route between users and the application they are using.

These components are joined as a device management pledge. Unique to this VMWare SASE and Partner Points of Presence (POPs) is that there are more than 150, located around the world. Meanwhile, SASE components, including SD-WAN, simplify the area network and ensure critical business optimal applications and more run smoothly. Then there is Secure Access, which is a solution to replace VPN features, and Zero Trust Access principles, which ensure remote infrastructure can be consistently accessed.

Cloud Web security is next gen security, which provides protection from threats for users accessing SaaS applications, with visibility features, control and regulation. VMWare Intelligent Network is a pro-active intelligent solution, which ensures users obtain information and analytics from information collected by SASE.

SD-WAN is a solution which can simplify WAN management and operations by separating hardware networks from the control mechanism. This provides options to connect branch offices to headquarters. Several features of SD-WAN provide flexibility in choice of area network, such as Broadband, NPLS and LTE.

SD-WAN also ensures that applications can operate and have the best performance availability, while reducing network cost. SD-WAN is the primary solution from SASE. In other words, a company or organization using SASE, not only benefits from security and more flexible access, but they get all the benefits of SD-WAN solutions. SASE will combine network capability and security on a large scale, while increasing cloud user and data security.