How VPNs Work with SASE

Digital transformation has changed the way we work. The shift to the cloud, remote work, and BYOD (bring your own device) are just a few of the changes in enterprise computing. But with greater digitization comes the risk of greater threats.

As cyberattacks increase by leaps and bounds, businesses are looking for a way to counter the threats. For example, technologies such as VPNs (virtual private networks) encrypt corporate data and allow it to pass securely, allowing remote workers to access the corporate data center securely.

Although VPN technology is well established, it remains popular as ever. Indeed, many companies increased their VPN capabilities during the COVID-19 pandemic to meet the demands of their remote workforce.

Yet, while VPN adoption increased, instances of VPN breaches were not uncommon either. This is why SASE (Secure Access Service Edge), a relatively new cybersecurity model, has also found many takers during the health crisis.

Whether or not SASE replaces VPNs – or if there is a possibility for the two to co-exist – remains to be seen. Let’s take a look at these two technologies.

See also: Best cloud networking solutions

What is a VPN?

A VPN is a private and safe way to send data over the Internet without fear of it being intercepted along the way. When a remote employee accesses corporate data over the public internet, there is a risk of sensitive data being unwittingly exposed to threat actors.

VPNs create an encrypted tunnel between a company’s network and an employee’s device, so that the data passing through it remains secure. Once the encrypted data travels through the tunnel and reaches the organization’s endpoint, it is decrypted with the correct decryption keys.

Features of a VPN

Encryption capabilities

One of the main purposes of a VPN is to block unauthorized attempts by third parties and prevent them from gaining access to personal and restricted information. information. VPNs accomplish this by encryption, where the data is converted to ciphertext. Encrypted data is only accessible to authorized users and can only be read when decrypted with the correct decryption keys.

Split tunneling

Split tunneling is a process that allows you select which apps to route over the VPN and which to send over the LAN. Split tunneling is a great method to save bandwidth and prevent network outages.

No-logging policy

A no-logs policy means VPNs don’t store any information that goes through their network. This ensures that private information remains safe.


A kill switch is a feature of a VPN connection which automatically ends your activity when you lose contact with your VPN connection. It prevents unauthorized users from accessing your confidential data when VPN services are down.

See also: 7 business networking challenges


Traditionally, applications were deployed in a single data center, with employees accessing company servers through a virtual private network. The system works well up to a point. However, legacy VPNs start to give way when you add complex computing environments and diverse geographies.

The move to the cloud and the growing adoption of cloud services is doing just that. Add to that more attacks on the network than ever before – after all, more endpoints means a larger attack surface – and you have a situation where current security technologies are clearly failing to meet the challenges facing faced by modern businesses.

What is needed is a platform-independent solution, accessible from anywhere, and adapts well to agile operations. From a cybersecurity approach, SASE fits the bill perfectly.

Michael Cadetsenior global technologist at Veeamexplain this with an example.

“With a VPN, we would need a VPN connection from A (user laptop) to B (Central DC/Authentication), which would then route traffic to C (cloud-based network storage sharing example)” , Cade said. “The data would potentially spend a lot of time in transit this way, and B will manage bandwidth and possibly security overhead.

“With a SASE solution, you’ll probably still be able to authenticate to B, but the data will come directly from C to A through a broker. This means your data isn’t in transit for as long. This will reduce bandwidth requirements at B. Overall it’s safer and probably faster for the end user accessing the data.

See also: Top Business Networking Companies

What is SASE?

SASE is a cloud-based service model that combines network security features, such as Secure Web Gateway (SWG), Firewall as a Service (FWaaS), Cloud Access Security Broker ( CASB) and Zero Trust Network Access (ZTNA), and Wide Area Network (WAN) functionality in a single console. This console allows devices and users to connect securely to the company server, wherever they are.

“It’s an approach to secure connections using multiple cloud platforms. So rather than just connecting to a server, it’s a network perimeter,” said Volodymyr Shchegelvice president of engineering at “SASE is an improvement over VPNs…because of this perimeter, which allows users to securely access the cloud with less congestion and delays.

“In the age of remote working, this is essential, as the prohibitive cost of large-scale VPNs is not an option for most large enterprises. Cloud-based solutions are more scalable when many users need to access a network at varying distances from the workplace. »

With SASE, the data is treated just at the periphery, where the user is. So, a company does not need to maintain a dedicated VPN. Instead, their employees can simply Connect to a ZTNA-based SASE solution with granular capabilities and access networks securely.

See also: Best IoT platforms for device management

Major Components of SASE


A software-defined wide area network (SD-WAN) is an overlay network that separates the networking services from the underlying hardware, eliminating the complexities associated with traditional WAN management. Along with simplified WAN management, other benefits include improved network performance, lower costs, and the ability to support high bandwidth requirements.

Firewall as a service

FWaaS is a cloud-native next-generation firewall (NGFW) service that uses advanced techniques such as Intrusion Prevention System (IPS) web filtering and Domain Name System (DNS) security to enhance threat prevention.

Secure Web Gateway

A GTS is a web security product that acts as a gatekeeper between a company and a user. Using technologies such as URL filtering, sandboxing, data loss prevention (DLP), and Secure Sockets Layer (SSL) inspection, it provides complete visibility into network traffic and helps thwart malicious attacks. When used in a SASE platform, SWGs filter malicious traffic and protect users from accessing suspicious websites.

Cloud Access Security Broker

CASB is one of the essential pillars of a threat prevention strategy. It is a security application that identifies risky applications in the cloud and helps organizations define data protection policies.

Zero Trust Network Access

The zero-trust policy operates on the principle of least privilege, which means that all users are only granted minimal rights. In this framework, users are verified and approved before accessing an application. By continuously monitoring users and devices, ZTNA limits the radius of a data breach.

Benefits of SASE

  • SASE supports users regardless of location.
  • It removes return traffic, thereby reducing transport costs. In the process, it also reduces latency.
  • SASE works in all types of computing environments.
  • IT teams have complete visibility into operations.
  • It applies ZTNA which securely connects employees to office networks.

Does this mean the end of VPNs?

According to Shchegel, “The ‘SASE as a VPN replacement’ narrative applies primarily to server-based VPNs that most organizations have been using until now. This also assumes that all organizations can fully migrate to the cloud at once, but in reality most organizations will need some sort of hybrid of SASE and VPN (either as a service or on-premises ) until they can fully migrate to the cloud.

Although SASE is being rolled out at a rapid pace, many IT and security teams are difficult to implement it in their organization. VPNs are still one of the main methods of provide secure access to distributed workforces. Going forward, it looks like both technologies will stick around and cater to their respective audiences.

“VPN is not going away; it’s still a solid use case for the work that needs to be done. But as we know, environments are no longer within the four walls of the data center,” Cade said. “We have services here, there and everywhere that our users need to access.

“A VPN will get you to a central location and services, but the security is kind of washed out at this point, which is where SASE comes in, potentially again, depending on the use case and the nature of the service. ‘company.”

See also: Top Zero Trust Networking Solutions

Comments are closed.