SASE, A Practical Guide to the Future of Secure Networking
SASE is one of the biggest shifts in enterprise networking and security — and it’s changing how the enterprise thinks about architecture, access, and risk.
If you’ve heard secure access service edge (SASE) come up in cloud or cybersecurity discussions but still want a clear, practical definition, you’re not alone. In this 8-minute episode of Staying Connected, Deb Boehling of LB3 joins Brent Knight and Tony Mangino of TC2 to define SASE, explain why it matters, and share how organizations are putting it into practice.
If you would like to learn more about our experience in this space, please visit our Information Technology Advisory Services and Technology Consulting and Strategy Development Services webpages.
Tony:
Hello, I’m Tony Mangino from TC2, and this is Staying Connected—where we talk about what really matters to enterprise buyers navigating today’s technology and sourcing decisions.
Today we’re diving into one of the biggest shifts in enterprise networking and security — Secure Access Service Edge, or as everyone calls it, SASE.
Now, if you’ve heard the term tossed around in cloud or cybersecurity meetings but aren’t sure what it actually means — you’re not alone. Over the next few minutes, we’ll break down what SASE is, why it matters, and how organizations are actually putting it into practice.
I’m joined today by Deb Boehling from LB3 , and Brent Knight from TC2.
Part 1 – What SASE Is
Tony:
Deb, let’s start with the concept itself. Tell me about the background of SASE and what it is.
Deb:
SASE — spelled S-A-S-E — is a term coined by Gartner back in 2019 to describe the convergence of networking and security services into a single, cloud-delivered framework.
Traditionally, companies have kept these functions separate:
- You have your wide area network — or WAN — connecting branch offices and data centers.
- And you have security tools — like firewalls, VPNs, or secure web gateways — sitting at the edge of your corporate network.
The problem is the modern enterprise doesn’t look like that anymore. Employees work from anywhere, applications live in the cloud, and data can come from dozens of places. Backhauling network traffic through a central data center only to apply security controls slows everything down — and frankly, it’s not secure enough for how business works today.
That’s where SASE comes in. Instead of forcing users to connect through one physical location, SASE delivers both connectivity and security directly from the cloud — wherever the user, the device, or the application happens to be.
Part 2 – The Core Components
Tony:
So Brent, what are the core components of SASE?
Brent:
Think of SASE as two major pillars coming together:
- SD-WAN, or Software-Defined Wide Area Networking — which intelligently routes traffic over the best available path, whether that’s MPLS, Internet (DIA or broadband), or wireless.
- Cloud-based Security Services, like secure web gateways, cloud access security brokers, firewalls-as-a-service, and zero trust network access — all delivered at the edge.
Together, these two pillars ensure that network performance stays fast and reliable while security stays consistent no matter where users connect from.
In practice, that means an employee accessing Salesforce from a café in London gets the same policy enforcement as a colleague working in the New York office — without routing their traffic through a single choke point.
This is a huge step forward from the old “castle and moat” security model. With SASE, the network edge isn’t a fixed line around your data center — it’s everywhere your users are.
Part 3 – Key Components of SASE
Tony:
Deb, Brent mentioned some key service components of a SASE solution that I’d like to get a quick lesson on: what they are and what they do – keep it high level for me.
Deb:
Sure Tony, as Brent mentioned SASE isn’t a single product — it’s a framework that blends several technologies working together. Let me touch on the four Cloud-based Security Services:
- SWG (Secure Web Gateway)
Think of it as your business’s web bodyguard — it keeps users safe from malware, phishing, and other threats when browsing the web, making sure everyone adheres to company web-use policies.
- CASB (Cloud Access Security Broker)
CASB enforces security rules between your users and the cloud apps they use. It’s what ensures sensitive data stays secure when employees access tools like Salesforce, Microsoft 365, or AWS.
- FWaaS (Firewall as a Service) and NGFW (Next-Generation Firewall)
Instead of physical boxes in a data center, firewall protection now runs in the cloud. These services block malicious traffic, filter content, and prevent intrusions, but without the complexity of managing physical devices across every site.
- ZTNA (Zero Trust Network Access)
This is a core part of SASE’s security philosophy: never trust, always verify. ZTNA means users only get access to the specific apps or data they need—nothing more. It treats every connection as untrusted until proven otherwise, reducing the risk of breaches and lateral movement inside a network.
Across all these components, the mission is the same: security that travels with your user, not stuck behind your data center firewalls.
Part 4 – Why It Matters for Business
Tony:
Brent, what makes SASE such a big deal for businesses?
Brent:
First, security consistency.
With a cloud-delivered architecture, you can apply one unified set of security rules across every connection — office, remote worker, or cloud app.
Second, simplicity.
Instead of managing multiple vendors and hardware appliances, IT teams can rely on a single platform and dashboard for both connectivity and protection.
Third, better user experience.
Since SASE uses the closest edge point to the user, it reduces latency and improves performance — which translates into fewer support tickets and happier employees.
And finally, scalability.
When your business opens a new branch or hires remote employees, SASE lets you roll out secure connectivity in hours, not weeks. No need to wait for physical installs or complicated VPN setups.
Part 5 – Real-World Adoption
Tony:
So how are companies actually using SASE today?
Deb:
Many start by replacing legacy VPNs with a Zero Trust Network Access model — verifying user identity and device posture before granting application access.
Others migrate their traditional firewalls and web gateways to cloud-based services from providers like Zscaler, Palo Alto Networks, Netskope, or Cisco, often layered on top of existing SD-WAN infrastructure.
We’re also seeing managed service providers bundle SASE into end-to-end offerings — making it accessible even for mid-sized enterprises that don’t have dedicated security teams.
Closing
Tony:
To bring this full circle, SASE represents not just another IT buzzword but a complete rethink of how businesses deliver security and networking in a cloud-first world. It’s also a big shift for enterprises used to decades of on-prem firewalls and data center centric MPLS networks.
At the end of the day, SASE isn’t just about securing your users or apps — it’s about business enablement, operational efficiency and network resiliency.
Deb and Brent, thanks for joining me today. And to our listeners, be sure to tune in to Staying Connected for upcoming episodes where we’ll take a deeper dive into SASE components including Secure Web Gateways, Cloud Access Service Brokers, Firewall as a Service and Zero Trust Network Access.
Lastly, if you would like to discuss SASE and digital transformation, or if you’d like to discuss other technology strategy, sourcing and cost reduction needs with Deb, Brent, me, or any of our LB3 and TC2 colleagues, please give us a call or shoot us an email.
You can also stay current by subscribing to Staying Connected, by checking out our websites, and by following us on LinkedIn.
