This topic describes the common scenarios of Secure Access Service Edge (SASE).
Remote work and mobile work
SASE provides security capabilities for edge nodes. Enterprises can deploy the SASE client to the office devices that are used for remote work and mobile work to enable secure access from the nearest node. The same security capabilities are provided for the employees within the enterprises regardless of whether the employees work from home, travel for business, or work at the headquarters.
Data loss prevention
SASE provides the data loss prevention (DLP) feature. SASE is equipped with the cloud-based sensitive file analysis engine of Alibaba Cloud. If a user transfers files outbound, SASE can audit, record, and generate an alert for the transfer. The transfer methods include instant messaging (IM) tools, emails, HTTP file transfer, FTP file transfer, mobile storage devices, printing, and burning. The DLP feature can identify more than 100 file formats and has more than 60 built-in dictionaries of sensitive information. The feature facilitates data protection at work.
Centralized security control for multiple branches and stores
SASE provides security capabilities for the edge based on the nation-wide edge nodes and leased lines of Alibaba Cloud. SASE provides the out-of-the-box security features for enterprises that run multiple branches or stores without requiring the enterprises to deploy complex hardware stacks. The enterprises can deploy Smart Access Gateway together with the SASE client or deploy only the SASE client to provide the same security capabilities for the branches, stores, and headquarters of the enterprises.
Network access control
SASE supports 802.1x-based network access control by using certificates, establishes comprehensive public key infrastructure (PKI) to manage the certificates, and provides automated services based on the client/server (C/S) architecture. Administrators and regular users do not need to generate or import network access files and certificates for each terminal. SASE also implements network access control based on both media access control (MAC) address and username-password information. This allows you to connect dumb terminals such as printers and Internet of Things (IoT) devices to your office network.
Behavior auditing
SASE supports real-time behavior auditing. Enterprises can use SASE to audit employee access to the Internet and internal services, and then visualize, check, and manage the behaviors of the employees. SASE can retain audit logs for six months, which meets the audit requirements of enterprises.