Secure Access Service Edge (SASE) is an integrated platform provided by Alibaba Cloud for enterprises to ensure office security.
SASE delivers security capabilities to the edge based on the nation-wide edge nodes of Alibaba Cloud, leased lines, and the zero trust security model. For enterprises that run multiple branches or stores and enterprises whose employees need to work remotely or from different locations, SASE provides zero trust-based remote access, audit of behavior in internal networks, data loss prevention, and network access control.
When SASE is integrated with cloud computing services, such as cloud server services, cloud database services, and cloud storage services, the Transport Layer Security (TLS) protocol and the Alibaba Cloud-developed protocol are used together to ensure the security of data transmission. In data storage and processing scenarios, the RC4 encryption algorithm is used to provide comprehensive protection for data.
After an enterprise deploys SASE, the administrators of the enterprise need to only configure related features and policies in the SASE console. Then, SASE delivers the configured policies to the SASE client. After the employees of the enterprise install the SASE client on their devices and enable protection-related features, the enterprise can use SASE to control access of the employees.
Feature overview
The following sections describe the core features of SASE to help you gain an overview of SASE.
Private access
The private access feature supports Software as a Service (SaaS)-based zero trust access by adopting the software-defined perimeter (SDP) approach. The feature allows you to manage access permissions of employees without the need to expose public IP addresses or reconstruct your existing network architecture. The feature is suitable for the following scenarios:
Network access control in office zones
The feature supports 802.1x-based network access control by using certificates. You do not need to enter usernames or passwords or import certificates. You need to only install the SASE client to ensure secure access. The SASE client not only provides higher security and convenience in office network access, but also supports dumb terminals and whitelist terminals with account-password authentication. This allows devices such as printers and Internet of Things (IoT) devices to access your office network, facilitating network access control.
Zero trust network access
The feature uses an Alibaba Cloud-developed, HTTPS-based communications protocol and implements dynamic identity authentication. This way, access control based on the principle of least privilege becomes available from devices to devices over TCP and from devices to applications over HTTP and HTTPS. Compared with the traditional VPN access methods, the private access feature supports quicker access, more efficient O&M, more convenient deployment, and higher system security.
Global office
The feature is suitable for scenarios in which employees outside the Chinese mainland need to access services in and outside the Chinese mainland.
Internet access
The Internet access feature uses an efficient file analysis engine in the cloud, which does not consume the computing resources of terminals. The feature can audit and store sensitive data that is transferred outbound from terminals and generate alerts for the outbound transfers. The outbound transfer methods include portable storage devices, instant messaging (IM) tools, emails, transfer over HTTP, transfer over FTP, printing, burning, and cloud storage services. The feature can identify more than 100 types of files and is built in with more than 60 sensitive information dictionaries, facilitating office data protection.
Monitor outbound file transfers to ensure data security
The feature adopts the cloud data loss prevention (DLP) strategy to provide a lightweight solution for office data detection within enterprises. This allows the enterprises to monitor outbound transfer of sensitive data in real time and control data leak risks.
Manage peripherals to ensure data security
The feature allows enterprises to manage the data access permissions of the peripherals used by their employees and helps the enterprises identify outbound transfer of sensitive files.
Manage watermarks to ensure data security
The feature allows enterprises to enable screen watermarking and print watermarking for their employees. This helps the enterprises prevent significant business loss and protect office data.
Log analysis
The log audit feature helps you audit network traffic in real time and provides the basis for you to handle unusual traffic.
The log analysis feature allows you to collect web access logs and protection logs from SASE and store the logs. Then, you can query and analyze the logs, view charts, and configure alerts in Alibaba Cloud Simple Log Service. This allows you to focus only on log analysis without the need to perform trivial log query and aggregation tasks.
Editions
SASE supports only the subscription billing method. You can refer to the following table to select a SASE edition based on your business requirements. For more information about billing such as billing rules and billable items of SASE, see Billing overview.
Edition | Description |
Private Access VPN | Private Access VPN of SASE supports zero trust VPNs to allow users to access cloud or on-premises applications within an enterprise. This edition is suitable for enterprises that have less than 100 employees and require an office bandwidth of less than or equal to 10 Mbit/s. |
Private Access Basic Edition | Private Access Basic Edition of SASE supports zero trust VPNs to allow users to access cloud or on-premises applications within an enterprise. This edition is suitable for enterprises that have more than 100 employees and purchase office bandwidth resources based on business requirements. |
Private Access Advanced Edition | Private Access Advanced Edition of SASE supports zero trust VPNs to allow users to access cloud or on-premises applications within an enterprise. The edition also supports the network access control and global office features. |
Internet Access DLP Edition | Internet Access DLP Edition uses the cloud data loss prevention (DLP) architecture to allow enterprises to identify, monitor, and protect office data in real time. |
Free trial
If you are a first-time user of SASE, you can apply for a seven-day free trial on the application page. During the seven-day free trial, each Alibaba Cloud account is provided an account quota of 100.
Contact us
If pre-sales issues occur when you purchase SASE, submit a ticket to contact SASE technical support. The issues include features, prices, and edition selection.