SASE Definitions: Glossary of Secure Access Service Edge Terms

With a multitude of new terms and acronyms introduced every year, the business of Network Edge Security can get confusing. As a helpful resource, this glossary defines terms frequently used when discussing the latest solutions, including Secure Access Service Edge (SASE). You’ll also find links to related articles, videos and industry resources to provide additional context for understanding it all.

5 minute read time

SASE and its 5 components

Secure Access Service Edge (SASE)

An emerging “as a Service” network and security framework for enterprises that is meant to enable secure and reliable access to cloud-based assets. SASE is more than a single technology: It’s a layered, interwoven fabric of network and security technologies that work together to protect an organization’s data and systems from unwanted access.

Through its five components, including SD-WAN, FWaaS, SWG, ZTNA and CASB, SASE dynamically extends the edge of the private network right up to multiple clouds (such as AWS, Azure and Google Cloud Platform) and to popular SaaS applications. For end users, this provides a virtual on-ramp to those cloud providers’ services.

Software-Defined Wide-Area Networking (SD-WAN)

As the first of the 5 components of SASE, SD-WAN is the solid foundation that SASE is built upon. Intertwined with software intelligence that enables optimal WAN management.

SASE leverages SD-WAN capabilities to provide optimized application performance, network routing, global connectivity, WAN and Internet security, cloud acceleration and remote access. SD-WAN also provides an ideal platform to secure unified communications applications including voice, video and chat.

Firewall as a Service (FWaaS)

FWaaS is the second component of SASE, and is a new type of next-generation firewall that eliminates the appliance form factor, making network security capabilities such as URL filtering, Intrusion Prevention System (IPS), Next-Generation Anti-Malware (NGAM) and Managed Detection & Response (MDR) available everywhere.

Secure Web Gateway (SWG)

The third component of SASE is SWG, which are solutions that protect users against malware, phishing and other web-borne threats. SASE offers SWG protection to all users, at all locations and eliminates the need to maintain policies across multiple point solutions.

Zero Trust Network Access (ZTNA)

The fourth component of SASE is ZTNA, which offers a modern approach to securing application access for users replacing legacy VPN. It embraces a zero-trust policy, where application access dynamically adjusts based on user identity, location, device type and more.

Cloud Access Security Broker (CASB)

The fifth and final component of SASE is CASB, which helps enterprises adapt and protect against new threats that come with cloud computing like when connecting to IaaS and SaaS. CASB applies security policies as users access cloud-based resources to protect against cloud security risks, comply with data privacy regulations and enforce corporate security policies.

SASE-related definitions

Security Service Edge (SSE):

Known as the security layer of SASE, the SSE unifies all security services, including Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA), to secure access to web, cloud services and private applications.

SASE architecture:

SASE is made up of 5 key components. When engaged together on a single network, they are known as a SASE architecture that connects and secures any enterprise resource—physical, cloud and mobile—anywhere. The SASE architecture is marked by four main characteristics: It is identity-driven, cloud-native, supports all edges and is distributed globally.

SASE components:

SASE is more than a single technology. It is a layered, interwoven fabric of network and security technologies made up of 5 components that work together to protect an organization’s data and systems from unwanted access. The 5 components include SD-WAN, FWaaS, SWG, ZTNA and CASB.

SASE framework:

Originally defined by Gartner, SASE framework is a security framework prescribing the conversions of security and network connectivity technologies into a single cloud-delivered platform to enable secure and fast cloud transformation.

SASE network model:

Refers to the SASE framework as a method for enterprises to unify and protect their business network. It is often used interchangeably with SASE framework and SASE solution.

Network edge security:

Network edge infrastructure enables network connectivity from distributed enterprise locations to access resources in both private and public data centers as well as in the cloud (as a service). Various security methods are available to protect these WAN environments and the sensitive data they contain (see VPN).


Refers to a Virtual Private Network. As a WAN security best practice, most organizations require all users to connect to their WAN via VPN, which creates a secure tunnel that protects data and allows all traffic, voice or data to pass through a public WAN as if it were on a private circuit or local area network (LAN).

Remote access:

The ability to securely connect to a network from anywhere in the world. A SASE solution makes this task safer, faster and more secure than other methods.

Windstream Enterprise SASE terms

Fully converged SASE:

Instead of an integration of different, existing pieces of a network, it is a convergence of network and security functions into a single, cloud-delivered service model. Windstream Enterprise offers a fully converged SASE solution that’s easy to manage through the WE Connect portal anywhere, anytime.

Cloud-native SASE:

Cloud-native is a modern approach to building and running software applications that is flexible, scalable and resilient. Cloud-native encompasses the various tools and techniques used by software developers today to build applications for the public cloud, as opposed to traditional architectures suited to an on-premises data center. The Windstream Enterprise SASE solution is cloud-native and able to manage your multi-location business and distributed workforce from anywhere.

WE Connect:

The centralized management portal developed by Windstream Enterprise to manage your entire SASE network. It offers a single pane of glass, real-time view of network latency, packet loss and jitter by location, plus tools to customize reports. It’s also available anytime, anywhere, on any device. Better still, WE Connect comes in a mobile app that delivers all the functions of the desktop app.

SASE solution:

Refers to a complete, end-to-end network solution that includes the SASE framework. Can be used interchangeably with SASE network model.

The Windstream Enterprise difference

Windstream Enterprise is the first and only North American managed service provider to converge cloud-native network and security into a fully integrated SASE solution. This comprehensive architecture enables businesses to adapt to constantly shifting users, applications and work environments, while keeping all application and security policies synchronized with these changing endpoints—all from a single pane of glass.

Watch our SASE video to learn more.

Is your business ready to benefit from the advantages a SASE solution has to offer?Take the Windstream Enterprise SASE Assessment to identify how ready your organization is for change.

Return to top


  1. Andrew Lerner. “Say Hello to SASE (Secure Access Service Edge).” Gartner. Dec. 13, 2019.
  2. Nancy Liu. Palo Alto Networks: Ransomware Payments Hit Record Highs in 2021. SDXCentral. April 1, 2022.
  3. MacDonald, Neil, et al. “2021 Strategic Roadmap for SASE Convergence.” Gartner. March 25, 2021.