Secure Access Service Edge (SASE) converges network and security capabilities into a single cloud-delivered platform. SASE enforces security at the edge—close to users—rather than routing all traffic through a central data center for inspection. It applies consistent policies across branches, stores, and remote locations.
Zero trust security model
Traditional network access grants broad permissions after a user logs in. SASE applies the principle of least privilege instead: it verifies identity and context for each request before granting access, whether the connection is device-to-device or device-to-application. This per-request verification shrinks the attack surface of your assets by limiting what any single compromised account or device can reach.
SASE integrates with Security Assertion Markup Language (SAML) and System for Cross-Domain Identity Management (SCIM). This compatibility lets it fit into existing identity and directory infrastructure without requiring you to rebuild those systems. Internal network access is accelerated for branch employees, store staff, and remote workers, keeping productivity high regardless of location.
Centralized control of access security
SASE deeply integrates security capabilities with Software Defined Wide Area Network (SD-WAN) appliances and delivers them as a software as a service (SaaS) platform. Enterprises and their branches obtain centralized security control over mobile work and network access from a unified management plane.
Edge security
SASE delivers secure Internet access and private data protection through a nation-wide network of edge nodes. Branches, stores, headquarters, and remote or mobile workers all receive the same level of protection. Security is enforced at the edge, close to users, rather than routing traffic to a central inspection point.
Cloud-native security architecture
SASE integrates deeply with Alibaba Cloud infrastructures, enabling enterprises to scale security capacity automatically as their digital services grow. Comprehensive protection is applied at security boundaries across the environment, ensuring the security capacity of enterprises.