Close

New AI Research From CDW

See how IT leaders are tackling AI opportunities and challenges.

Click Here to Read the Report
Jul 24 2025
Security

Agencies Improve Their Cloud Security Footing With Secure Access Service Edge

SASE solutions consolidate and optimize government IT applications while saving money, experts say.
Adam Stone
by

Adam Stone writes on technology trends from Annapolis, Md., with a focus on government IT, military and first-responder technologies.

As the IT landscape continues its dramatic evolution, security and access strategies must change too.

Agencies have turned to secure access service edge, or SASE, to deliver that needed level of support. Solutions such as those from VMware VeloCloud, Zscaler, Palo Alto Networks and Netskope combine networking and security services into a single, cloud-delivered platform.

“SASE allows us to prioritize outcomes, leverage scalability and enhance security measures,” says Pete Kasperowicz, press secretary at the Veterans Administration. “As a result, we can proactively address emerging threats, provide a seamless user experience and simplify the management of traditional infrastructure complexities.”

With SASE, the VA can empower workers to be more effective in their jobs, at a time when efficiency is a top priority in government. “We can offer employees a better user experience and better performance while reducing latency, without sacrificing compliance or visibility,” Kasperowicz says.

Click the banner below to start implementing smarter security.

x_security_q325_animated_click_desktop_03 x_security_q325_animated_click_mobile_03

 

SASE solutions manage authentication and authorization to grant users access, and a cloud-based infrastructure makes this readily scalable. Combining these elements into a single platform reduces the complexity of cloud security while also saving money, experts say.

“SASE promises a unified security architecture that seamlessly implements zero-trust principles across geographically dispersed operations,” says IEEE Senior Member Kayne McGladrey.

“The framework’s cloud-native design could optimize performance for federal workers regardless of location, eliminating the need to route traffic through centralized data centers,” he says.

Beyond these advantages, McGladrey points to potential budget benefits. “This approach might reduce infrastructure costs by shifting from capital-intensive on-premises solutions to more flexible cloud services — an important consideration as federal budgets continue to tighten,” he says.

El Punto

 

Consolidate Networking and Security for Ease of Management

The Veterans Administration uses Netskope for SASE cloud-based security. SASE helps VA meet the demands of a zero-trust framework more quickly and efficiently. A consolidated approach to both networking and security offers greater manageability, delivering improved security with less human effort.

“It allows for centralized policy with real-time threat and data protection, shifting from legacy practices that introduce multiple layers of risk and drive up cost in our cloud and on-prem environment,” Kasperowicz says.

READ MORE: Agencies must secure identities as social engineering attacks increase.

He suggests that IT leaders should also be prepared to tackle potential cultural sticking points: “Like many federal organizations, we also struggle with the mindset that all user and application traffic should be routed back through on-premises for authentication, inspection and visibility. As a result, there is organizational hindrance to adopting distributed identity, cloud-based security controls and modern access policies.”

In terms of security outcomes, “SASE could enable more consistent policy enforcement across complex multidepartment environments if implemented effectively,” McGladrey says.

Pete Kasperowicz

 

A Unified Architecture Leads to Cost Savings

Other agencies have looked to seize on these advantages. The Federal Communications Commission, for example, replaced its Trusted Internet Connections program with a more seamless, secure and less expensive solution from Zscaler.

At FCC, Zscaler provides trusted, controlled and monitored connections to applications, and improves user experience by replacing VPNs. The solution further allows zero-trust access control of applications and services.

FCC has seen cost benefits from SASE as well. By unplugging other, more expensive security tools, the agency achieved cost savings of 70%, according to a case study.

Agencies looking to adopt SASE may need to address certain technical issues. Kasperowicz, for example, points to “the persistent reliance on legacy network models, such as IPSec tunnels, and other technologies that do not provide the visibility and context required for zero trust.”

Click the banner below for the latest federal IT and cybersecurity insights.

ft_newsletter_animated_q125_signup_desktop ft_newsletter_animated_q125_signup_mobile

 

It helps here to understand the relationship between SASE and software-defined WAN.

“We used to install systems in server rooms or in data centers. Now we set them up in the cloud — web servers, database servers, AI. Even the network infrastructure is now controlled up in the cloud,” says James Stanger, chief technology evangelist at CompTIA.

In this environment, zero trust requires constant networking monitoring, “but you can’t have constant monitoring unless you have networks that you can control in a very centralized way, where you can focus on identity,” he says.

“SD-WAN sits on top of existing wide area network infrastructure, and it basically says, we don’t care about the hardware and the software anymore. We decouple it,” Stanger says. “It offers centralized control and multiple transport options.”

In this regard, he says, “SD-WAN is a core component of SASE. It’s the underlying technology. You can’t have SASE unless you first implement SD-WAN.”

DISCOVER: Observability platforms are more than just tools for government.

‘Paying for Itself’

At the Department of Justice, systems are packed with personally identifiable information, and department employees “may transmit information about non-DOJ users via this system, such as during civil or criminal litigation,” a DOJ privacy impact statement reports.

That PII “includes DOJ user contact information, email messages … instant messages, and audit log information,” DOJ notes, adding that information “is transmitted to and from the system through Zscaler.”

In a recent Zscaler public sector conference, DOJ CISO Vu Nguyen said SASE supports the agency’s ongoing march toward zero-trust security architectures, and it will likely end up paying for itself.

“It shifts our security model from a reactive mentality to a more proactive one with continuous monitoring verification, because zero trust helps us to detect the suspicious activity as it’s happening,” Nguyen said. “And on top of that, it helps us to contain it and respond to it before it can cause significant damage.”

Along with the security benefits, he pointed to the opportunity to sharply reduce the cost of any cyberattacks on the agency’s networks.

Under the SASE Umbrella

Secure access secure edge converges network and security as a service into a single package. SASE capabilities include:

SASE enforces zero-trust security principles whether workers are remote or on-premises.

Jim Frazier/Theispot

More On

Related Articles