SASE: broad protection—virtually anywhere.

SASE is pronounced like "sassy," and it stands for Secure Access Service Edge. It is designed to safeguard data, devices, and applications in the face of new realities such as cloud services, public networks, remote/hybrid work, IoT, etc.—while helping businesses maintain uninterrupted network access for their employees, no matter where or how they work. SASE combines security services like CASB, Firewall-as-a-Service (FWAAS), and Zero Trust Network Access (ZTNA) with network management such as SD-WAN and delivers it as a single, integrated service. It can offer organizations flexibility, cost savings, threat prevention, data protection, reduced complexity, and better network and business performance.

T-SIMsecure builds simplicity and security into T-Mobile devices by using the T-Mobile SIM to authenticate users and authorize privileges. T-SIMsecure, automatically extends protection and access to devices and employees when on the T-Mobile network. It is ideal for devices that cannot load a client, such as IoT sensors, routers, and other connected devices. It is also ideal for workers in roles where using a client may be too cumbersome such as field services, frontline, or service employees—especially workers that share a device—and that work mostly on the T-Mobile network.

The SASE device client extends T-Mobile SASE protections to any device capable of loading a client and works on any Wi-Fi or cellular network, regardless of carrier. It also enables additional endpoint security and authentication checks.

Zero Trust Network Access (ZTNA) provides secure remote access based on zero trust security principles, and in particular, the principle of least-privileged access. Under zero trust, users and devices are, by default, not trusted. Instead, ZTNA allows each user access to specific applications on a case-by-case basis, authenticated through pre-defined, role-based controls and contextual data such as IP address, location, or even time—without exposing other network resources to risk. Least privileged access grants authentication based on credentials and context. Users get only the granular access they qualify for based on identity, device, and location. More secure than a VPN, ZTNA can help safeguard your IT network by providing only the specific permissions that the user has been explicitly granted, while it helps maintain flexible and responsive connections with your digital systems, branch locations, remote workers, and trusted partners.

Traditionally, IT organizations used VPNs, virtual private networks, to encrypt and safeguard internet connections between two networks or devices, usually to provide secure access to a distributed workforce. Researchers, and hackers, have discovered that there are several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices. Private Access with ZTNA offers a modern, more secure alternative to the traditional VPN by continuously checking user identity and by granting access only to limited access in the network vs access to the entire network.

ZTNA expands on the capabilities of a VPN and simultaneously resolves some inherent VPN vulnerabilities. In general, ZTNA offers more customizable, more specific—and more secure—authentication, simplifying users’ access to network resources. Put simply, ZTNA delivers application-based access that keeps users from seeing or using resources they shouldn’t. By switching from default trust to default verify, you can use ZTNA to ensure every request is authorized, no matter where it came from—and it’s easier to use than a VPN.

Security Slice uses the power of T-Mobile’s 5G standalone network to keep security data traffic separate from other data traffic.