本研究探討如何利用軟體定義廣域網路(SD-WAN)與防火牆整合架構,結合零信任網路存取(ZTNA)技術,來建構安全存取服務邊緣架構(SASE)。已知目前金融業網路環境面臨的問題包括:中心化和專線依賴的網路架構,導致網路的調整和擴展費時又昂貴;而傳統的邊界安全防護難以應對日益複雜的網路環境,如遠端服務存取和雲端應用的支持等。本研究目標在模擬個案公司環境下,實作SASE架構,並針對市場上常見的SASE解決方案進行功能探討,以探究實際導入時的議題及需求。研究發現,SASE架構能夠有效整合SD-WAN和ZTNA等新技術,通過將各種網路和安全功能集成到一個統一平台,SASE確保只有經過授權的用戶和設備才能訪問特定的應用程序和數據,提高了企業的安全態勢,同時簡化了網路管理,降低運營成本。本研究提供了一個實施SASE的參考範例,證明了SASE架構在金融機構數字化轉型中的適用性和實施效益。研究建議企業在未來的網路規劃和擴展中,應將SD-WAN和SASE技術作為數位轉型的重要一環;同時,企業還需要充分了解自身對網路和安全的需求,並在導入新架構時謹慎評估,以避免影響關鍵業務運行。;This study explores how to utilize Software-Defined Wide Area Networking (SD-WAN) integrated with firewall architecture and combined with Zero Trust Network Access (ZTNA) technology to construct a Secure Access Service Edge (SASE) framework. The financial industry′s current network environment faces several challenges, including the centralized and leased line-dependent network architecture that makes network adjustments and expansions time-consuming and expensive. Traditional perimeter security measures are inadequate for the increasingly complex network environments, such as supporting remote access services and cloud applications. The objective of this study is to implement the SASE framework in a simulated environment of a case company and to investigate the functionalities of commonly available SASE solutions in the market, thereby exploring the issues and requirements during actual implementation. The findings indicate that the SASE framework can effectively integrate new technologies such as SD-WAN and ZTNA. By consolidating various network and security functions into a unified platform, SASE ensures that only authorized users and devices can access specific applications and data, enhancing the organization′s security posture while simplifying network management and reducing operational costs. This study provides a reference example for implementing SASE, demonstrating its applicability and benefits in the digital transformation of financial institutions. It recommends that organizations consider SD-WAN and SASE technologies as integral parts of their digital transformation strategies in future network planning and expansion. Additionally, organizations need to fully understand their network and security requirements and carefully evaluate the new architecture during implementation to avoid disrupting critical business operations.
