SASE and Zero Trust: A perfect Fit
The Future of enterprise network security requires modern technologies which would have been built to solve complex problems for tomorrow’s business. SASE as a modern technology strategy has gained traction in recent times, especially owing to its amalgamation of network and network security technologies into a formidable conception. The relation between SASE and Zero Trust Security is that of implicit dependence, with Zero Trust projects forming an indispensable part of a SASE strategy. This is why more light needs to be thrown on what SASE encompasses, and how the SASE- Zero Trust Combination can transform Zero Trust Security well and truly.
What is SASE?
Secure Access Service Edge, or SASE, as a technology concept, was introduced by leading market research and IT advisory firm Gartner in 2019. SASE has been described primarily as an enterprise networking technology that combines comprehensive WAN capabilities with network security-as-a-service, into a single, cloud native service. SASE (Secure access service edge) utilizes all combinations of networking and security solutions to deliver multiple capabilities of Software Defined WAN (SD WAN) Security, Secure Web Gateway (web proxy), Cloud Security Access Broker (CASB),Next Generations Firewalls (NGFW), Data Loss Prevention (DLP) and Zero Trust Network Access(ZTNA). SASE services provide secure access for any edge devices (Personal Computers, Servers, IoT Sensors, and Mobile) via any network that includes enterprise backbone or public internet to access resources available anywhere. Implementing SASE capabilities not only secures the organizational networks, but potentially also reduces complexity, leading IT teams to connect easily.
In essence, the Secure Access service model enables the organization to connect to a single secured network. While traditional networking environments employ different applications, which in turn are connected to different networks, Hence increasing the complexity manifold, a SASE model empowers security solutions by providing a more holistic and agile methodology for business networking and security.
Adoption of Network Security-as-a-service
SASE based services are predicted to make organizations adopt Network security as a service on a larger scale – thus allowing for the large scale adoption of solutions that are cloud native, dynamically scalable and globally accessible. According to Gartner “By 2024 - at least 40% of enterprises will have explicit strategies to adopt SASE, up from less than one percent at year end 2018”. With SASE, enterprises can get rid of data backhaul by reducing unnecessary load on MPLS and software defined networking across branch offices by splitting traffic. The components of SASE architecture require a combination of network and security services. This, in turn, eases operational management with a single source of truth for network and security configurations, less agents on end user systems, centralized reporting, and effective compliance adherence. This augments businesses to embrace the digital ecosystem, while reducing the costs and complexity associated with managing multiple technologies.
How Zero Trust fits in a SASE policy
A True Zero Trust Network Access approach performs a comprehensive inspection or authentication process of the identity of the user/device, and the context of an access request made by the user, while taking into account parameters like user profile, application profile, device, location, fingerprints. This process ensures that a zero trust, need to know policy is enforced when the session is granted access. Security technologies employing a Zero trust approach continuously monitor the behavior of transactions to identify unusual activity, and decide how to make it secure. Organizations must adopt key steps to implement zero trust security starting from defining vision and strategy to enhance the maturity. Zero Trust Network Access may well be defined to be an implicit functionality of SASE and security leaders considering it to expand their remote access and to adapt trust for application level access. Business continuity programs require flexible, reduced Opex solutions to allow the workforce to continue operations from anywhere, even from untrusted devices.
Implementing zero trust enables organizations to have a better control over access of its network, and more essentially, its critical resources. Because SASE puts identity at the core of data and application access, it goes on to create a securing bridge between access and service edge i.e. the cloud, networks etc. In other words, SASE controls access of all edges of the network by considering factors such as sites, mobile users, and cloud resources, and so on, with respect to Zero trust networking access principles. Thus, SASE and Zero Trust Network Access serve as a perfect fit to deliver secure business value.
An example of Zero Trust and SASE empowering organizational security
Providing secure access to contractors with BYOD program –
- Mr. Kapil is a training program consultant who accepts to provide training content development for Acme industries and requiring access to HR systems and SaaS applications.
- He works as a contractor, uses his own personal computer and mostly works from home. He performs multi tasks such as listening to Spotify music, navigate social media news feeds, using collaborative platforms such as MS teams, use cloud storage such as google drive, box, etc.
- Acme industry network security admin configures zero trust network access with SASE solution which provides unique identity enabled with multi-factor authentication and requires client application based access that provides fingerprint based on context such as device profile, location and risk factors.
- The SASE solution performs cloud firewall, SSL Inspection, malware analysis, Web DLP, User and behavior entity analytics for the session on the internet browsing traffic by the secure web gateway solutions.
- The Zero trust network access solution authenticates, performs application discovery and grant access based on request, enforce security policies to the transaction to prevent data loss and encrypt before they transit. It captures activity logs, continuously monitors and dynamically validates the transaction. It prevents unauthorized access to any other applications or gain access from any other device.
In essence, implementing a SASE strategy in conjunction with Zero trust security projects becomes a must to ensure rapid implementation of widespread secure connectivity across organisations.