How Zero Trust and SASE Can Work Together
Zero Trust is a security strategy that completely eliminates the concept of trust from a network and requires content inspection before granting access to a company’s network and data. Forrester Research, a leading industry research firm, says that a Zero Trust solution must:
- Ensure all resources can be securely accessed, regardless of their location
- Leverage a least-privileged access strategy and strictly enforce access control
- Inspect and log all traffic
As organizations adopt the cloud, the way they apply security needs to adapt. Zero Trust Network Access (ZTNA) is a model that emphasizes adherence to the principles of Zero Trust for applications, wherever they may be, including the cloud.
Cloud and Mobility Challenges
Today, applications, data and users are everywhere – in data centers, in the cloud, in multiple software-as-a-service (SaaS) apps, on mobile devices and so on. Consequently, companies struggle to gain complete visibility into their applications and data, let alone control and manage who has access to those assets.
Many companies have tried to overcome these issues by using multiple point products, such as secure web gateways, firewalls and remote access VPNs. However, with applications moving to the cloud, the traffic no longer needs to go through a VPN, which creates a paradox because proxies and secure web gateways cannot tunnel traffic to private applications. As a result, organizations have been looking for an alternative to remote access VPN that can accommodate both cloud and data center applications.
In light of these requirements, ZTNA has led to the development of software-defined perimeter point products that complement proxies. These address private application access use cases, but they also drive up the number of deployed point products. Some also bypass the enforcement of security policies because they circumvent the inspection normally applied to internet-bound traffic.
Benefits of SASE and Zero Trust Network Access
Gartner, a leading research and advisory firm, has identified a security model called secure access service edge (SASE; pronounced “sassy”). This model combines networking and network security services, such as ZTNA, cloud access security broker (CASB), firewall as a service (FWaaS), data loss protection (DLP) and more, into a single comprehensive, integrated solution that supports all traffic, applications and users. The model also allows companies to rapidly authenticate users, identify and mitigate potential security threats, and fully inspect content. SASE means organizations do not have to stand up separate infrastructure to address both internet and private applications, as was once the case with conventional proxy- and software-defined perimeter products.
In other words, by combining SASE and Zero Trust principles, companies can achieve ZTNA with a single solution to consistently apply and enforce security policies across their entire network.
Benefits of this approach include:
- Stronger network security
- Streamlined network management
- Significantly reduced costs associated with deploying security at scale
- A single, holistic view of the entire network
Learn more about what a complete SASE platform entails in our 10 Tenets of an Effective SASE Solution e-book.
More Zero Trust and SASE Articles:
- Cyberpedia: What is SASE?
- Web resource: Prisma Access
- Blog post: It’s Time to Get SASE: The Next Chapter in Network Security
- Web resource: Secure Mobile Access