SASE and Zero Trust Are a Perfect Match

As more and more organizations are shifting their resources and applications to the cloud, we are seeing how edge computing is changing networks. These organizations must enforce policies on their employees to access the networks and resources that are now in the cloud or on-premises.

Additionally, employees are working remotely more than ever and their employers are seeing more applications and cloud services being consumed outside the traditional workplace.

With the move to a remote workforce, the outdated hardware we once depended on is creating more issues by the day. The traditional network security architectures and solutions that pinned data to the headquarters of most organizations are a thing of the past. The challenge is that these organizations now need to provide their data and services no matter where their employees are located. 

Today, companies are adopting a more user-centric approach, which will provide a flexible network model for the remote workforce and cloud resources and services that must be accessible for employees worldwide. This new model is forcing organizations to implement edge networks, connecting users to networks closer to their location and thus providing a more agile and secure access model to their organizations’ networks.   

To protect these networks, organizations typically shop around in the cybersecurity and network security solutions space, which is highly segmented offering an endless amount of different solutions from many vendors. Instead of simplifying the consumption of cybersecurity, these services are complicating what should be a smooth transition for integrating solutions in an organization’s network environment.

The entire security space needs to join forces and offer a holistic approach to cybersecurity, and this is where the idea of Secure Access Service Edge or SASE comes in.

New Kid on the Block

Secure Access Service Edge (SASE), pronounced “sassy,” is a new cloud-based network security model that was coined by research firm Gartner. It combines the different functions of network and security solutions into a unified cloud platform to be delivered as a service without any or very few hardware and appliances required. The key solutions in a SASE platform are ZTNA, SDWAN, CASB, FWaaS, and others.

This unified platform will help organizations by simplifying secure access to critical resources and networks. The more streamlined model allows IT security teams to easily connect and secure all of their organization’s networks and users in an agile, cost-effective, and scalable way.

Gartner also suggests that SASE offerings will offer policy-based “software-defined” secure access with more agile and flexible networking where security and IT professionals of organizations will be able to customize the level of security, performance, reliability, and cost of every network session based on the identity of each user and prioritization of access needed. 

SASE enables the consumption of integrated secure network security services that promote digital transformation, edge computing, mobile workforces, and identity and access management. Further to more advanced security and networking, key benefits include IT productivity, cost reduction, efficiency, and flexibility to adopt new business services. Additionally, SASE enables organizations to update their security solutions against new threats and establish policies more quickly to adopt new security capabilities.

For organizations looking to adopt the SASE model for their network security, it’s important to implement a solution that hinges on the Zero Trust approach. 

Zero Trust is a Process, Not a Product

Zero Trust (ZT) is a security approach that is based on the idea that organizations should verify anything and everything before granting access to network or cloud resources. They must also keep an eye on users within their borders at all times, and be able to get a warning when (and where) exposure is imminent.

This Zero Trust model to secure network access services allows for the delivery of high-security, enterprise-wide network services virtually, and on a subscription basis for small and mid-market to large enterprises.
“Companies cannot afford to trust internal network traffic as legitimate, nor can they trust employees and partners to always be well-meaning and careful with systems and data.

To manage the complexities of their environment without constraining their digital transformation ambitions, many companies are moving toward a Zero Trust (ZT) security model — a more identity- and data-centric approach based on network segmentation, data obfuscation, security analytics, and automation that never assumes trust,” states analyst firm Forrester Research. 

When implementing a Zero Trust security architecture, IT managers must isolate resources within their IT infrastructure using micro-segmentation. By dividing network resources at a granular level, organizations tune security settings to different types of traffic and create policies that limit network and application flows to only those that are explicitly permitted. This network micro-segmentation approach allows security teams the flexibility to apply the right level of protection to a given workload based on sensitivity and value to the business.

Today’s digital businesses need security technology partners that offer a range of easy-to-use and integrated capabilities, improve their network visibility, and support the ZT model. The modern enterprise places a high value on partner solutions that can apply security controls across environments uniformly and quickly. These features allow them to modify security policies and access as business needs change.

This is where the SASE comes into play with a Zero Trust mindset. 

Zero Trust in a SASE World

Given that the Zero Trust network access model is geared around data access controls and visibility to organizations’ corporate resources, it’s easy to understand why Zero Trust and the SASE model are a perfect match. The two core elements of every SASE platform are its CASB (Cloud Access Security Broker) and the ZTNA (Zero Trust Network Access) solutions. 

By implementing both CASB and Zero Trust, organizations can control their users’ activity and access based on preassigned rules created by the IT team and fully monitor their employees’ access to the different networking resources. But restricting user access to specific cloud resources based on each user or team of users isn’t the only feature that makes Zero Trust so attractive for organizations looking to implement the SASE model. The importance of complete network visibility is also a deciding factor.

As organizations implement SASE platforms with a Zero Trust model that has CASB, ZTNA, and Layer7 (the application layer), IT managers have full control and visibility of user’s access throughout their organization’s networks and applications.

Additionally,  any organization’s Zero Trust solution should be easily able to easily integrate with their current IAM – for example Azure AD, Okta, and MFA.

The number of agents required on a device will be reduced with SASE compliant solutions such as Zero Trust Network Access to a single agent or device with streamlined access policies that do not require user interaction while at the same time providing a consistent access experience regardless of the location or resource requested.

By providing Zero Trust protection of user sessions seamlessly and consistently on and off the enterprise network, SASE solutions will offer end-to-end encryption as well as web application and API protection (WAAP) services. Using Zero Trust Network Access, SASE platforms will also extend protection to endpoint devices for public Wi-Fi network protection to protect remote workers.

This dual-sided approach is crucial as endpoints pile up and expand their reach into organizational networks from afar.

There is No SASE Without Zero Trust 

As we are seeing a massive shift for organizations of all sizes moving to a more modern user-centric model, where the cloud and mobile are the center of attention, we need to adopt an approach that helps them enable better and more flexible security. The model we’ve been waiting for is here and it now has a name: SASE.  

This new approach will allow organizations to easily control their security and connectivity all under one platform. However, we must not forget that the Zero Trust model is a cornerstone of SASE and in a way, is a reason it can be defined as “unified”. Implementing Zero Trust alone is a strategy that gets companies most of the way there, in terms of security, but as this approach is delivered as a service alongside other functions, SASE begins to materialize.

In the future, instead of thinking that Zero Trust and SASE are each a stand-alone offer, they will both reinforce each other to provide a revolutionary offering.