Why SASE and Zero Trust could be the perfect combination for remote work
In Association with
The shift to remote work has dramatically changed network security architecture best practices. Companies are moving away from perimeter-based security approaches that use virtual private networks (VPNs), and instead are adopting more comprehensive security policies that consider the distributed nature of work today.
Zero Trust security solution providers, such as Perimeter 81, deliver this versatile security model through several approaches. Secure Access Service Edge (SASE) and Zero Trust networks are two of the most talked-about technologies for evolving network security to meet the challenges of remote work.
In this article, we consider what each of these principles brings to the table and why they are not mutually exclusive.
What is Zero Trust?
Zero Trust is a security philosophy that states users and devices shouldn’t be implicitly trusted.
In network architectures, this is most prominent in how users and devices are not automatically granted access to resources based on their network location. This differs from older network security architectures that give access to devices connected to the same network.
When remote users connect to a company network through a VPN, they’re usually given broad access rights to everything on the network. This is a significant security risk that becomes more problematic as the number of remote workers rises.
The Zero Trust model removes network-focused access control and replaces it with powerful authentication and authorization software. Administrators can implement rules for the applications each set of users can access, which will be enforced no matter where the user is located.
Data, services, and workflows are protected by software-defined micro-segmentation, instead of rigid network segmentation.
Security policy in a Zero Trust architecture includes strict user authentication based on context. Factors such as user identity, location, and the service required are all taken into account when access is requested.
Zero Trust architecture follows a never trust, always verify maxim, immediately blocking all inappropriate access. To facilitate this, Zero Trust architectures require high visibility and control over network traffic. It must monitor traffic sent through all parts of the environment.
Although implementing Zero Trust in an organization requires some effort, ultimately, taking a Zero Trust approach simplifies network structures and offers a great deal of flexibility in how users can work and how you deploy your applications.
What is SASE?
SASE is an approach to network security that aims to solve the security challenges of remote work and applications hosted on the cloud. Developed by Gartner, SASE is a comprehensive approach to security in the modern era, with several important networking and network security services rolled into a single integrated solution.
A SASE solution includes a firewall as a service (FWaaS), data loss prevention (DLP), Zero Trust Network Access (ZTNA), secure web gateways, and a cloud access security broker (CASB).
SASE is essentially all business networking and security in one platform—an ambitious idea. By blending all these services into a single cloud solution, SASE is a wide-reaching security architecture that can manage the security of data centers, departmental branches, cloud resources, third-party apps, mobile devices, and more.
For companies struggling with all the security challenges brought about by remote or hybrid work, choosing a SASE solution that promises to handle everything is an appealing option.
SASE providers can deliver cloud security solutions with application-level security because Zero Trust is at the heart of SASE. Users and devices are constantly checked for authentication and authorization, and users and applications can be located worldwide with tighter security.
Zero Trust is part of SASE
SASE is a broader, higher-level design philosophy than Zero Trust, as it brings nearly all security processes into a single system. SASE can do this because it works from a Zero Trust standpoint.
SASE solutions include ZTNA. They are not competing security models. SASE and Zero Trust are pieces of the same puzzle, and network security teams can harness both to deliver a robust global security infrastructure.
SASE is designed to minimize network complexity and re-engineer current networks to reflect the increased use of cloud architecture. ZTNA focuses on permissions and access management that brings security closer to users and applications—a key goal of SASE. Therefore, ZTNA works very well as part of a SASE solution.
Moving to a SASE architecture is no small undertaking for a company and should typically be considered a long-term goal. Implementing Zero Trust networks can be regarded as a short-term interim goal for a company looking to modernize its security infrastructure.
Companies can decide if the SASE approach is for them and evolve their network security stacks towards the SASE model by replacing outdated systems one by one. This both necessitates a Zero Trust approach and enables it.
Conclusion
Zero Trust and SASE are two essential security philosophies in modern network security. Zero Trust is a principle that no user or device should be implicitly trusted. Most importantly, it does away with the idea that a device should be trusted simply because it’s connected to a particular network.
SASE is a fully-integrated cloud architecture model that brings Software as a Service (SaaS), secure web gateways, FWaaS, and cloud access security brokers under one system. It’s designed as a complete comprehensive security solution for large companies facing the challenges of remote work and cloud infrastructure.
SASE uses a ZTNA model as its basis, so SASE solutions are Zero Trust in nature. The two shouldn’t be considered mutually exclusive.
For more information on SASE, we’ve put together a guide on the types of SASE and the future of SASE. We’ve also discussed how to secure your network with Zero Trust and the differences between using ZTNA and VPNs.
