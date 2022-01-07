BrandView

Recent years have brought relentless change in enterprise technology, especially when it comes to how and where business applications are deployed and used. Consider the application exodus from the corporate LAN to the cloud — whether infrastructure, applications, or software platforms. The departure has been stark. Further, while cloud computing changed where applications and data reside, mobile computing changed how productive staff and other users can be from anywhere.

These two changes — cloud and mobility — have been the crucial drivers of digital transformation as well as transforming how enterprises need to secure their users, data, applications, and networks.

It also means that data, users, and digital resources are no longer protected within the enterprise LAN or data center. Everything is scattered, and security needs to exist wherever users interact with systems and data.

That's where both secure access service edge (SASE) and zero trust come into the picture.

These two approaches to security bring security controls closer to the user and where they work. However, while demand for both SASE and zero trust are driven by the same trends, the two are different, and it's important to understand how they work together.

This was the subject of a recent episode of Appgate’s Zero Trust Thirty podcast, in which George Wilkes, the company’s VP of demand generation, moderated a discussion with Colby Dyess, Appgate’s director of product management, and Aaron Palermo, one of the company’s senior solutions architects.

The episode is available here. To supplement that, here’s a broader look at how the SASE/Zero Trust relationship works:

SASE explained

Secure Access Service Edge (or SASE) is a set of security technologies that work together to keep users and assets secure as they work. While there is some overlap with SASE and zero trust, when it comes to user and resource access and authorization, SASE solves a broader set of challenges.

SASE attempts to unify antimalware protection, cloud access security brokers, data loss prevention, firewalls, software-defined network capabilities and optimization, secure web gateways, zero-trust network access (or brokered access to resources), and more. With SASE, instead of each of these security functions being delivered in-house or by specific security vendors, they are delivered by a single cloud provider from an access point as close as possible to the user.

Experts largely agree that SASE was necessary because as enterprise technologies and workers become more dispersed, this created a lot of complexity as the technologies that needed to be managed expanded. Staff is no longer consistently working from their cubical and accessing resources from the LAN or data center.

Zero Trust explained

While SASE is a set of technologies, zero trust is essentially a security philosophy that requires devices, applications, and users not to be trusted until they are adequately vetted and prove they are who or what they claim to be and have the right to perform their requested actions. This means applications, users, and connected devices are never automatically trusted because they are on the corporate network or connected to a trusted place.

Zero trust assumes that user and the devices are dangerous and can’t be trusted just because they are logged into the network or using a typically trusted device. Zero trust sets out to make entities prove they are who, or what, they claim to be.

Zero trust helps enterprises better manage the complexities of access. Modern environments consist of a complex collection of cloud services and on-premises systems, IoT devices, and mobile computing devices.

In this challenging environment, legacy VPNs make little sense, and it's better for security and usability that the user or device's identity is continuously checked and that access to resources is based on the confidence of trust in users and devices.

Overlap

As you can see now, there is some overlap between SASE and zero trust. SASE relies on zero trust principles for access to resources, and while zero trust continuously makes certain that users, devices, and applications are who they purport to be, it doesn't fight malware or include web application firewall or data loss prevention capabilities. It is about establishing trust in the user or resource and the transactions they are trying to conduct.

Few doubt that effective zero trust and SASE approaches improve security, but just as important, zero trust can move where the users and transactions go because it focuses on the user, device, and application access. And since zero trust adapts much better to changes in the environment, it is far superior to point-to-point VPNs. Because it's delivered as a service, SASE can also quickly adapt to rapidly changing environments because one update from the SASE provider is instantly available to all the service edges.

Further, because SASE reduces the number of security vendors enterprises must manage and the number of security appliances and endpoint agents, it improves operational efficiency and should reduce costs.

Because SASE will optimize network performance, it can also improve user experience, especially when it comes to modern cloud-based collaboration suites and video calls.

As enterprise technology shifts to the cloud and is increasingly remote, security technologies needed to evolve to protect the users and enterprises within their new way of working. The growing popularity of zero trust and SASE is a clear demonstration of that evolution.