Zero trust

Three reasons why security teams should start a modern SSE network security journey with zero-trust-network access

Zero Trust

In recent research by CyberSecurity Insiders, 67% of businesses plan to start implementing their secure access service edge (SASE) strategy with security service edge (SSE) versus WAN edge services. In fact, 39% viewed SSE as the most important part of a zero-trust strategy.

The survey found Zero Trust Network Access (ZTNA) as the first logical step in this journey, with 47% of companies planning to start their SSE journey with ZTNA.

Having spent the better part of two years talking to analysts, operators, and experts, here are the three reasons why businesses choose to start with ZTNA versus WAN edge services because the WAN products are:

  • Not aligned with zero-trust principles. COVID dictated that the future of work was hybrid. Workers would access enterprise resources from anywhere, on secure and insecure networks, and on personal devices. It also exposed existing approaches, like VPNs, as hard to scale, involving time-consuming hardware and network upgrades. From a security perspective, VPNs are not in-line with zero-trust architectures or attitudes. VPNs bring all users onto the network to access critical resources. Once there, they have little visibility and or control if a user has malicious intent. In a remote world, VPNs have been exposed as being out of touch with current needs. Virtual desktop infrastructure (VDI) does not solve the issue either, bringing users onto the network. Poking holes in firewalls to allow access to VDI environments doesn’t make sense when it comes to protecting the network from threat actors and malware.
  • Operationally challenging and expensive. When the pandemic hit even the largest, most sophisticated organizations had problems scaling their VPN and VDI infrastructure. For example, Cisco, who knows a great deal about networks, had to ration VPN access for 100,000 users during the early days of the work-from-home transition. Think of what a typical organization experienced.
  • Offer a poor user experience. Pre-pandemic, when VPNs were used less frequently, users learned to live with the challenges VPNs presented. Checking email in the evening, or doing some work over the weekend was a minor inconvenience. When work went remote, these minor inconveniences began to impact user productivity and adoption and weren’t so minor anymore.

The case for SSE 

SSE platforms are a modern alternative to traditional network security technologies. Attempting to embrace a zero-trust architecture with traditional network and security technologies has proven impossible because of their implied trust, and reliance on network connectivity.

SSE architecture combines identity, policy, and context to connect users to crucial applications securely. This reduces the overall attack surface, minimizes over-privileged access, and helps prevent threats like ransomware, insider threats, acquiring a breach through M&A, and third-party users.

By extending secure connectivity out to the user's location through cloud services users no longer have access to the corporate network, applications, and IT infrastructure no longer gets exposed.

Organizations are also challenged by visibility. It’s critical to understand what users are accessing across all business applications, either private or publicly owned, from any device, and any location. This requires inspection at scale. Attempting to control access across thousands of users, and dozens of security point products, with separate UIs for applications, agents, and user experience, has become impossible for IT security leaders and makes it easier for threat actors to exploit networks.

Companies shouldn’t need a separate UI for their private applications, SaaS applications, and endpoints. SSE offers a single interface to manage access to all applications, view activity, and set up an agent or agentless policies. Integrations with IDP and endpoint security solutions allow for information sharing across platforms. If the identity or device health changes are detected, the SSE platform access policies automatically adapt.

SSE solutions are cloud-based, helping IT avoid renewing contracts and licenses for disparate network security services like VPN, VDI, firewalls, or secure web gateway appliances. In some cases, SSE services charge based on a per-user, per-year, subscription. This makes it easy for IT to prevent expenditures while avoiding issues with high bandwidth costs, or management of appliances.

The shift towards SASE and SSE has been driven by the need for modern and scalable security products that align with the principles of zero-trust architecture. Businesses now prioritize ZTNA over WAN edge services because of operational challenges, poor user experience, and lack of alignment with zero-trust principles.

SSE platforms offer a modern alternative to traditional network security technologies, combining identity, policy, and context to continuously connect users to crucial applications securely while reducing the overall attack surface and minimizing over-privileged access. Businesses must adopt modern security products like SSE to prevent threat actors from exploiting inevitable code vulnerabilities and stay ahead of the evolving threat landscape.

Jaye Tillson, director of strategy, Axis Security

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.