Today, there is a significant emphasis on transforming modern-day enterprise security to a Zero Trust model. The traditional approach to securing enterprise networks focused on securing the networks from outside threats while entities inside the network were trusted. This trust boundary was enforced, but now it has become more impractical due to a variety of factors.
One of these factors is that applications are currently located in hybrid environments, including cloud, which is causing it to become increasingly difficult to define trust boundaries. Nowadays, trust boundaries would need to include internet and VPN hops, whereas previously they only required data centers or corporate LAN. Secondly, due to the rise of malware and phishing attacks, enterprise users may be victims of attacks when they access public resources, such as SaaS applications or the internet. Additionally, with employees being located in home offices more than ever, they need proper access to corporate resources to be productive and achieve business goals. Lastly, another factor is employee misuse of company resources.
As a result, the Zero Trust model has now gained prominence and acceptance among Industry experts and security users alike. The key concept of Zero Trust Network Access (ZTNA) is that no entity is allowed access to the network without first being authenticated to do so. Essentially, trust boundaries no longer exist and security is implemented on a per-device, per-application basis and nothing is trusted implicitly.
While ZTNA, as described above, solves the problem of securing the access to the network – there still remains the problem of figuring out how to enforce security policies consistently to enterprise users and where to enforce it from. In addition, the application traffic on which policies are being applied must be secured on the network until it reaches the enforcement point. These are the driving forces behind the SASE architecture.
SASE provides secure access to services at the edge of the network. A particular point to note is that these services are located in the SASE cloud due to the pervasive presence of public clouds. In total, a SASE solution comprises the edge – typically an SDWAN deployment with next-gen firewall capabilities and the SASE cloud – the public cloud which delivers the security services to users.
The SASE Cloud is a broad umbrella of security services provided to the enterprise to fulfill their security needs and is based on the Zero Trust approach. Some of these services include: a secure web gateway, which can act as a proxy for enterprise users, to access the internet, a cloud-delivered firewall, a cloud access security broker (CASB) for security policy enforcement in cloud environments, remote browser isolation to prevent web-based attacks, and threat intelligence and sandboxing of applications before they are put into production. SASE clouds
typically use microservices architecture to isolate one customer’s data from the other and to ensure that the security of the whole system is never compromised.
The main benefit of SASE is that network security, application security, and endpoint security, which have all traditionally been siloed in their implementation and administration, are now integrated into a cloud-delivered solution accessible from anywhere for any workload from any device. This opens endless possibilities for enterprises while allowing them to keep security as the cornerstone of their IT strategy.
About Krishna Kunapuli
Krishna is a Network Solutions Architect and early enthusiast of software-defined networks. He has more than 15 years of consulting experience in designing and implementing IP networks with execution around the globe, including some landmark projects. He specializes in designing large networks with a high degree of programmability and self-service.