SASE vs zero trust – or the best of both worlds
As the new year unfolds and companies initiate their plans and execution for ‘the new normal', a topic of discussion from a past customer advisory meeting has become much more critical:
What is the relationship between zero trust and secure access service edge (SASE)?
Is one more relevant as security teams begin preparing for either a return to the office or an increasingly distributed environment?
In fact, they are not mutually exclusive. They look to help security teams who find that their footprint has expanded beyond control. Many of their users control or own the device; traffic doesn't traverse their own infrastructure and trusting users by default becomes insufficient.
In this context, zero trust and SASE work together by converging a least-privilege access strategy with an architecture that simplifies how highly distributed users, BYOD, and cloud resources are secured.
As a simple litmus test, consider the following use case from a security team.
As their environment started becoming increasingly distributed (e.g. applications moving to the cloud, increasing direct-to-cloud traffic, unexpected remote workforce, BYOD), they looked to overcome the expanding surface area with multiple point products that enforced zero trust and least-privilege access control policies. These included secure web gateways, CASBs, firewalls and VPNs, to name a few of the tens of functional capabilities.
Not only did they struggle with the swivel-chair management experience that grew more pronounced as additional technology was required, and more nooks and crannies presented themselves across the infrastructure, but legacy components like VPNs violated zero trust tenets and proceeded to create bottlenecks in performance.
Unintentionally, the attempt to adhere to zero trust constructs drove up the number of deployed point products and created unforeseen gaps.
SASE balances and reinforces that approach by maintaining common security controls to all enterprise resources; ensuring not only consistency but removing blind spots that occur because of disparate products.
Security teams can configure policies that secure SaaS apps, control access to web destinations, identify shadow IT, and defend on-prem apps from a single control point. The architecture will often include a cloud access security broker, secure web gateway and zero trust network access functionality.
For security teams looking to adhere to SASE and zero trust tenets, it's imperative to select a vendor with a SASE offering that combines a leading cloud access security broker, an on-device secure web gateway, and zero trust network access to secure any interaction.