SASE or zero trust? Why security teams should be using both - Help Net Security

SASE or zero trust? Why security teams should be using both
As companies continue to navigate increasingly distributed environments, the question of zero trust is coming up more and more – as is the relationship between this framework and secure access service edge (SASE). Many security teams are looking to better understand zero trust security and SASE, including whether or not they are mutually exclusive or compatible.

SASE zero trust

So, what exactly are each of these security models, and how can companies determine which one will be more appropriate for their security teams as they seek to protect the broader business from cyber threats?

The short answer is that they are highly complementary. In fact, in almost any case, the two work better when used together to support security teams striving to ensure that the company’s digital footprint does not expand beyond their control.

Navigating rapid digital transformation amid the COVID-19 pandemic
Historically, companies have relied on VPNs to provide employees working remotely with a secure “tunnel” into the on-premises network. VPNs are dependent on the notion of a clear network perimeter. Users that are deemed trustworthy can move freely inside, while everything on the outside is denied access.

Even before the rapid shift to remote work caused by COVID-19, the effectiveness of this model was weakening due to a number of critical flaws. The perimeter-based security approach does not account for the threat of insider attacks or the fact that non-employees may need access. Perhaps most remarkably, if a cybercriminal gains access via methods such as VPN credential abuse, they are typically able to move laterally across resources on the network without any restrictions.

COVID-19 has dramatically transformed the workplace and pushed IT teams to revisit their infrastructure to balance security with productivity. Zero trust and SASE solutions are being adopted together because they help organizations unite a least-privilege access approach with an architecture that streamlines how highly distributed users and cloud resources are secured.

Rethinking cybersecurity strategies for the distributed workforce
Company environments are becoming increasingly dispersed as the remote workforce pushes more applications to the cloud. Organizations are looking to secure their expanding surface areas with policies that enforce least-privilege access control via technologies like zero trust network access (ZTNA), secure web gateway (SWG), and cloud access security broker (CASB) – to name a few.

However, when the above technologies are deployed in a one-off fashion, it can leave organizations manually replicating policies across different dashboards. This takes time (and therefore costs money), but also limits consistent visibility and control across the IT ecosystem. This issue is compounded as more solutions are deemed necessary and deployed.

While zero trust is a way of thinking that focuses on appropriate authentication and secure access to data and systems on an as-needed basis, SASE refers to cloud-delivered platforms deployed at the edge which provide wide-ranging protections anyplace data reaches. As integrated platforms that consist of an array of complementary solutions, SASE offerings are crucial when following a zero trust framework.

Stronger security via streamlined management
Sometimes the effort to follow zero trust security principles can inadvertently drive up the amount of deployed point products and produce unanticipated disparities in protection across use cases. SASE addresses this challenge by helping organizations preserve and sustain common security controls across all enterprise resources. This ensures consistency by helping security teams remove blind spots that can arise due to disparate tools and solutions. SASE offerings typically offer CASB, SWG and ZTNA functionality to achieve this.

Security teams can configure policies that safeguard SaaS apps, control access to web destinations, identify shadow IT, and secure apps on-premises from a sole control point with a single dashboard for configuring wide-ranging policies. This provides not only consistent, comprehensive protections, but also consolidated ease of management, saving your organization time and money.

Achieving the best of both worlds
For most companies, the conventional perimeter their security teams once managed has now been gone for an entire year; and there won’t be any going back. By uniting SASE and zero trust, organizations can establish and maintain an environment that reliably enforces security procedures for any interaction on or off premises – through one unified platform.