Zero Trust Network Access and SASE Demystified – Rahi
IT Infrastructure

Zero Trust Network Access and SASE Demystified

By Krishna Kunapuli

September 29, 2021 - 4 min

network-access

Demystifying Zero Trust & SASE

Today, there is a significant emphasis on transforming modern-day enterprise security to a Zero Trust model. The traditional approach to securing enterprise networks focused on securing the networks from outside threats while entities inside the network were trusted. This trust boundary was enforced, but now it has become more impractical due to a variety of factors.

One of these factors is that applications are currently located in hybrid environments, including cloud, which is causing it to become increasingly difficult to define trust boundaries. Nowadays, trust boundaries would need to include internet and VPN hops, whereas previously they only required data centers or corporate LAN. Secondly, due to the rise of malware and phishing attacks, enterprise users may be victims of attacks when they access public resources, such as SaaS applications or the internet. Additionally, with employees being located in home offices more than ever, they need proper access to corporate resources to be productive and achieve business goals. Lastly, another factor is employee misuse of company resources.

Benefits of a Zero Trust Network Access Model

As a result, the Zero Trust model has now gained prominence and acceptance among Industry experts and security users alike. The key concept of Zero Trust Network Access (ZTNA) is that no entity is allowed access to the network without first being authenticated to do so. Essentially, trust boundaries no longer exist and security is implemented on a per-device, per-application basis and nothing is trusted implicitly.

While ZTNA, as described above, solves the problem of securing the access to the network – there still remains the problem of figuring out how to enforce security policies consistently to enterprise users and where to enforce it from. In addition, the application traffic on which policies are being applied must be secured on the network until it reaches the enforcement point. These are the driving forces behind the SASE architecture.

What is Secure Access Service Edge (SASE)?

SASE provides secure access to services at the edge of the network. A particular point to note is that these services are located in the SASE cloud due to the pervasive presence of public clouds. In total, a SASE solution comprises the edge – typically an SDWAN deployment with next-gen firewall capabilities and the SASE cloud – the public cloud which delivers the security services to users.

How SASE Works

The SASE Cloud is a broad umbrella of security services provided to the enterprise to fulfill their security needs and is based on the Zero Trust approach. Some of these services include: a secure web gateway, which can act as a proxy for enterprise users, to access the internet, a cloud-delivered firewall, a cloud access security broker (CASB) for security policy enforcement in cloud environments, remote browser isolation to prevent web-based attacks, and threat intelligence and sandboxing of applications before they are put into production. SASE clouds typically use microservices architecture to isolate one customer’s data from the other and to ensure that the security of the whole system is never compromised.

Benefits of SASE

The main benefit of SASE is that network security, application security, and endpoint security, which have all traditionally been siloed in their implementation and administration, are now integrated into a cloud-delivered solution accessible from anywhere for any workload from any device. This opens endless possibilities for enterprises while allowing them to keep security as the cornerstone of their IT strategy.

 

Author

  • Krishna is a Network Solutions Architect and early enthusiast of software-defined networks. He has more than 15 years of consulting experience in designing and implementing IP networks with execution around the globe, including some landmark projects. He specializes in designing large networks with a high degree of programmability and self-service.

, Manager - Presales

IT Infrastructure
Apr 05,2023
Maximize the Value of IT Investments With Managed Services

As organizations look to achieve digital transformation through the adoption of new technologies, the biggest...

IT Infrastructure
Mar 01,2023
Monitoring and Maintaining Highly Distributed Networks

The workplace has fundamentally changed over the past few years with the transition to hybrid work models. Most...

IT Infrastructure
Feb 01,2023
Benefits and Challenges of IT Process Automation

IT process automation is a top priority for senior IT decision-makers, according to a new study conducted by Gatepoint...

IT Infrastructure
Nov 30,2022
Collapsing the ‘Branch Stack’ with Network Functions Virtualization

Deploying and managing IT infrastructure on a box-by-box basis locks IT teams in the role of technology caretakers....

IT Infrastructure
Dec 02,2021
Arista Leaf-Spine Architecture – Blog 2: L2LS and L3LS Designs

Layer 2 Leaf-Spine – L2LS design In this design, 2 spine switches are paired as an MLAG domain and are presented to...

IT Infrastructure
Nov 24,2021
Arista Leaf Spine Architecture – Blog Series Part One

Traditional 3-Tier Data Center Network About 20 years ago there was a need for more servers because of an increase in...

IT Infrastructure
Aug 18,2021
How Cryptocurrency Is Redefining Networking

The rise of cryptocurrencies has driven fundamental changes in how we think about networking. Traditional currencies...

Get in touch with our experts for a free 30-minute strategy
consultation

Let our experts design, develop, deploy and manage your requirements while you focus on what's important for your business

Book a Consultation
error: Content is protected !!