EDITOR ’ S QUESTION
sSASE or Zero Trust ? Why security should use both
As Asia Pacific companies navigate increasingly distributed environments , the question of zero trust keeps recurring , as is the relationship between this framework and secure access service edge ( SASE ).
Security teams are looking to understand zero trust security and SASE better , including whether they are mutually exclusive or compatible . So , what are each of these security models and how can companies determine which will be appropriate ?
In fact , they are highly complementary . In almost any case , the two work better when used together to support security teams striving to ensure that the company ’ s digital footprint does not expand beyond their control .
Historically , companies have relied on virtual private networks ( VPNs ) to provide employees working remotely with a secure ‘ tunnel ’ into the on-premises network .
Even before the shift to remote work caused by COVID-19 , the effectiveness of this model was weakening . The perimeter-based security approach does not combat the threat of insider attacks or the fact that non-employees may need access . A cybercriminal gaining access via methods such as VPN credential abuse , is typically able to move laterally across resources on the network without any restrictions .
COVID-19 has pushed IT teams into revisiting their infrastructure to balance security with productivity . Zero trust and SASE solutions are being adopted together because they help organizations unite a least-privilege access approach with an architecture that streamlines how highly distributed users and cloud resources are secured .
Organizations are looking to secure their expanding surface areas with policies that enforce least-privilege access control via technologies like zero trust network access , secure web gateway ( SWG ) and cloud access security broker ( CASB ), to name a few .
But when these technologies are deployed in a one-off fashion , it can leave organizations manually replicating policies across different dashboards .
While zero trust focuses on appropriate authentication and secure access to data and systems on an as-needed basis , SASE refers to cloud-delivered platforms deployed at the Edge which provide wide-ranging protections any place data reaches . As integrated platforms that consist of an array of complementary solutions , SASE offerings are crucial when following a zero trust framework .
Sometimes the effort to follow zero trust security principles can inadvertently drive up the amount of deployed point products and produce unanticipated disparities in protection across use cases .
SASE addresses this challenge by helping organizations preserve and sustain common security controls across all enterprise resources . This ensures consistency by helping security teams remove blind spots that can arise due to disparate tools and solutions . SASE offerings typically offer CASB , SWG and ZTNA functionality in order to achieve this .
Security teams can configure policies that safeguard SaaS apps , control access to web destinations , identify shadow IT and secure apps on-premises from a sole control point with a single dashboard for configuring wide-ranging policies . This provides consistent , comprehensive protections and consolidated ease of management .
By uniting SASE and zero trust , organizations can establish and maintain an environment that reliably enforces security procedures for any interaction on or off premises – through a single unified platform . p
ANURAG KAHOL , FOUNDER AND CTO , BITGLASS
www . intelligentcio . com INTELLIGENTCIO APAC 35