Zero Trust has been touted for years as the future of network security. But, only recently has it started to gain traction as a practical enterprise security framework. The implementation of digital transformation initiatives has thrust Zero Trust into the spotlight as network applications and resources migrate to the cloud and blur the traditional network perimeter. This has exposed security vulnerabilities in firewalls, secure gateways, VPNs and proxies.
While many businesses started the year with the intention to implement digital transformation programs, enabling employees to work from home suddenly took priority in March due to the COVID-19 pandemic. The scramble to configure networks for remote access left organizations and users overexposed and at risk of cyberattacks. The proof lies in the proliferation of cyberattacks and threat vectors seen since the end of February.
Zero Trust provides a comprehensive yet flexible approach to safeguard IT infrastructure, applications and data.
Zero Trust Policy-based Security
When Zero Trust policy-based security is applied to user interactions, organizations reduce their network attack surface. Each individual and system is authenticated for limited access to only the applications, data, and resources they are authorized to use. In most cases, security decisions are enforced at the endpoint but defined and managed in the cloud. Access policies can be granular to make security decisions at the access edge, based upon the IT resource, session data, authentication, and a host of other factors.
Executing Zero Trust Using the cFramework
Secure Access Service Edge, or SASE, the innovative security concept that was proposed by Gartner in a 2019 report titled, “The Future of Network Security is in the Cloud,” is getting a lot of recognition in the cybersecurity industry. It represents an architectural transformation in enterprise security that is suitable for today’s ever-changing work environment, with applications shifting to the cloud and workers connecting from distributed locations using all sorts of devices.
Fully aligned with SASE’s edge-based security approach, the Zero Trust security construct can be executed using the SASE framework. To illustrate, let’s look at two areas that have Zero Trust security requirements and the associated capabilities highlighted in Gartner’s report.
Zero Trust Security is the Destination, SASE is the Path
To understand how SASE is an approach that enables a Zero Trust security model, we’ll dig a little deeper into Gartner’s vision. In its introduction to the SASE model, Gartner listed many capabilities and elements that can form SASE platforms — network-as-a-service technologies, such as SD-WAN, CDNs and WAN optimization, as well as network security services, such as cloud SWGs, VPNs, NGFWs, ZTNA, cloud access security brokers (CASB) and RBI. As individual components of SASE, these are available today and in varying degrees, are being used by most organizations. Gartner’s SASE vision is that the evolution of these solutions will bring them together into an integrated, simple-to-use, global, cloud delivered platform.
By integrating network infrastructure capabilities with network security functions, SASE enables security controls to be enforced at all network connection points. SASE solutions combine core connectivity and security policy capabilities, providing controls that allow access policy and data use decisions to be made in-line between the requesting user and IT resources (database, app, etc.) whether they’re located within the enterprise network or in the cloud.
SASE greatly improves network security and, if implemented correctly, can be put in place with minimal impact on users. SASE solutions provide IT staff full control and visibility over every user’s access throughout the organization’s networks and applications. Integrated and ongoing inspection and analysis of traffic combined with dynamic security policy enforcement is what makes SASE a game-changing enabler of digital transformation initiatives.
Starting the SASE Journey
Gartner expects at least 40 percent of enterprises to have strategies in place for adopting SASE by 2024. Early adopters need to stay flexible since vendors are still in the process of developing their integrated cloud-based SASE platforms, but there are things they can do to prepare for SASE.
First, you can begin by reevaluating the network architecture of your organization and ensuring that network security is a part of the process. Having the correct architecture in place is vital to establishing structures that are strong and adaptable.
Second, look for some quick SASE wins by adding complementary security capabilities to your existing network infrastructure. For example, upgrade your NGFWs and VPNs to add Zero Trust Network Access capabilities, or add RBI to bring Zero Trust web browsing to your organization.
Finally, you can plan for SASE by gradually reducing hardware dependency. Cloud-native applications and web access and security solutions lay the foundation for decentralized architectures in addition to working with legacy networks. Select transitional solutions that work with your roadmap to assist you and lead you to your eventual Zero Trust security end-state.
David Canellos is president and CEO of Ericom Software.
Enjoy additional insights from Threatpost’s InfoSec Insider community by visiting past contributions.