Changing the way future networks are built, operated

The ‘CIA triad’ is a baseline standard for evaluating and implementing measures to enhance confidentiality, integrity and availability in modern IT security.
Paul Stuttard
By Paul Stuttard, Director, Duxbury Networking.
Johannesburg, 08 Aug 2023
Paul Stuttard, director, Duxbury Networking.
Paul Stuttard, director, Duxbury Networking.

For organisations relying on older network infrastructures, there’s every chance that meeting today’s technology demands presents a challenge. Outdated enterprise networks are often overwhelmed by the latest mobile solutions and cloud-based business apps.

A modernised network upgrade could increase productivity. It can also significantly improve security.

While upgrading from old virtual private network tunnels and outdated firewalls is an important step in the upgrade process, network security is a complex field and it's advisable to gain a grasp of the most important technologies available for integration and implementation in today's evolving cyber security landscape.

The most notable among these technologies address the challenges posed by modern digital environments and form a framework designed to change the way future networks are built and operated. The conceptual foundations for this framework lie in ZTNA (Zero Trust Network Access), SASE (Secure Access Service Edge) and SSE (Secure Service Edge) technologies.

ZTNA focuses on providing secure access to applications and resources based on the principles and standards of “zero trust”. ZTNA verifies user identity, user device health and context before permitting access, regardless of the user's location or network, thus minimising the risks associated with unauthorised system modifications or data tampering.

SSE aids in the maintenance of data integrity by ensuring data remains unaltered and trustworthy during transmission and storage.

SASE, introduced by Gartner in 2019, combines network security and wide area networking capabilities into a cloud-based service model. Its goal is to provide secure access to applications and resources from anywhere. SASE also incorporates features such as firewall-as-a-service, secure web gateways, data loss prevention and more to protect confidential data.

SSE is a term coined by Gartner in 2021 and it essentially builds on the concepts of SASE. SSE integrates additional security capabilities − such as data encryption, threat intelligence, secure data storage and advanced analytics − directly into the service edge, providing an all-embracing security framework. SSE also employs integrity checks, secure protocols and data validation techniques to prevent unauthorised system modifications or data tampering.

As organisations assess and evaluate their security needs − taking into account factors such as remote access requirements, data sensitivity, regulation compliance and the need for scalability − the appropriate level of security and the specific features required from ZTNA, SASE and SSE need to be determined.

For instance, ZTNA can be integrated into the enterprise network by implementing software-defined perimeters and identity-based access controls. This involves deploying ZTNA solutions that provide secure access based on user and device identities, multi-factor authentication and context-aware policies.

Importantly, ZTNA can be integrated into existing VPN infrastructures or implemented as a standalone solution.

SASE is typically a cloud-based service, so implementing SASE involves migrating network security functions to the cloud. These functions could include deploying cloud-based firewalls, secure web gateways, data loss prevention tools and other security services under the umbrella of a unified or integrated service technology stack.

Today, many SASE providers offer consolidated security and networking capabilities delivered from the cloud, providing secure access to users regardless of their location.

As mentioned, SSE extends the capabilities provided by SASE. SSE solutions are typically delivered as a cloud-based service stack that combines networking optimising roles – such as redundancy implementation, load balancing and traffic management mechanisms – with security functions.

Against the backdrop of network security, it is useful to recognise the values of the CIA triad. In this instance, the CIA does not refer to the world of spies and secrets, but to a series of guidelines and objectives that are often used to develop policies and procedures for an effective information security programme.

The elements of the CIA triad are: (1) confidentiality, (2) integrity and (3) availability. They are considered to be three of the most crucial security components, which together represent the ultimate objective of all information security efforts.

Confidentiality entails ensuring the information is inaccessible to unauthorised people. It is commonly enforced through encryption, IDs and passwords, two-factor authentication and additional defensive strategies.

Integrity encompasses the safeguarding of information and systems from being modified by unauthorised individuals or automated software applications (bots). It helps ensure the accuracy and trustworthiness of protected data.

Availability implies that authorised people have access to critical information when needed. This involves meticulously maintaining all systems, upgrading them as required and relying on backups to safeguard against disruptions or data loss.

Widely observed throughout the security industry today, the CIA triad is a baseline standard for evaluating and implementing information security.

In this light, it is clear that ZTNA, SASE and SSE all align with the principles of the CIA triad by providing measures to enhance confidentiality, integrity and availability in modern IT security architectures.

For example, ZTNA enforces confidentiality by ensuring only authorised users with proper credentials and security posture can access sensitive resources.

ZTNA ensures data integrity by authenticating and verifying the integrity of users and devices before granting access, thus mitigating security risks.

ZTNA also indirectly contributes to availability. By verifying the security posture of users and devices, ZTNA helps prevent malicious actors from compromising resources, ensuring their availability for authorised users.

SASE ensures confidentiality by encrypting network traffic and providing secure connections between users and resources.

SASE helps maintain data integrity by ensuring data transmitted over the network remains unaltered and tamper-proof.

And SASE enhances availability by optimising network performance, providing redundancy and dynamically routing traffic. It helps ensure authorised users can reliably access resources, despite unplanned network outages or disruptions.

SSE ensures confidentiality by implementing encryption, access controls and data protection mechanisms. It safeguards data transmitted between users and cloud services, preventing unauthorised access or eavesdropping.

SSE aids in the maintenance of data integrity by ensuring data remains unaltered and trustworthy during transmission and storage.

Because SSE focuses on maintaining the availability of cloud services, it helps to minimise disruptions, while ensuring only authorised users gain access to cloud services.

From a networking perspective, ZTNA, SASE and SSE address the principles of the CIA triad by presenting security approaches that collectively provide a far-reaching framework to protect sensitive digital assets against threats and prevent unauthorised access, while ensuring the availability of critical resources and applications.