SASE versus Zero Trust: Removing the mud from the water

The Zero Trust network access approach gains popularity with security professionals, as it addresses many of the shortcomings of the traditional method.
Michael Brink
By Michael Brink, Chief technology officer of CA Southern Africa
Johannesburg, 21 Jul 2023
Michael Brink, CTO of CA Southern Africa.
Michael Brink, CTO of CA Southern Africa.

According to Gartner, Security Service Edge (SSE) secures access to the web, cloud services and private applications. Capabilities include access control, threat protection, data security, security monitoring and acceptable-use control enforced by network-based and API-based integration. 

SSE is primarily delivered as a cloud-based service and may include on-premises or agent-based components.

Secure Access Service Edge (SASE) architecture is new and is designed for distributed, mobile and cloud-enabled organisations that combine networking capabilities. This is augmented by security competencies that enforce an organisation's policies regarding access.

The end result is a secure access platform that enables businesses to securely connect any user, from any device, anywhere, to any resource.

SASE architecture is designed to enable the enforcement of security at the network level; this can be said to be similar to traditional firewall or intrusion-prevention systems.

We are living in a world where the network perimeter is dissolving.

Other approaches don't rely on network for security enforcement, but rather on SaaS vendor capabilities or endpoint-based enforcement. They may also at best lack capabilities and at worst could be unsecure − think bring your own device, or hosted applications with minimal security controls.

SASE architecture facilitates the enforcement of uniform security across all corporate resources and users' activities regardless of the endpoint or SaaS vendor capabilities. It also enables visibility into users' actions, which is a mandatory requirement for detection, as well as forensics and compliance.

So, what is Zero Trust?

In a nutshell, it is a very broad cyber security strategy. The goal of Zero Trust is to enhance overall security by assuming that every user and device is not trusted until they have been verified and authorised to access specific resources.

This approach helps protect against insider threats, lateral movement of attackers and the potential compromise of trusted accounts or devices.

Gartner defines a Zero Trust network access approach (ZTNA) as a product or service that creates an identity and context-based, logical access boundary around an application or set of applications.

The applications are hidden from discovery and access is restricted, via a trust broker, to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the attack surface area.

Zero Trust can also be described as a departure from traditional network security, also referred to as the castle-and-moat approach. The latter is a network security model in which no one outside the network is able to access data on the inside, but everyone inside the network can get in.

To put it simply, a company's network is the castle, and its perimeter is the moat. This outdated approach relies on a trusted internal network and perimeter-based defences.

Zero Trust emphasises the principle of "trust no one" and assumes that no user or device should be inherently trusted within a network, even if they are inside the company's perimeter.

In this model, trust is not automatically granted based on a user's location or the network to which they are connected. Instead, it requires continuous verification and validation of user identity, device integrity and security posture before granting access to resources.

This approach focuses on verifying the identity of users and devices trying to access network resources and involves strong multi-factor authentication to ensure the user is who they claim to be. It also limits user access rights to the bare minimum required to perform their specific tasks and by granting the least privilege necessary, it reduces the potential impact of a malicious user or device.

Zero Trust relies on continuous real-time monitoring and analytics to detect anomalous behaviour, suspicious activities and potential security threats.

It leverages technologies such as user behaviour analytics, threat intelligence and machine learning algorithms to promptly identify and respond to security incidents. It enforces granular access controls based on user identity, device health and contextual factors. Access decisions are made dynamically, considering factors like user location, time of access and device status.

We are living in a world where the network perimeter is dissolving. Consider cloud-based data centres that have taken traditional data centres and turned them into dynamic, software-defined entities. The new data centre is easy to deploy, and destroy, and is often managed using APIs and code.

Add the issue of a remote workforce increasingly using their own devices to the picture and it really gets complicated. Remote workers need access to the network, but the issue is keeping out the bad guys, while bona fide staff need to be able to access from anywhere, any time and on any device, and freely move laterally across the data centre.

This is where the ZTNA approach is gaining popularity with security professionals as it addresses many of the shortcomings of the traditional approach.

In my next article, I will expand on why organisations must verify everything trying to connect to resources before granting access based on identity, context and trustworthiness.

But more importantly, I will expand on how this goal is accomplished through the construction of an integrated platform that shares information across different security technologies.