How SASE with Zero Trust Framework Secures Remote Workers
eWEEK SECURITY PERSPECTIVE: Working from non-offices means that the hybrid workplace is here to stay and that security must adapt to these needs.
According to research released by S&P Global in June 2020, 80% of companies surveyed had implemented or expanded universal work-from-home policies in response to the crisis, and 67% expect these to remain in place either for the long term or permanently. As more people continue to work remotely, the number of connections increases and so does the potential attack surface.
Analysis of the threat landscape, and most recently the SolarWinds breach, found that hackers are often able to gain broad systems access. In many cases, the hackers move through networks unfettered to set up back doors and administrator accounts. With employees now connecting in large numbers, they are creating a hacker’s playground, with new, vulnerable endpoints and access points being exposed. New frameworks and tools are required to manage these threats.
Defining SASE and Zero Trust
Secure Access Service Edge (SASE), a segment coined by Gartner Research, and Zero Trust, created by Forrester Research, are two such frameworks that can help protect our employees.
Zero Trust as a concept has been around for a decade at least. In its simplest form it is: Don’t trust the things you do not need to trust. For the things you must trust, trust but verify constantly. Today there are many isolated Zero Trust projects focused on networks, users, devices or servers.
The SASE model combines networking and network security services, cloud access security broker (CASB), firewall as a service (FWaaS), data loss protection (DLP) and more, into a single comprehensive, integrated solution that supports all traffic, applications and users.
It’s all about defensive security strategy
Both SASE and Zero Trust support a new approach: a defensive security strategy at the edge. The model calls for an inspection to take place at the service edge. “The model would be to understand the identity of the employee, the student, or contractor based on their access identity. But at no point are they on the network, and you assign trust based on where they are in that network topology,” Patrick Sullivan, CTO of Akamai and an expert on security, said.
Such a proxy would allow access to web services no matter where they are hosted—and even to services hosted in local corporate networks.
Such an approach helps hide internal web applications and avoid posing them to the internet, providing secure access via proxy. This eliminates the use of a VPN because web applications can be accessed from anywhere via proxy in a secure way applying Zero Trust alone. The flexibility of deploying security inspection at the edge means that, regardless of shifts in the location of computing, security inspection can be performed at a local edge node.
Furthermore, since multi-cloud is the predominant architecture, deploying security at a homogeneous edge makes more sense than trying to engineer consistent controls using heterogeneous capabilities available at various cloud security providers (CSPs).
Enterprises need to be intentional about this
Analysts agree that an effective security implementation takes time, commitment and cultural change. The following points need to be evaluated and considered:
- Multiple layers of security
- Enterprise-level security around any type of connection
- Simplified deployment
- Scalability
- Improved network performance
- Lower operational overhead
The key to implementing security frameworks such as SASE and Zero Trust is to reduce complexity while also increasing visibility and ease of management. It is designed to focus on protecting the company and employees. People want to work—and do their best work—for an organization that gives them the flexibility and the rich, secure digital experience to do their job well—and do it from anywhere.