It’s time to stop building enterprise networks that center around on-premises perimeter firewalls.
Users are demanding a more seamless experience as IT services have moved out to the cloud, and perimeter security isn’t working - attackers have repeatedly demonstrated that they can get in behind firewalls and spread laterally within enterprise networks. The COVID-19 crisis has accelerated these trends. With many organizations asking their employees to work from home for what may be an extended period of time, the perimeter as a construct is effectively gone.
A different approach is needed, one which brings security where the traffic is rather than backhauling traffic across the Internet to a firewall in order to inspect it. One which centers security around user identity and risk rather than what network a computer is connected to. There are two complementary concepts that have entered the security lexicon that speak to this approach.
A Zero Trust Architecture (ZTA) is one in which granular access controls allow subjects (users, IoT devices, bots, micro-architecture processes) to reach the resources they require without also allowing everything within an internal network to access everything else by default. Zero Trust is an ideal security objective, but the challenge with achieving it has always been the complexity of implementing granular controls.
These management and user experience challenges are being addressed by delivering security capabilities from the Internet as a service with a unified management platform that cuts through unnecessary administrative overhead. Gartner has dubbed this architecture the Secure Access Service Edge, or SASE, pronounced “Sassy”. SASE provides us with the agility to rapidly deliver security capabilities when and where they are needed without compromising on effectiveness.
This white paper is intended to provide a roadmap for achieving a Zero Trust Architecture with a seamless user experience through the use of SASE capabilities. Many of the insights shared here reflect the real world experiences TTX and OPAQ have had working together to implement these technologies in practice. The resulting infrastructure reduces end user frustration with VPNs while improving an organization’s security posture and enabling the business to move faster.
The time has come for a more distributed approach to security on the Internet. SASE based ZTA is the way to get there.
To read more, download the white paper from TTX and OPAQ