Author: Mark Stone
Today, many applications have moved to the cloud as users have become more remote, making the enterprise wide-area network (WAN) more distributed. Users, devices and applications are leaving the enterprise boundaries and zone of control, increasing the risk of exposure. At the same time, applications have also become more dynamic, requiring more throughput and less latency.
Deployment and management of network security solutions originating from the data center are typically straightforward—traffic flows in and out of the network. However, this model, called "hub and spoke," cannot meet the increased demand on the cloud as network links are widespread with employees connecting from multiple locations.
Network security solutions: What is secure access service edge (SASE) and why is it important?
Because of these factors, many organizations are turning to cloud-native secure access service edge to provide network security solutions such as inspection and protection from the cloud—rather than forcing traffic through physical appliances at the data center.
With so many applications and so much data hosted in the cloud, the increased latency makes routing traffic through the data center more or less impractical. As more employees connect remotely, that latency only increases, bringing about unnecessary frustration that at times provokes users to connect using insecure methods.
SASE is a modern method of edge computing, placing network security solutions and management on the cloud edge and even closer to the resources requiring access.
What makes secure access service edge so practical in the modern cloud environment is how it leverages zero trust access policies on the edge network. Using this identity-based model, security is tailored to only allow employee access to the specific applications and resources required for job duties. With SASE and zero trust, organizations have more granular control over network security solutions and policies while optimizing application performance.
Since these services reside virtually in the cloud, they can be scaled up and down as needed more easily. Plus, with embedded cyber security, they are easier to deploy, manage and maintain. By extending network security capabilities to the cloud in this manner, organizations gain a meaningful way to improve network and business agility without sacrificing security.
How does perimeter security differ from zero trust?
Another way to promote security in the extended enterprise is to move from perimeter-focused network security solutions and policies—focusing on techniques to prevent bad actors from getting access to network resources—to zero trust, identity-focused security policies.
The zero trust model, which was established to promote the concept that organizations cannot automatically trust any endpoint originating inside or outside its perimeter, has its foundations in network segmentation. Improving on the network segmentation concept, zero trust's granularity and micro-segmentation enforce rules based on users, their locations and other factors to decide if the user, endpoint or app should be trusted.
A zero trust network will not authenticate unless it can determine if the endpoint's user, location and security status is valid.
Once endpoints authenticate, that specific connection is subject to a restrictive policy. The zero trust model operates much like the "need-to-know" basis used by the government, in which the network security solutions issue only the exact amount of access required for endpoints, users and apps. No more and no less.
Zero trust policies assume users and devices are not allowed access to any network resources unless they specifically prove their credentials. Remember, zero trust goes beyond users; a comprehensive zero trust policy would include people, devices, workloads, networks and data.
Perimeter-focused security policies operate much like a security guard at the entrance of an office building during the day to protect employees and assets from potential threats. While this certainly is a helpful first line of defense, it is unlikely the guard will catch every potential bad actor or vulnerability—particularly intentional threats or unintentional human error from within the organization.
On the other hand, zero trust network security solutions are similar to having an advanced facial recognition scan used to authorize access to a particular room or area of the office building. The use of identity-based security not only prevents unauthorized access but also creates a record of those who have gained access should any problems arise.
While it is likely perimeter-focused security solutions (like firewalls, for example) will remain a first line of defense for many networks, organizations should also consider augmenting their network security solutions strategies with more zero trust security policies to secure critical applications and resources.
The benefits of SASE and an embedded cyber security system
When your organization implements a secure access service edge solution, the advantages are numerous:
- Cost savings and reduced complexity
- Optimized routing with reduced latency
- Improved agility
- Simpler zero trust adoption with embedded cyber security
- Ability to administer cloud-based, centralized policy and management
SASE helps bring together flexible cloud-based and zero-trust network security solutions and services with agile networking services using a software-defined wide area network (SD-WAN). It securely connects people and things from anywhere to any app. Secure access service edge is an extension of Network as a Service (NaaS) and is ideal for businesses moving to more digital, high-impact customer experiences requiring higher levels of application performance.
Ultimately, SASE enables organizations to reduce the risk of threats and improve their security posture.
Discover how Verizon's Managed Network Services can help you outsource network management and security services so you can spend more time on your critical goals.