The days of an on-premises data center being at, well, the center of a defined corporate IT universe, are far behind us. And as organizations continue to shift resources to the cloud, embrace SaaS applications and implement endpoint protection strategies to support highly distributed work models, Zero Trust has become imperative.
The Zero Trust principal of “never trust, always verify” dovetails with another popular technology trend: Secure Access Service Edge or SASE (pronounced “sassy”) for short. This model combines various networking and security techniques to shift controls to the “edge” — in other words, closer to individual users and their devices, no matter where they are in the world.
Here’s a high-level look at what SASE is and how it complements a Zero Trust approach to security.
What is SASE?
Initially introduced by Gartner, SASE is a framework that combines software-defined wide area networking (SD-WAN) elements with various network security capabilities such as firewalls, secure web gateways (SWGs), cloud access security brokers (CASBs) and Zero Trust access controls — and delivers them as a managed cloud service.
Combining the power of these various technologies, SASE shifts the center of connectivity and security away from the on-premises data center. Instead of simply placing one firewall around a network perimeter, it places various controls around applications, servers and other resources — representing the next step in micro-segmentation. Meanwhile, SASE helps network and cloud architects build a secure bridge between access points and the service edge. While traditional networking approaches created inherent security gaps, SASE focuses on consistent coverage across global, distributed workforces.
Why is SASE important now?
In today’s digital organizations, remote workers, vendors and partners all require secure, uninterrupted access to data, applications and services anytime, and from anywhere. Meanwhile, workloads are running as infrastructure as code, SaaS application usage is surging, and user traffic is flowing from numerous locations to numerous cloud services far beyond the company data center.
Organizations need to securely connect all these identities — users, devices and applications — to corporate systems and data, while maintaining full visibility across these distributed connection points. By managing various technology components in a centralized fashion, SASE provides a structured way to accomplish these goals.
So where does Zero Trust fit in here?
Think of it this way: SASE represents a consolidated architecture and way for organizations to streamline operational aspects of managing technology and infrastructure. This can help them save money, reduce complexity and boost flexibility and performance.
SASE makes it easier to enforce Zero Trust and consistently apply role-based, identity-centric controls and granular policies for data movement across the entire network.
A holistic, strategic approach to cybersecurity combines the principals of SASE and Zero Trust, along with other powerful security solutions that place identity — not the data center — at the center of the security equation.
The CyberArk Identity Security Platform is foundational to achieving Zero Trust. Our approach focuses on securing individual identities throughout the cycle of accessing critical assets. This means authenticating that identity accurately, authorizing that identity with the proper permissions, and providing access for that identity to privileged assets in a structured manner – all in a way that can be audited (or accounted for) to ensure the entire process is sound.