The emergence of SaaS and cloud-based workloads and services requires a broader approach to Zero Trust. Credit: iStock There aren’t many events where a critical mass of Chief Information Security Officers gathers to exchange ideas about the current threat environment, key initiatives, etc. The annual Gartner Security and Risk Management Summit is one of them, and I’m looking forward to attending it this year. I’m particularly interested in the experiences and best practices around implementing Zero Trust. While the term itself has become overused and something of a cliché, from a practitioner’s perspective, its key principles embody a very pragmatic approach to leveraging connectivity and the network to build a strong cyber defense. The idea of “trust nothing” and “verify everything” has been around for a long time and is even codified in documents such as the NIST 800-27 Special Publication on Zero Trust. Many organizations have implemented Network Access Control (NAC) to verify the identity of users and devices, assign the appropriate role and access privileges, and then enforce those rights in the network. NAC works well and has evolved to provide a rich set of solutions that range from automated device discovery and fingerprinting, AAA and non-AAA authentication, automated guest onboarding, and end point posture assessment—with full integration into the broader security ecosystem. But as we have all discovered, the emergence of SaaS and cloud-based workloads and services requires a broader approach to Zero Trust. It started with the “Starbucks problem” where employees, partners, and customers could access corporate resources completely outside of the corporate network. That concern multiplied exponentially with the pandemic and the rise of hybrid work. As organizations grappled with the twin requirements of extending their Zero Trust framework to a cloud environment while ensuring that users received great IT services, a set of solutions started to emerge that addressed these challenges. Collectively, this is referred to as SSE or Secure Service Edge. According to Gartner®, SSE secures access to the web, cloud services, and private applications regardless of the location of the user, the device they are using, or where that application is hosted.[1] It can contain a number of different solutions such as ZTNA (Zero Trust Network Access), SWG (Secure Web Gateway), CASB (Cloud Access Security Broker), DLP (Data Leak Protection), FWaaS (Firewall as Service), DEM (Digital Experience Monitoring), etc. Clearly, few organizations will implement all of these functions at the same time, and, in fact, each of these attacks a different part of the “off network” Zero Trust problem. ZTNA seems to be a favorite starting point, especially for organizations looking for a more flexible alternative to VPN. SWG and CASB cover general internet and specific application access, while DEM enables IT teams to see the network and application experience through the eyes of the user. SSE is a great complement to SD-WAN, and jointly they create SASE (Secure Access Service Edge). According to Gartner®, SASE is the convergence of WAN edge and security from vendors spanning multiple markets.[2] We’ve seen many customers implement SASE and I’ll be interested to hear how my peers coordinate on the decision-making and implementation of a full SASE solution. If you are going to the conference, I’d love to chat about your views on these subjects and any other top-of-mind topics that you have. See you there. Additional Resources Three ways to jump-start your journey to SD-WAN, SSE, and SASE How to achieve 5 critical capabilities of Zero Trust network security The role of network access control in Zero Trust Security [1] Gartner®, Magic Quadrant for Security Service Edge, By Charlie Winckless, Aaron McQuaid, John Watts, Craig Lawson, Thomas Lintemuth, Dale Koeppen, April 2023. [2] Gartner®, Where Do I Start with SASE Evaluations: SD-WAN, SSE, Single-Vendor SASE, or Managed SASE? By John Watts, Nat Smith, Jonathan Forest, May 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and MAGIC QUADRANT is a registered trademark of Gartner, Inc. and/or its affiliates and are used herein with permission. All rights reserved. To learn more, visit us here. This blog was published on blogs.arubanetworks.com on June 5, 2023. Related content brandpost Minimizing the negative impact of IT through design and circularity As more of our customers commit to becoming carbon neutral, they’ve been asking questions about how the products they use impact our planet. How much power are they consuming? How can they optimize resources? How can they minimize the negative By Phil Mottram, Executive Vice President & General Manager, HPE Aruba Networking 20 Jun 2023 5 mins Zero Trust brandpost 3 ways to jump-start your journey to SD-WAN, SSE, and SASE IT departments must now take steps to embrace SASE as traditional network architectures were never designed for the cloud. By Gabriel Gomane, Senior Product Marketing Manager at HPE Aruba Networking 16 May 2023 12 mins SASE SASE SD-WAN brandpost Hybrid Workplaces: Fad or Future? Key findings and insights for your consideration—is the future of work truly hybrid in nature? Let the research guide the way. By HPE Aruba Networking ESP Marketing 25 Apr 2023 5 mins Remote Work Employee Experience Staff Management brandpost 6 ways to drive Wi-Fi operational efficiencies Fact: Financial and political pressures are straining network resources. The following tactics will save time, money, and future-proof your Wi-Fi. By Gayle Levin, Senior Product Marketing Manager for Wireless at HPE Aruba Networking. 18 Apr 2023 4 mins Networking Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe