Secure Access Service Edge (SASE) – defined by Gartner – is a security framework prescribing the convergence of security and network connectivity technologies into a single cloud-delivered platform to enable secure and fast cloud transformation. With SASE, enterprises can secure their resources and simplify the accessibility that users require from any location.
CISOs building a roadmap for SASE should not overlook the importance of creating a zero trust network. Not creating a zero trust network is a mistake that many CISO’s make, and also one that comes at a cost — according to a recent survey, 97% of senior executives reported facing attempts by hackers to steal different types of credentials. Without a Zero Trust Network that enforces the use of MFA, those stolen credentials mean easy access to your data. Zero Trust Network Access, or ZTNA, is the core of SASE. The decentralized nature of SASE frameworks lends itself to embracing zero trust protocols.
Growing digital businesses in today’s world means creating trusted authentication practices and maintaining network security despite the rising rate of cybercrime incidents. Instead of relying on one product, the SASE philosophy creates layers of network protection and real-time authentication.
What is zero trust network access?
Instead of enforcing a physical network perimeter, ZTNA enforces a perimeter that extends to user endpoints. That’s why it’s sometimes referred to as the software-defined perimeter (SDP).
Zero trust operates under the assumption that there are no users or machines that applications can trust with unlimited network access. This doesn't mean that employees and vendors are untrustworthy, but simply that there is data breach potential if that employee access were to be abused by unauthorized users. It’s a mindset shift from user trust to enforcing digital trust.
There are three basic principles of ZTNA:
- Explicit verification — Each user and machine log-in must be verified using two or multi-factor authentication. No access is permitted until requests are fully authenticated.
- Use of least privilege access — No single user or account has access to all data. Not even for high-level employees, management, or executives. Each user is assigned the permissions required to fulfill their tasks.
- Assume data breach attacks are underway — Network administrators and IT teams operate as if each connection is a potential threat. No user is trusted unless authenticated, and possible injections and other attacks could be hiding on the network and have yet to be discovered.
The use of ZTNA is especially relevant as more organizations adopt remote workforce tools and principles. Companies have more devices connected to their networks than ever before, and although organizations might educate workers in cyber hygiene best practices, cybersecurity is not their primary concern. Workers would rather focus on productivity than security policies.
For example, a recent study found that 52% of cybersecurity professionals reported that their remote workers use workarounds for security policies. As the employees see it, the security protocols add friction and take time away from business tasks. But recent ransomware attack trends reveal the importance of network security:
- Supply chain attacks — Some cybercriminals prefer to extend the damage to vendors, suppliers, and customers rather than attack one company. After infiltrating one area of the network, attackers will lay low. At the same time, they gather data, credentials, and learn about the cybersecurity protocols that are in place before launching a much more damaging attack.
- RaaS — Just like Software-as-a-Service models, Ransomware-as-a-Service platforms are becoming increasingly popular. RaaS offerings come with all the necessary code and infrastructure to launch a ransomware campaign, so even amateurs can execute large-scale attacks.
- Phishing — One of the oldest tricks in the books is still an effective way for attackers to access an organization’s network. Phishing emails are often used to trick employees into divulging their credentials so that hackers can infiltrate a network. Phishing is often the root cause of a significant data breach.
Zero trust is the core of SASE
A cybersecurity approach that enforces ZTNA acknowledges that the most significant threats come from lateral network movement. With network security moving closer to the edge, zero trust principles go hand in hand with SASE solutions in 2022. Gartner reports that ZTNA is now the top spending priority for half of the organizations moving toward a SASE cybersecurity ecosystem.
ZTNA security guidelines allow every connected device to have access to business resources while granting least-privileged access to work. The benefits of SASE outweigh traditional cybersecurity architecture. But without a zero trust approach, your organization is no more protected.
The future of enterprise security
CISOs must accelerate Zero Trust adoption across their organizations to secure each endpoint and every log-in identity. Moving forward, ZTNA will be the foundation of enterprise cybersecurity. Hackers are targeting credentials and third-party access to business networks to find weaknesses, exploit organizations, and steal critical data.
SASE means closing security gaps in environments where the security perimeter is constantly in flux due to remote workers, third-party access, and a growing IoT. Establishing a zero trust network is simple with tools like Cyber Shield from OpenVPN Cloud, which helps to make the process more manageable and brings a powerful layer of security to zero trust networks. Successful SASE relies on the successful implementation of Zero Trust policies and procedures.