Implementing a zero trust architecture is a major priority across most organizations and industries.
However, accomplishing this goal is difficult if an organization lacks the appropriate tools to enforce
their new zero trust security policies.
What is a Zero Trust Security Model?
Historically, most organizations have had a perimeter-focused security model. Under this model,
everything inside of the protected perimeter is considered “trusted”, while all threats are believed to
originate from outside of the network. By deploying cybersecurity solutions at the network perimeter,
the goal is to identify and block inbound cyberattacks before they gain access to the organization’s
environment and systems.
This security model has a number of issues, but many of them boil down to the fact that threats do get
inside the organization’s network. Once an attacker is inside the perimeter, a perimeter-focused security
strategy does little or nothing to protect against them because everyone inside the network is “trusted”.
The zero trust security model was developed to fix the problems associated with perimeter-focused
security. Under this model, no-one is trusted implicitly. Instead, access to corporate resources (data,
systems, applications, etc.) is granted on a case-by-case basis. These access decisions are based on
access controls that limit a user’s access to those resources needed to do their job.
Why Are Organizations Pursuing Zero Trust?
Zero trust security is currently in vogue, and many organizations are actively working to implement zero
trust security or plan to do so in the near future. This drive toward zero trust is inspired by a number of
- Growing Data Breaches: Data breaches are a daily occurrence, and the number of breached
records is steadily rising. Zero trust security can help to protect against data breaches by limiting
and controlling access to sensitive data in an organization’s possession.
- Supply Chain Attacks: Supply chain attacks like the SolarWinds hack clearly demonstrate the
issues of implicitly trusting the software and systems within an organization’s network. A zero
trust security model provides visibility and protection against these types of attacks.
- Insider Threats: While many cyberattacks come from outside of the organization, insiders can
be serious cybersecurity risks as well, whether intentionally or unintentionally. Zero trust
removes the implicit trust in these users that makes them such a threat to enterprise security.
- Regulatory Compliance: Regulatory requirements for data protection are growing more
numerous and stringent. Implementing a zero trust architecture can help an organization to
meet its compliance requirements.
All of these factors mean that organizations are inspired and motivated to implement zero trust.
However, actually doing so is not as simple as it sounds.
Why is Zero Trust Difficult?
Adopting a zero trust security policy is relatively simple. However, saying that an organization follows
zero trust security principles is useless unless these zero trust principles and access controls are actually
implemented and enforced.
This is much more difficult to accomplish. Some of the main challenges that organizations face in
implementing zero trust include:
- Complex Infrastructure: Corporate WANs are increasingly composed of a complex array of
devices, including cloud computing, mobile devices, Internet of Things (IoT) devices, and more.
This diverse collection of endpoints makes consistent network visibility and policy enforcement
- Dissolving Perimeter: Historically, an organization’s systems were protected by the perimeter of
the corporate LAN. As cloud computing and remote work move devices and users offsite,
companies are losing visibility into core business operations.
- Legacy Security Solutions: Many traditional security solutions, like virtual private networks
(VPNs), are designed based on perimeter-based security models. These solutions are ill-suited to
implementing a zero trust security architecture.
The combination of all of these factors mean that it is hard to consistently enforce access controls across
an organization’s entire IT infrastructure, which is essential for effective zero trust security. Effectively
implementing zero trust security requires security solutions that are designed and built for a zero trust
Why SASE is Vital to a Zero Trust Strategy
Secure access service edge (SASE) is one of these solutions. SASE is a cloud-native security solution that
marries the network optimization of software-defined WAN (SD-WAN) with a full security stack.
This combination of network optimization and integrated security is a powerful tool for implementing
zero trust. The design of SASE means that it is possible to send all business traffic over the corporate
WAN with minimal performance impacts. This ensures that SASE solutions are able to inspect all traffic
flowing to and from corporate applications, data stores, and other resources.
This in-depth inspection means that SASE solutions are ideally suited for enforcing zero trust access
controls on the corporate WAN. One of the security solutions built into SASE is software defined
perimeter (SDP) or zero trust network access (ZTNA), a secure remote access solution designed to
provide access to corporate resources based on zero trust access controls. SASE also has visibility and
the ability to enforce security policies for east-west traffic flowing over the corporate WAN.
Zero trust is designed to replace legacy perimeter-based security models, and effectively implementing
it requires replacing legacy perimeter-based WAN security solutions as well. SASE provides a modern
networking solution that also offers security and the foundation for a zero trust architecture for the