There’s never been a better time to be a threat actor. The acceleration of digital transformation and a highly distributed mobile workforce have greatly expanded threat surfaces across enterprise networks, leaving organizations exposed to cyberattacks.
Just about anyone can purchase malicious code on the dark web for a few hundred dollars and spin up a highly targeted attack based on social engineering research. In 2020, 86 percent of organizations experienced a successful cyberattack, up from 81 percent the prior year, resulting in the largest year-over-year increase in the last six years, according to the 2021 CyberEdge Cyberthreat Report.
Admittedly, the security industry has been slow to respond. Two much-discussed approaches that enable security transformation, Zero Trust and Secure Access Service Edge (SASE), are starting to be more widely adopted. There’s no vendor, however, that can rightfully claim to have a holistic Zero Trust or SASE solution that’s enterprise ready and can deliver 100 percent of the security efficacy everyone aspires to. As a result, cloud and digital transformation continue to outpace security transformation—creating massive security gaps that threat actors are exploiting with increasing frequency and consequences
Not all is lost. Many organizations have already started their Zero Trust and SASE journeys by laying down a modern security framework. But what does that look like? What can you do today? How do you ensure that your organization is future-ready for whatever comes next? To answer those questions, we’ve created this concise technology primer for Zero Trust and SASE
What is Zero Trust?
Zero Trust turns the traditional detect-and-remediate approach to cybersecurity on its head. In its simplest form, instead of trusting everything except known threats, Zero Trust assumes that all content—regardless of whether it originates from a trusted source—is untrustworthy. This strategy forces websites, web apps, Software-as-a-Service (SaaS) platforms, and even email content to be treated as if they are malicious. It’s not practical to block everything, however, so content needs to be sterilized before being allowed to interact with corporate entities.
What is SASE?
SASE essentially converges the connectivity and security stacks and moves them to the edge. In practical terms, SASE takes the entire security stack that once lived inside many appliances in the data center or in branch locations on the perimeter and puts it into the cloud as a converged, integrated stack. Security is most effective when it is applied close to the user, application, and data. Now that those entities have left the comfy confines of the data center, SASE moves security with them to the cloud. This allows the enterprise security team to monitor traffic and apply the appropriate security controls to any traffic that attempts to interact with a corporate entity regardless of location, underlying infrastructure, or connectivity method.
How do Zero Trust and SASE work together to secure the modern enterprise?
SASE moves security to the cloud where it’s closer to apps, users and data—but it can still rely on the same detect-and-remediate approach to cybersecurity that may leave corporate resources open to breaches from increasingly sophisticated and numerous bad actors. They can customize phishing themes based on social engineering research, infect trustworthy sites through malvertising, or spin up fake login forms to maximize their chances of infection. Then, if the threat is detected, they implement a simple code change to make the attack virtually undetectable again. The resulting cat-and-mouse game means that the cybersecurity team is always playing catch-up, constantly patching holes in the network and hoping that one of the cracks doesn’t result in a damaging breach.
It’s clear that the detect-and-remediate approach to cybersecurity is inherently flawed. In order to outsmart threats and liberate users, cybersecurity teams need to fundamentally change the way they protect the enterprise from malicious threats on the Internet. That’s where Zero Trust comes in. A Zero Trust mindset ensures that all content is suspect and should be subject to enterprise security controls. The combination of moving security to the cloud using SASE and instituting a Zero Trust approach to cybersecurity can fix the security problem and ultimately change outcomes.
How can I start my Zero Trust and SASE journeys?
Unfortunately, there’s no magic button. There are multiple steps to adopt Zero Trust principles or rearchitect to a SASE-type implementation. Fortunately, some organizations are already far along on their digital transformation journey, and converging to a SASE architecture is just the icing on the cake that completes the journey. Other organizations are just getting starting and need to take a phased approach. The key is to formulate a Zero Trust strategy that addresses your biggest and most immediate needs. You may feel that a web gateway is the best place to institute Zero Trust. Or maybe it’s CASB since your organization relies heavily on SaaS platforms. It’s important to identify the security vendors who share the same vision as you, so your approach can be consistent.
So what approach and vision is best?
Without a doubt, an approach that places isolation at the core of the security stack is the most effective and efficient Zero Trust strategy to prevent online attacks from malware, phishing, malicious downloads, and other modern-day attack vectors. Essentially, isolation is the secret sauce that pulls everything together, acting as a central technology framework through which security services can be delivered safely and securely in the cloud. Isolation works by creating a protective layer around users as they navigate the web, blocking not only known and existing threats but unknown and future threats as well. Rather than responding to attacks after the fact, enterprises can prevent them from reaching users in the first place.
Are all isolation solutions created equal?
Of course not. Isolation needs to be applied consistently across the organization, and not disrupt user productivity. Isolation also needs to give the security team complete visibility and control over web-based traffic, and to scale instantly to any user in any location around the globe. When done right, isolation makes security invisible—happening behind the scenes where it can’t inhibit productivity for today’s remote workforce. Email clients and web browsers should continue to work as intended. There should be no clients to install or hardware to ship, and common browsing functionality such as shortcuts, cutting, pasting, and printing work needs to be preserved. The right isolation solution makes sure employees can access the Internet with all of the features and functionality they’ve come to expect. No pixelated screens or read-only web pages. Everything should work for your users as intended, no matter where business takes them.
How can isolation be applied throughout the SASE stack?
On the security side of the SASE equation, SASE has many components—from the secure web gateway (SWG) to cloud data loss prevention (DLP). Gartner lists these components separately, but in a truly effective implementation they do not work independently of each other. They need to be tightly integrated into a single security stack capable of monitoring and controlling any traffic that flows to, from, and inside the enterprise network. Because of this integration requirement, organizations need a single, consistent SASE strategy. All components—even if they’re from different vendors—need to plug into a common framework to enable a Zero Trust approach to cybersecurity.
It’s clear that the old way of protecting the enterprise from malicious content on the Internet is not suited for today’s remote workforce. The attack surface is too large, malicious actors are too sophisticated, threats are too numerous, and users are too vulnerable. A Zero Trust approach to cybersecurity coupled with the SASE framework is the only way to outsmart threat actors and secure the various new ways people work. Isolation is the glue that brings these two strategies together, acting as a central technology framework through which all security services can be delivered safely and securely in the cloud.
Legacy approaches to security aren’t enough to protect modern work. Learn how security leaders are leveraging isolation-powered security solutions for threat prevention.