Many organizations find themselves in a tricky spot today when it comes to digital transformation. With many looking to zero trust, how does Secure Access Secure Edge (SASE) fit in?

On the one hand, the events of 2020 helped to speed up many digital adoption projects. A 2020 report from McKinsey found that more than half of executives were either investing in new tech to get ahead in the business world or were changing the focus of the entire business to embrace digital tools, for example.

On the other hand, businesses and agencies don’t always balance that growth with security. According to Ponemon’s Digital Transformation and Cyber Risk report, 82% of IT security and C-level leaders said that their employer had suffered at least one data breach tied to their digital transformation efforts.

This finding shows how hard it can be to meet security needs amid growing complexity. Those challenges include aligning security and the C-suite on ongoing digital transformation projects. They also involve working with third parties and not always aligning with them in terms of security. Per the report, 58% of survey respondents said they lacked a risk management program for their third parties. About the same proportion (56%) said that they didn’t know whether their third parties’ policies and procedures helped to safeguard their information.

The Emergence of SASE

The meeting of digital transformation and growing complexity has rendered many older approaches to digital safety moot. The problem is that no one approach can provide comprehensive coverage on its own. Want to manage access in a dynamic fashion? That will be even harder.

Hence the emergence of SASE. Coined by Gartner in December 2019, SASE “combines network security functions … to support the dynamic secure access needs of organizations. These capabilities are delivered primarily aaS [as a service] and based upon the identity of the entity, real-time context and security/compliance policies.”

How ZTNA Works

One of the core functions on which SASE relies is Zero Trust Network Access (ZTNA). This construct blends together the principle of least privilege with access controls to help secure networks against digital threats. In that sense, ZTNA coheres with SASE in that it seeks to curb the network permissions that help to expose applications, systems and data. It does this by promoting the use of microsegmentation tools and software-defined perimeter (SDP) tech, solutions that can help to prevent threat actors from moving sideways across the network from one access point to the next.

That’s not the only way in which ZTNA and SASE support each other. They also come together around the idea of protecting browser software against malicious websites. For its part, ZTNA doesn’t permit websites to freely interact with an endpoint’s browser software. Meanwhile, SASE uses remote browser isolation tech to remotely conduct web browsing in a virtual browser through the cloud. This helps to protect endpoints against suspicious website code, active content and downloads.

Despite how similar they may sound, SASE and ZTNA aren’t the same things. SASE provides insight into how vendors can design security solutions for the future, while ZTNA helps get rid of business risk across the infrastructure. Sure, a plan for either can lead your business to embrace elements of the other. But SASE does not enable security teams to implement ZTNA more quickly. Nor is enabling ZTNA the only thing SASE can do.

Partnerships Driving SASE

No one organization can provide everything you need to achieve SASE. That’s why vendor partnerships are so important. In August 2021, for instance, IBM Security partnered with Zscaler to deliver SASE services. Together, they can “help deliver a fully managed transformation to a cloud-based SASE architecture, a key element of a zero trust security posture.” That’s a key part of a more holistic approach to cybersecurity.

More from Zero Trust

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Zero trust data security: It’s time to make the shift

4 min read - How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not. Organizations of all sizes are increasingly vulnerable to breaches as their attack surfaces continue to grow and become more difficult — if not impossible — to define. Add geopolitical and economic instability…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today