A hyper distributed workforce demands smarter network security
The rise of remote access means perimeter protection is no longer up to securing your network. As part of a SASE cloud security solution, zero trust is key to controlling network access across an expanding attack surface.
The workforce isn’t the same anymore. Across continents and time-zones, remote users access multiple devices to connect to an ever-growing number of SaaS applications.
Perimeter protection via VPN was once enough to safeguard segregated networks. Now, nothing separates those in and outside an organisation.
Zero Trust Network Access (ZTNA) has emerged as a new approach to security. ZTNA operates on the principle of least privilege.
In other words? Trust no one, no device, no user, no application. No matter where they are in the network.
A quick guide to SASE
Secure Access Service Edge (SASE), is a cloud-based network and security framework protecting users, applications and data. SASE combines SD-WAN with cloud-native security, delivered by a single cloud service at the network edge.
It’s no longer a matter of trust
Cloud-services have shifted the security landscape. With more traffic bypassing the data centre, VPNs are largely obsolete along with traditional security measures.
An alternative to remote access VPN, ZT architecture removes trust from the equation. Based on the principle of least privilege, users only gain access to services based on their role. Covering both the cloud and the data centre, ZTNA offers more security and flexibility. This enables users to access services wherever they are and the services are hosted.
A zero-trust approach:
- Establishes trust in every access request, no matter where it comes from
- Secures access across your applications and network
- Extends trust to support a modern enterprise across the distributed network.
In this new world, trust is not a right – it’s a privilege.
Keeping up with a hyper distributed world
Networking and security solutions should support a consistent experience, regardless of the device used or location.
More flexible and responsive than traditional network security approaches, ZTNA is not only more secure, it’s smoother for users.
“At Cisco, we use SSO technology. If I present the right credentials based on my device and user posture assessment, I gain access to the system,” says Prasad Semrudkar, Cisco’s SASE Lead for Asia, Pacific, Japan and China.
“I sign on once, through whatever app I need.”
Workforce, workloads and workplace
Security is not one-size-fits-most. Organisational needs vary — Cisco recommends breaking ZTNA into three pillars: workforce, workload and workplace.
Workforce
making sure users and devices can be trusted as they access systems, regardless of location.
Workloads
preventing unauthorised access within application environments, irrespective of where they are hosted.
Workplace
secure access to the network and for any and all devices (including IoT) that connect to enterprise networks.
Approaching ZTNA in this way makes it easier to identify your biggest security threats — but it also means you can get started from anywhere.
SASE links workplace and workforce
With a fragmented workforce and workplaces consuming more cloud services, an effective security approach needs to focus on network health.
SASE offers a single solution to apply and enforce ZTNA across the network, encompassing SD-WAN networking and cloud-native security.
“Joining the workplace and workforce as the two pillars of zero trust, that’s where SASE comes in,” says Prasad.
“SASE helps us deliver that borderless user experience.”
As a standalone approach, ZTNA controls access to the network. But it can’t protect it. Combining ZTNA with SD-WAN, via a SASE framework, takes networking and security to the next level. This connects the two crucial pillars of ZTNA – workforce and workplace.
What’s next for SASE
Cisco+ Secure Connect is set to deliver a single solution for networking and security. Harnessing the powerful Meraki and Viptela SD-WAN solutions, Cisco+ Secure Connect will offer standard and custom options for enterprise and mid-market organisations.