Take security to the Zero Trust Edge

A year ago, Forrester set out to document a new model for security and networking that was gaining mindshare in the market. As a result, Forrester recently published its research in a new report that introduces the Zero Trust Edge model for security and network services. There's a similar name going around in the market, "Secure Access Services Edge" (SASE) to describe the same model. We put the emphasis on the Zero Trust part.  

Forrester is an advocate for this model for several reasons. But the primary one is this: The internet was designed without security in mind. Should we, as technologists, just expect every organization in the world to simply attach themselves directly to it and hope it all works out for them? For 25 years, we've just been putting Band-Aids on top of Band-Aids, hoping to stop the cybersecurity bleeding, but the carnage gets worse every year. The Zero Trust Edge (ZTE) model is a safer on-ramp to the internet for organizations' physical locations and remote workers. 

A ZTE network is a virtual network that spans the internet and is directly accessible from every major city in the world. It uses Zero Trust Network Access (ZTNA) to authenticate and authorize users as they connect to it and through it. If those users are accessing corporate services like an on-prem application or Office 365, they may rarely even "touch" the internet, except to be safely tunneled through it, and they'll certainly be kept away from the bad parts of town. 

TACTICS VS. STRATEGY 

Many enterprises are looking at this model to tactically solve a specific problem: securing the remote workforce. These organizations realize that acquiring more VPN licenses during the COVID-19 lockdown was just a stopgap measure to keep people working. Now, they're looking for a ZTNA solution. 

All ZTE vendors have ZTNA because it's the primary security service of their stack. Once enterprises start talking with vendors like Zscaler, Akamai, or Netskope, they realize there are more security services they can consume as a service, and now they're talking themselves into ZTE strategy. 

In the future, after other technologies like SWG, CASB, and DLP are integrated into the stack, organizations will look to put all their network traffic through these ZTE networks. And that's where the security and network teams will have to work together because legacy on-prem networks are heterogeneous, and the migration of giant data centers or 12-story hospitals using software-defined WAN (SD-WAN) as a transport into the ZTE networks will be a challenge.  

We'll solve the tactical problem, remote workforce, first with ZTNA. We'll move on to the larger security challenges next. And finally, we'll address the network. In the end, remote users, retail branches, remote offices, factories, and data centers will be connected to ZTE networks that will use Zero Trust approaches and technologies to authenticate, sanitize, and monitor connections through the network and into the internet and public clouds.