People who work in the arena of cybersecurity or networking solutions most certainly have come across the terms Zero Trust/Zero Trust Architecture, SASE (Secure Access Service Edge), ZTNA, and other fancy words. Let's discuss what these are.
Origin of Zero Trust
At Google, there was an attack performed by a hacker. During the attack, the hacker gained access to an employee's workstation. After gaining access, the attacker was able to laterally navigate to the organization's critical workloads and set up other malicious activities. This is what is referred to as the problem of implicit trust. Traditionally, in corporate networks or LAN setups, the objective is to create a trusted perimeter where all trusted devices can access resources as they please.
Zero Trust Architecture (ZTA) advocates for removing implicit trust completely. Users should only be given access to what they require to perform their tasks and nothing more. This is a significant departure from traditional networking. Although there is no complete or official definition yet, my basic understanding is that anything that talks about perimeters, like in traditional networking, is far from ZTA.
Principles of ZTA
- Minimize the trust placed on users.
- Verify everything.
Unlike traditional perimeter-based security, where everything inside the perimeter is assumed to be trusted and therefore doesn't need verification, ZTA promotes monitoring and scoping the access to resources.
How is it achieved?
It is a common tendency to adapt old things to fit new trends, and that's exactly what is happening with ZTA. Nowadays, everyone is trying to incorporate the zero-trust methodology. Vendors are attempting to sell traditional security tools like firewalls, VPNs, etc., with additional features labeled as zero trust because it is currently trending. Since this area is still in its early days, it will be interesting to see how things develop and how different vendors implement this concept.
There's no such thing as "zero trust" because there must be some trust for anything to operate. ZT isn't about eliminating trust. It's about controlling it.
What is SASE
Secure access service edge—or SASE is the new concept in field of network and security, where ZT focuses more on the cyber security side, SASE in implemented on top of ZT along with other techniques to completely revamp how networking is done, it bring together different technologies, including secure web gateways, cloud access security brokers, firewalls, and zero-trust network access, into a unified, cloud-delivered service.
some resources for further read:
Top comments (0)