Greg ShieldsMarch 1, 2023
Securing Complex Hybrid IT Infrastructures: Perspectives on SASE, SSE and ZTNA
Many security vendors tout Secure Access Service Edge (SASE) or Secure Service Edge (SSE) products, often with technologies pieced together by acquisition that may not work well together. That’s why it’s important to do your homework and shop smart when it comes to a boxed-up, “Swiss Army knife” suite of security solutions. Ultimately you may find the better choice is a comprehensive universal Zero Trust Network Access (ZTNA) solution that features built-in APIs to enable integration with the security, IT and business systems you already have in place.
In 2005, my family relocated to a small town in the Piedmont of North Carolina from the Washington, D.C. area. One thing I immediately noticed is that most men carry a pocketknife. I adopted the practice and was amazed at how often it came in handy to open an envelope or the plastic packaging of a drug store purchase, break down a cardboard box, remove a staple or pry batteries out of something. Sure, as kids, we all loved the novelty of a Swiss Army knife. But the tool that’s in every pocket around here is pretty much the same: a folding knife with a locking blade. That’s it.
If you apply this analogy to today’s complex, extremely adversarial world of cybersecurity, it takes a highly honed tool to do the best job for the task at hand. With that in mind, let’s examine popular Swiss Army knife vs. one sharp blade security approaches by looking at SASE, SSE and ZTNA.
In 2019, the term Secure Access Service Edge (SASE) was coined by Gartner. SASE is the combination of SD-WAN, next-generation firewall (NGFW), cloud access security broker (CASB), secure web gateway (SWG) and Zero Trust Network Access (ZTNA) and a few other things thrown in for good measure. However, very few vendors offer all five core technologies and not many enterprises want to buy them at the same time in the same package. Next came Security Service Edge (SSE)—framed by Gartner in 2021 as a category focused on securing access to cloud services, private apps and the web—which took the list down to a core list of three: SWG, CASB and ZTNA.
And then there’s Zero Trust Network Access, also debuted by Gartner in 2019. ZTNA puts the least-privilege principle of Zero Trust security to work by assuming all users, devices, and applications are untrusted and require authentication and verification before allowing access to any resources. ZTNA secures user-to-resource and resource-to-resource connections, regardless of location, by using identity- and context-based policies to control access. It can be deployed as a standalone solution or, of course, fused into models like SASE and SSE.
But there’s a cautionary tale to be told here. If you’re looking to check all the SSE or SASE boxes, make sure that you don’t settle for good enough as the whole may have been pieced together by parts from acquisition that don’t work well as a collective or provide a single pane of glass experience. (This is feedback I’ve heard from organizations on Zero Trust journeys and from master agents representing manufacturers that claim fully integrated solutions but really aren’t.) You also should dig deep into the ZTNA side of things to make sure you’re getting comprehensive Zero Trust Network Access that can handle the complexities of hybrid enterprise infrastructure and accommodate all use cases ... not just cloud or remote access.
Universal ZTNA as a single-blade tool with multi-purpose benefits
As fast as things move when it comes to cybersecurity models and acronyms, what do you really need? After all, it’s 2023 and everything is software. Frankly, from a security and interoperability standpoint, starting with well-honed, best-of-breed ZTNA solution can set you well on your way to do what we all care about most: reduce the attack surface and protect sensitive corporate assets and applications.
With comprehensive ZTNA, you should expect to get APIs conforming to a REST architecture, so systems can talk to each other and utilize an event on one system to trigger an event on another. With that functionality in place, the ZTNA solution can integrate with other enterprise security, IT and business solutions already in your environment. Appgate SDP, our leading universal ZTNA solution, does just that. For example, its built-in integration with ServiceNow turns on Zero Trust access to a server via an Appgate policy and entitlement when a technician is assigned an approved ServiceNow ticket.
Better yet? The right ZTNA solution also can replace one or many legacy technologies in your environment. In fact, many customers have been able to retire NAC solutions, MPLS and SD-WAN networks, and even cloud on-ramps installed in data centers that give cross-connect access to platforms like AWS, Azure and GCP.
It’s all backed by the power of a cloud-native, cloud-based Zero Trust platform that speeds Appgate SDP deployment with a unique as-a-service approach, so you retain control of your network traffic while reducing infrastructure management overhead. The platform’s risk engine service enhances access policies with rich security context via click-to-configure, “no code” integrations to third-party IT, security and business solutions, including microsegmentation, endpoint protection, SWG and cloud services. Additional benefits include:
- Customer choice of implementation models: Extending value-added services for self-hosted or Appgate-hosted deployments
- Fast-tracked Appgate SDP delivery: With a single button click, deploy the industry-leading ZTNA solution in minutes
- Smarter policy decisions: Use security and endpoint system telemetry to dynamically define risk-based rules for more granular policies
- Maximized security investments: Break down silos between security, IT and business systems by building an interoperable, cohesive Zero Trust ecosystem
- Simplified day-to-day operations: Offload administrative management, monitoring and upgrading tasks for operators with as a service delivery and a shared responsibility model
Improving your organization’s security posture, integrating with your existing technology stack and cutting costs while helping your users have a better experience is a great path forward. So, when it comes to building out security strategies for 2023 and beyond, why buy a Swiss Army knife of solutions when a razor-sharp single blade that works with everything might be all you need?
Additional Zero Trust Network Access resources
Blog: Appgate SDP 6.1 Release Uplevels Posture Checks, Risk Data Integrations
Blog: Universal ZTNA: Zero Trust Network Access Anywhere Comes of Age
Blog: The Operational and Business Benefits of Appgate’s Zero Trust Platform
Video: 8 Key Concepts that Underpin Appgate SDP’s Design