What are ZTNA and SASE?

Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) are security frameworks that are designed to provide stronger protections for modern IT environments. 

ZTNA heightens security for remote connections by requiring that every user, device and application be authenticated and continually validated before being granted access to resources on an IT network. Rather than granting broad access to network resources as VPNs do, ZTNA security only grants access to the resources that a user or device needs in the moment to perform a specific task. This helps to significantly improve security by preventing attackers who have breached one part of the network from moving laterally within it.

SASE is a cloud-based model for architecting and securing IT networks. SASE converges networking and security functions in a single, cloud-based service that replaces multiple point products. While there is no single blueprint for creating a SASE architecture, most implementations combine Software-defined Wide Area Networking (SD-WAN) with a Secure Web Gateway (SWG), a Cloud Access Security Broker (CASB) and ZTNA technology. 

Together, ZTNA and SASE provide stronger security, streamlined management, reduced costs and a comprehensive view of the network and network security.

Zero Trust and SASE have been widely adopted by organizations striving to manage networking and security more easily in the face of fundamental changes in IT environments. As organizations embrace cloud computing, hybrid workforces, SaaS applications, BYOD and mobility, traditional network security activities like managing VPNs or performing security inspections in a central data center have become too expensive and ineffective at protecting organizations, data and users.

SASE solutions overcome these challenges by abandoning the traditional castle-and-mote approach to security. Rather than backhauling all traffic through a data center for inspection, SASE moves security functions closer to the edge and to the users, devices and applications that need them. SASE security focuses on authenticating identities rather than inspecting traffic and on strictly controlling access to the network and IT resources within it.

Complementing the security focus of SASE, ZTNA solutions help tightly control access to IT networks. Legacy remote access technologies like VPNs and firewalls often enable users and devices to move freely throughout a network after initially gaining access. But this practice makes it easy for attackers who have entered a network with stolen credentials to navigate unopposed within it, accessing high-value assets, exfiltrating data and disrupting operations. 

In contrast, Zero Trust Network Access products assume that no user or device inside or outside the network is safe – every request for access to IT resources and networks must be authenticated and continuously validated. ZTNA also grants least-privilege permission, preventing users or devices from gaining broad access to the network. Strict identity and access management controls like Multifactor Authentication (MFA) help to prevent unauthorized access.

SASE and Zero Trust Network Access solutions combine to offer significant advantages for organizations and their users and IT teams.

• Stronger security. ZTNA helps reduce the attack surface by preventing unauthorized access and lateral movement attacks, while SASE solutions enable security teams to unify policies and gain full visibility into WAN and internet traffic. 
• Superior user experiences. ZTNA and SASE both reduce latency in the network. ZTNA technology delivers faster performance than VPNs, which introduce latency by backhauling traffic through a central network hub. SASE moves security functions closer to users and devices at the edge, minimizing latency and improving user experiences and performance across the board.
• Ease of management. By integrating solutions, increasing visibility and streamlining the network and security technology stack, ZTNA and SASE technologies simplify management of networking and security and enable IT teams to do more with less. 
• Fast deployment. ZTNA solutions can be deployed in a matter of days, far faster than traditional technologies.
• Reduced costs. By converging networking and security solutions on a single platform, SASE enables security teams to eliminate the cost of buying and managing multiple point products.

In addition to ZTNA, SASE architecture typically includes several other core components that together provide a multilayered and highly effective approach to managing networking and security within a modern IT environment.

• Software-defined wide area networking (SD-WAN) uses the principles of software-defined networking to manage and route traffic across a wide area network more intelligently and effectively. SD-WAN creates an overlay that virtualizes the management of network connections, enabling organizations to use multiple, inexpensive commodity connections like cable, fiber, wireless and DSL alongside standard MPLS connections to improve performance, reduce costs and achieve greater flexibility. 
• Cloud access security brokers (CASBs) are services or applications that sit between a cloud provider and an organization’s users and on-premises infrastructure, serving as gatekeepers to enforce security policies for users accessing cloud resources. CASBs often include the ability to identify and block malware, data loss prevention services to prevent leaks, authentication services to manage user credentials and control access and web application firewalls to stop malware at the application level.
• Secure web gateways (SWGs) inspect inbound and outbound web traffic to prevent unwanted threats from entering an organization’s network and to block users from accessing malicious websites or web resources with viruses and malware. Secure web gateways typically include capabilities for URL filtering, antivirus measures, application control, malicious code detection and filtering and data loss prevention.

Recognized as a leader in cybersecurity by NSS Labs, Forrester and Gartner, Forcepoint offers market-leading solutions designed to protect the modern enterprise while driving digital transformation and growth.

Forcepoint ONE is an all-in-one, cloud-native security platform that enables organizations to adopt a single-vendor SASE solution with simple, safe and scalable ZTNA technology. When combined with Forcepoint FlexEdge Secure SD-WAN, Forcepoint ONE secures access to the web, cloud and private apps while providing continuous control over data and streamlined network management.

With ZTNA and SASE solutions from Forcepoint, organizations can:

• Let users work how and where they want while safeguarding access to private apps through agent-based and agentless deployment.
• Support Zero Trust principles on the web, in the cloud and in private apps.
• Reduce threats and protect users with integrated solutions for ZTNA, CASB, SWG, a next-generation firewall (NGFW) and unified threat management services.
• Securely connect offices and remote sites while delivering the fastest internet speeds possible with maximum resiliency.
• Simplify compliance with consistent visibility and strong controls for global data and privacy regulations.
• Safeguard users browsing the web at lightning-fast speeds.
• Secure access to over 800,000 cloud apps on both managed and unmanaged devices. 
• Prevent data leaks and loss with best-in-class DLP capabilities.