Taking zero trust to the edge

Published on the 24/02/2021 | Written by Heather Wright

Zero trust_Cybersecurity WFH

Reshaping cybersecurity (again) for the remote work era…

Remote work may have been – and continues to be – a lifesaver during the Covid pandemic, but its unprecedented rise in the past year has resulted in an equally large increase in cyber attack attempts.

With the network security perimeter continuing to disintegrate, VPNs remaining problematic for many and threats, both external and internal, increasing, zero trust architectures are increasingly being touted.

“Users will certainly be kept away from the bad parts of town.”

Joining the fray this month is Forrester with its zero trust edge model for security and network service, with security and networking combining against a common enemy, providing integrated services and consistent policies no matter where staff are working.

Forrester senior research analyst David Holmes is certainly talking the model up.

“This is big, folks. This is really big… This could be the biggest technological transformation since sliced bread, Dorito tacos or public cloud,” he enthused.

Exciting, right?

Well, hold on there a minute: At its heart, the zero trust edge model is the old(er) secure access service edge (SASE) model, just masquerading under another name – one Forrester says is designed to put more focus on ‘zero trust’.

Forrester, which has just published its Introducing the Zero Trust Edge Model for Security and Network Services report, says zero trust edge solutions securely connect and transports traffic, using zero trust access principles, in and out of remote sites leveraging mostly cloud-based security and networking services.

(Gartner, meanwhile, has been pushing zero trust network access, a concept that’s actually been around for more than a decade. It’s a security architecture where only traffic from authenticated users, devices and applications are granted access to other users, devices and applications within an organisation. Last year Google debuted its BeyondCorp Remote Access product, based on the zero-trust approach to network security, which it had been using internally for nearly a decade.)

So what about Forrester’s zero trust edge network?

Holmes says it’s a safer on-ramp to the internet for organisation’s physical locations and remote workers.

“A zero trust edge (ZTE) network is a virtual network that spans the internet and is directly accessible from every major city in the world,” Holmes says in a blog post.

“It uses zero trust network access to authenticate and authorise users as they connect to it and through it. If those users are accessing corporate services like an on-prem application or Office 365, they may rarely even ‘touch’ the internet (except to be safely tunnelled through it), and they’ll certainly be kept away from the bad parts of town.

He says it’s a hot topic with Forrester clients – ‘well over half’ of the enquiries he fields are on the topic.

And they’re looking to the ZTE model, which comes as a cloud-delivered service, WAN connection service with ZTE around it, or a do-it-yourself offering, to tactically solve a specific problem: Securing that remote workforce.

“These organisations realise that acquiring more VPN licenses during the Covid-19 lockdown was just a stopgap measure to keep people working. Now they’re looking for a zero trust network access (ZTNA) solution.”

ZTE is also being touted as an option for securing IoT devices which don’t allow third party software to be installed on them.

“Putting simple ZTE connectors into the network that route traffic from sites with IoT devices to the appropriate cloud service or enforce policies locally (delegated from that cloud service) will give organisations uniform visibility and control that otherwise would require a separate set of products,” says Forcepoint director of SASE and Zero Trust solutions, Jim Fulton.

Vendors such as Zscaler, Akamai and Netskope are lining up with ZTNA offerings, which Holmes dubs a ‘primary security service’ for ZTE vendors’ stacks.

Holmes says ZTE will be adopted in stages.

“In the future, after other technologies like secure web gateway, cloud access security broker, and DLP are integrated into the stack, organisations will look to put all their network traffic through these ZTE networks.”

That, Holmes says, is where security and network teams will have to work together ‘because legacy on-prem networks are heterogenous, and the migration of giant data centres or 12-storey hospitals using software-defined WAN (SD-WAN) as a transport into the ZTE networks will be a challenge.

“No one I’ve talked to has done it and honestly, these are still early days for the model,” he says.

“So, we’ll solve the tactical problem (remote workforce) first with ZTNA. We’ll move on to the larger security challenges next. And finally, we’ll address the network.

“In the end, remote users, retail branches, remote offices, factories, and data centres will be connected to ZTE networks that will use zero trust approaches and technologies to authenticate, sanitise, and monitor connections through the network and into the internet and public clouds.”

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...