Can SASE and Zero Trust Deliver Better Security?

Lively discussion focuses on separating buzz from reality

it technician works on laptop in data center full of servers with multiple people in the background
Shutterstock

The enterprise network has evolved into a seemingly amorphous entity that traverses on-premises, cloud, and edge environments and raises new management and security challenges. That may explain why so many IT practitioners are eager to find out whether the concept of a secure access service edge (SASE) model, or framework, first articulated by

But, as illustrated by an @IDGTechTalk Twitter chat on Sept. 30, sponsored by @ComcastBusiness, it can be difficult to delineate the hype and reality within a conceptual framework. Moderated by CIO, blogger, and industry speaker Isaac Sacolick @nyike, the online session brought together IT practitioners, consultants, and influencers to weigh into whether enterprise networks are up for today’s security challenges and, in particular, the roles that SASE, SD-WAN, and Zero Trust may play in securing the new network edge.

#IDGTechTalk Well, first I’d basically say networks are edge-less now… there’s no border in essence, and the WFH for orgs from COVID push that. If anything, strong auth (authentication) and ID mgmt (management) will lead and dominate. SD-WAN & SASE less so as...many if not all of these networks (& services) are not directly built or managed by orgs, other than some stitching together. QoS and general availability (say for 5G) will be the next thing to ensure org security, which still comes back to IDMgmt & auth Amélie E. Koran@webjedi
#ZeroTrust is less about the edge specifically, and more about the integrity of the whole. SASE and SD-WAN enable the flexibility of the enterprise to add to the application level access security and inspection. #IDGTECHtalk Wayne Anderson@DigitalSecArch

But many participants were only too eager to poke holes into what they view as the pretty formless framework that is SASE.

#SASE is just "here is a diagram that says you should do all the security things". #idgtechtalk Wayne Anderson@DigitalSecArch
#SASE still buzzword territory for me. I consider most things from major analyst firms to be buzzwords until there’s a sign of market adoption. Just not seeing or hearing about it yet. #IDGTECHtalk Will Kelly@willkelly

The trouble with trendy buzzwords is that it can take time before enterprises really understand what they may be buying into and whether products can live up to the hype.

[M]any "Alphabet Soup" products coming online, but many orgs have no real idea which/how to best implement. All those mentioned have a place, but first you need to develop a #Security strategy. That's the hard part but absolutely necessary #IDGTECHtalk Jack Gold@jckgld
There’s a lot of new #infosec technologies available. But why not use the fundamentals of information security to secure these? Not every new technology needs a new solution. Why not fix old problems before introducing new technologies? kb.cybeready.com/s/essential-to… #IDGTECHtalk Ben Rothke@benrothke

Zero Trust, a concept that’s been around for several years and increasingly is embodied in commercial solutions, seemed to have greater credibility:

It’s hard to talk about any modern security measures without talking about Zero Trust. This is the overall framework of securing more than just the edge or a specific technology, but the entire ecosystem. #IDGTechTalk Jason James@itlinchpin
Zero Trust is more about securing internal and external users ensuring that anyone working on the network is secure, and the business greatly reduces business risk. That saying, "No trust, no us" is literally the way businesses are going to start working. #IDGTechTalk Nick Gonzalez@nickg1421

But not everyone is enamored of how Zero Trust is marketed:

I think Zero-trust is rapidly and somewhat erroneously being adopted as corporate strategy rather than a technical capability particularly when it comes to securing a moving target like #edge. #IDGTechTalk Joanne Friedman@joannefriedman

Still, there’s plenty of recognition that businesses are struggling with how to reconcile security and their rapidly evolving network edges.

#IDGTECHtalk The phenomenon of #hybridwork, which is replacing traditional #work models, has pushed #organizations to embracing more robust and converged #security architecture, able to address emerging threats, to be future-ready and cloud-first designed and allowing all components of the system, #networking & #security to work faultlessly together, as part of a seamless framework. Elitsa Krumova@Eli_Krumova

To learn how organizations are planning to adapt cybersecurity postures to meet the new challenges of a cloud-focused, edge-reliant enterprise, read this recent report from Comcast Business: As Enterprises Transform, So Does Edge Security.

Related:

Copyright © 2021 IDG Communications, Inc.