ZTNA and CASB: Combining Key Pieces of the SASE Puzzle

What’s Next for Zero Trust?

Everyone in the security industry has been knee-deep in the concept of Zero Trust for some time, and by all appearances, that’s not changing soon. 

Since the concept’s inception by Forrester in 2010, the general meaning of Zero Trust has evolved significantly, while the practical application has only just begun to materialize in the last 4-5 years. This has been the case over the last year, in particular, driven by the pandemic and massive growth in the remote workforce. As such we increasingly find ourselves living in a “Zero Trust” everything world. 

One of the fastest moving and most tangible developments in the sphere of Zero Trust is the emergence of Zero Trust Network Access (ZTNA). This set of best practices and technical capabilities offers an attractive solution to the pervasive issue of remote workers attempting to access applications – any time, anywhere – using both managed and unmanaged devices. 

While popular SaaS applications have spurred a revolution in the manner that employees gain access to and share company data, along with the development of related security controls, many organizations find themselves challenged to apply similarly efficient access across the entirety of their vast, hybrid IT environments.

Properly securing all of your cloud applications and data for remote users is a huge task in its own right – so, how do you address the larger challenge that also includes private applications, many of which still reside in the datacenter?

This is where ZTNA – a key step on the road to embracing Secure Access Service Edge, or SASE – is providing significant upside.


Why ZTNA, Why Now?

To quote Gartner, “ZTNA removes excessive implicit trust that often accompanies other forms of application access”. This is achieved by creating software-defined perimeters and enforcing adaptive, identity, and context-aware policies that can be managed in a centralized manner.

Further, unlike the traditional approach of simply employing VPNs to secure access between applications and “trusted” users, ZTNA also increases flexibility, agility, and scalability without exposing internal applications directly to the internet. 

To be specific, two of the primary benefits of ZTNA include:

  • Microsegmentation: Through the abstraction of access mechanisms, ZTNA isolates application access from network access, preventing data breaches due to over-entitlement of services and thwarting lateral movement by threats within the private network.

  • Full application cloaking: Eliminating the need to open inbound firewall ports for applications access, and preventing the exposure of internal applications to the Internet – reducing the risk of data exposure, and securing organizations from external threats and DDoS attacks.

And that’s just the tip of the spear, with the critical ability to provide consistent user experience to remote workers standing as another hugely important step forward.


ZTNA + CASB: A Powerful, SASE-centric Combination

ZTNA covers a lot of ground in terms of appending SaaS-like security and access properties to applications of all kinds. However, to gain maximum coverage and efficiency, you also need to account for everything cloud-related, and then roll all of this up into a central platform with unified policies, visualization, and threat prevention.

This is where ZTNA integration with CASB plays a critical role, and offering these capabilities in both integrated and standalone form is precisely the strategy that CipherCloud is pursuing with the launch of its new Zero-Trust Remote Access ZTNA solution.

As organizations continue to seek stronger and more efficient methods to account for all of their applications, specifically to support the remote workforce, we know that this powerful combination addresses a huge subset of evolving, SASE-centric requirements. 

This integrated security platform approach allows enterprises to extend existing SaaS security controls offered by CASB+ to private applications, whether an ERP system or an intranet site behind the enterprise firewall – enabling centralized security oversight and control across SaaS, IaaS, and on-premise deployments.

We believe strongly that this is the right path for both ZTNA and CASB because it is being directly informed by our clients as they move to engage SASE and address the current environment.

To learn more about related best practices and CipherCloud’s Zero-Trust Remote Access solution, join us for a hands-on, “how to” webinar: “Did you say ZTNA? How to: Securing Cloud Access and Remote Collaboration”

We hope to see you there!

The post ZTNA and CASB: Combining Key Pieces of the SASE Puzzle appeared first on CipherCloud.

*** This is a Security Bloggers Network syndicated blog from Blogs List with categories – CipherCloud authored by Matt Hines. Read the original post at: