What is SASE?
Gartner helped define the term, “SASE” or Service Access Service Edge. SASE grew because CIO’s and CISO’s needed to define a new “edge” or a secured entry point for work-from-anywhere employees to connect into prior to gaining access to the actual corporate network. Previously, users would terminate their remote connection via virtual private networks or “VPNs” into a device located within their companies’ data center. In a SASE model, organizations could leverage a cloud-based SASE service to become the new edge.
Users would connect into the SASE service first, then companies would activate their “Zero Trust” endpoint security model by defining authentication policies prior to the user accessing the internal corporate network. The SASE solution would leverage the service provider's SD-WAN for ease-of-use global proximity point of presence connectivity for less latency while implementing a consistent security endpoint security model.
Old-School Security and the Evolution of the Edge Network
Organizations have been attempting to define “the edge network” for many years, as the popularity for work from anywhere rises. The edge of the network seems to evolve based on the location of the end user and/or client to the companies’ applications along with product and services.
The original network architectures would define various internal virtual networks or “VLAN” while defining public accessible environments as de-militarized zones or “DMZ”. These architectures were very static in design. Strict firewall rules along with locking down the networks with access-control lists became an operational nightmare.
As companies added new users, applications, and services, making changes to the network became a train wreck for IT operations and change control teams. More often, companies would spend weeks planning for the changes to their networks and systems. These changes more often would require client and internal user outage.
As the need to support a more “robust work-from-anywhere workforce”, the concept of the edge completely changed. Users now needed access to a variety of systems securely from anywhere at any time. The growth of VDI (virtual desktop infrastructure) and hosted streamed applications began with Citrix and VMware. These companies helped deliver a better and more secure experience. The users could access a secured desktop remotely while companies could lock down the data transfers and screen sharing by virtual machines within their data centers or cloud.
New-School Security Needed for the New Edge: Introducing Zero Trust
With the evolution of VDI, the challenge of “trusting the endpoint” began to be a must-needed strategy. Along with trusting the endpoint, the concept of continuous verification of the user’s identity also became paramount to chief security officers. Gartner along with vendors including Zscaler, Cisco, Netskope, and Palo Alto began to market the strategy around Zero Trust or better known as “all systems are untrusted to start with.”
Zero Trust as a security model helped define the various stages of end point and end user validation through authentication, multi-factor authentication (MFA), device compliance, authentication by application, and authentication by user access requirements. While companies began to define the Zero Trust model, the idea of what is the edge of enterprise still continued to be a challenge for CIOs and CISOs. In recent years, the edge of the enterprise could be the employees home network, the local coffee shop or through Verizon 5G mobile spots. The edge became more fluid and less static, requiring a new way of thinking to handle the hybrid workforce.
In current Zero Trust/SASE models, once the user has authenticated and their device has passed the security compliance requirements, is the corporate network and data safe? Well, yes in many cases. The device is validated for patch levels, compliance, and users’ access is restricted either by application or network.
However, how will the corporate know that the user is really that person? This fundamental security question has been a driving force before the growth of enterprise-wide identity verification security.
Additional Authentication Strategies: Continuous Identity Verification
Leveraging identity verification tools, including facial recognition, has become a much-needed addition to the SASE/Zero Trust model. Along with facial recognition, the ability to shut a system down if the work-from-anywhere employee walks away from their device is also a paramount security requirement. Maintaining continuous identity verification is the only real way to ensure your user is who they say they are.
SessionGuardian’s security pioneers continuous identity verification. It works by locking down the work-from-anywhere employee’s computer when that user places their device down or walks away for a moment. This prevents shoulder suffering. The software also detects mobile phones, and prohibits any user from taking a photo of their screen. Going even further by preventing screenshots/screenshares. Schedule a demo to see for yourself.
SASE with Zero Trust is a must for organizations, especially ones with work-from-anywhere employees. Yet, even with these strong edge security and connectivity capabilities, the end-user protection is very much needed to mitigate the risk to corporate data. Companies need to gain access while ensuring the user is really who they are during the entire session. SessionGuardian brings that additional layer of protection.
Welcome To The New Normal
Leading security companies like SessionGuardian were designed to address the critical gap caused by human behaviors. By leveraging our software, companies can deploy continuous identity verification into their VDI/DaaS protection strategy. Schedule a demo today to see the power of SessionGuardian’s technology.
