There are now a number of other security concepts such as SASE, ZTNA and SSE that have been developed on the basis of Zero Trust. In the following, we will explain the most important differences.
How SASE and Zero Trust differ from each other
As we have discussed, Zero Trust is more of a basic concept that describes how authentication and authorization should be carried out. However, there is no definition of how these objectives can be achieved in practice.
Secure Access Service Edge (SASE), on the other hand, is a cloud-based network and security service that goes far beyond mere protection. The concept was presented in 2019 by the market research company Gartner. SASE connects network architectures such as VPN (Virtual Private Network) and SD-WAN (Software-defined Wide Area Networks) with security functions from the cloud such as web gateways, cloud access security brokers (CASB), firewall services and the Zero Trust concept. It is easy to manage thanks to a central management console.
However, SASE cannot be introduced overnight. SASE is rightly regarded as very complex and time-consuming to implement. For example, in a survey by market research company Techconsult, 36 percent of respondents said that Zero Trust and SASE were too complex for them to introduce. 33 percent reported a lack of expertise in the company and 26 percent said that costs were too high. This is why, two years after SASE, Gartner has presented another concept, Security Service Edge (SSE).
What is the difference between SASE, SSE and ZTNA?
SSE is in principle part of SASE, the part that focuses on security. Other aspects of SASE that relate to optimizing the bandwidth in the network or the WAN have been removed from SSE. This makes it easier to implement.
The most important components of SSE are zero-trust-based access to the network, also known as zero trust network access or ZTNA for short. ZTNA does not release the entire network, but only certain defined resources. Relevant questions include:
- Who wants to access the resource?
- Where does the request originate from?
- What policies are implemented for the situation?
- Did the access attempt lead to suspicious behavior?
ZTNA is usually supplemented with a Cloud Access Security Broker, which is intended to protect access to cloud applications and remote processes, as well as by Secure Web Gateways (SWGs) for filtering and monitoring content and firewall-as-a-service solutions (FwaaS).
How companies can gradually implement Zero Trust
How can you get started with Zero Trust? The software-based security solutions from NCP already meet the essential criteria of Zero Trust. With the NCP Secure Enterprise Management Server, access rights of user groups and individual users can be configured granularly. In addition, the solution supports modern methods for verifying the identity of users and end devices such as multi-factor authentication, machine certificates and endpoint policy checks.
This allows you to check, for example, whether the operating systems, virus scanners and certificates on the end devices are up to date. You can also manage applications and updates centrally and securely. Further, you can specify in detail which users, groups and applications are allowed to access which resources. This protects far more than just the classic perimeter.
Learn more about Zero Trust security from NCP now.