SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers

Video: 10 Minute IT Jams - SonicWall VP discusses SASE and zero trust

Thu, 4th Nov 2021
FYI, this story is more than a year old

A new direction for cybersecurity is emerging as companies shift away from the traditional data centre model. This trend, known as Secure Access Service Edge, or SASE, is picking up speed among technology companies responding to new demands for flexible, cloud-based security. 

At the forefront is SonicWall, a global cybersecurity provider, who outlined their evolving approach to SASE in a recent interview. Giant Tarpon, the company's Vice President of Products, explained that SASE represents "an umbrella architecture framework" for delivering security directly from the cloud, as opposed to the conventional system of routing traffic back to data centres for inspection.

"It's a framework for security that is delivered at the source - primarily through the cloud - versus the traditional data centre model where you have to help in all the traffic back for inspection," Tarpon said. "We constantly keep talking to our partners and customers to understand what they see happening in their world and what their end customers prefer with respect to deployment choices."

This push towards cloud-delivered security is not new. Tarpon pointed out that partners and customers have long been asking for more services to be delivered from the cloud, and SonicWall had begun shifting in that direction even before SASE became an established term. "We started moving more and more security services to the cloud because of that, and when SASE came out, it sort of fit into the scheme of things we were going with," he said.

SonicWall's own SASE journey has quickly accelerated. Tarpon described the recent launch of SonicWall Cloud Edge late last year, positioning it as a fully cloud-delivered solution that provides Zero Trust Network Access for both client and client-less environments. "Recently we also added stateful firewalling capability to it and that allows for TCP-level network traffic control as well as access," he added. The company plans to further expand its services next year, adding deep packet inspection and "a few other things" to bolster security inspections from the cloud, giving "partners and customers more and more security inspections delivered from the cloud."

SASE is not the only security concept reshaping the industry. There has also been widespread adoption of the Zero Trust security model, fuelled by the shift to remote working. But the two are often conflated, and Tarpon was keen to underline the distinction.

"There's a clear distinction between the two," he said. "Zero Trust is in existence for some time already and it's more about access control, while SASE is a more recent introduction about delivering security near the source where users are, where they are accessing devices or the network."

He explained that traditional VPNs typically granted broad access to networks, assuming a level of implicit trust, whereas Zero Trust requires every access request to be explicitly granted, regardless of user or device. "No implicit trust," Tarpon stressed. "Every access request you make to an application or a server needs to be granted."

Zero Trust, as Tarpon noted, can be implemented in multiple ways: "There are vendors who, and even us, provide Zero Trust using on-prem, cloud or hybrid architectures." By contrast, SASE "is more of a cloud-delivered architecture that encapsulates the principles of Zero Trust for access, but it is more than just Zero Trust Network Access." Tarpon said SASE expects vendors to secure customer data and intellectual property, and demands greater functionality such as deep packet inspection to prevent data leakage.

Despite their differences, the two models share some common ground. "SASE does use Zero Trust for that DNA, but it's more than that," Tarpon explained.

He also addressed a common concern among IT professionals - that adopting Zero Trust requires a ground-up rebuild of security systems. "Zero Trust is a model, and in today's environment where work from anywhere is what we're doing, something like Zero Trust is a must-have to keep us safe," he said. "We don't want to give full access to the network to somebody who may not be in a secure environment. Even if we do, we want to make sure they have the right access privileges to the right network resources or application resources."

It is a challenge that governments have begun to take seriously, he said. "Recently, a lot of government organisations, including the US government, released a draft for Zero Trust guidance. They are taking it very seriously. I just feel it's the right thing to do, the right thing to implement for organisations."

For SonicWall, Zero Trust is already a core part of their "boundless cyber security solution". Tarpon pointed to both traditional and cloud-based offerings: "We not only have a SonicWall Cloud Edge, where we provide Zero Trust Network Access solution which is delivered from the cloud, but our advanced VPN solutions such as Secure Mobile Access also deliver Zero Trust for both client and client-less access."

Whether companies need to overhaul their security systems entirely depends on what they already have in place, Tarpon contended. "If you are an advanced VPN solution, you may be able to achieve Zero Trust by adding new components without having to replace the whole thing. Many large enterprises fall into this category, and I don't see them ripping off everything they have," he said. "But at the same time, if you are a small company or if you have an old traditional VPN solution that grants broad access, then it may be the right time for you to move to a completely cloud-delivered solution, because it's not a huge leap for you."

He concluded, "You don't need to replace everything - you could take advantage of what you have and move to a Zero Trust model."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X