The way we work has changed dramatically over the past few years. Gone are the days when we all worked in a centralized office, using only company-owned devices to access company applications and data. Today’s workforce is distributed, and people use a variety of devices to access work resources, from laptops and smartphones to tablets and personal computers.
Those devices increase our risk exponentially. Consider how many devices you have in your own home that are connected to the internet. Multiply that by the number of employees your organization has, and then multiply that number by the number of accounts each device and employee has and you can begin to fathom how big the risk and the problem are.
Traditional security models that rely on firewalls, VPNs, and perimeter security are no longer effective. Instead, organizations must move to a new approach that can secure their data and applications regardless of where they are accessed from. The two dominant approaches are SASE (Secure Access Service Edge) and Zero Trust.
Device Trust Anchors SASE, SSE, and Zero Trust
Device trust anchors SASE, SSE, and Zero Trust; in order to explore how that happens, let’s see first how they are interrelated. SASE is an emerging network architecture that combines network security functions, such as firewall and web filtering, with wide-area networking technologies like SD-WAN. The goal of SASE is to provide a single, cloud-delivered platform that delivers secure access to corporate applications and data to anyone, anywhere, on any device. SASE is the evolution and application of security technologies into the Google “cafe everywhere” style of security architecture.
SSE (the Security Service Edge) can be considered a subset of the SASE framework, with its architecture squarely focused on security services. Delivered from a unified cloud-centric platform, SSE frees teams from the challenges of traditional, perimeter-focused network security.
Zero Trust, on the other hand, is a security model that assumes that all access attempts (from everything) are malicious until proven otherwise. Devices, humans, accounts, files, accesses, truly everything is untrusted until proven otherwise, and all connections are session-reliant. Instead of centering on a perimeter-based approach to security, Zero Trust requires organizations to verify the identity of users and devices before granting access to any resource.
Device Trust Rules Them All
SASE, SSE and Zero Trust pivot on device trust as a key component of their security strategy. There are three main reasons today’s security solutions point back to device trust:
Devices are the primary access point for users
In today’s world, users access work resources from a variety of devices. These devices are the primary entry point into the corporate network and contain sensitive data. As a result, it’s essential to ensure that these devices are trustworthy and secure. Those many access points and their associated connections are each an additional avenue of compromise that must be secured at every session that is initiated.
Device trust ensures that only authorized devices can access the corporate network. It enables organizations to verify that devices meet minimum security standards before granting access to any resource. Not having this capability also invalidates a corporate security compliance program as without managing those remote devices there is no level of corporate assurance and accountability.
Devices are vulnerable to attack
Devices are a prime target for cybercriminals. Attackers can compromise devices through phishing, malware, or other tactics, allowing them to gain access to sensitive data. Once they have access to a device, attackers can move laterally across the network, accessing additional resources. Devices are also connected to those remote networks that our employees work from at home and abroad. As we do not necessarily have the ability to manage those networks; all of the devices and those networks must be treated as compromised.
Device trust helps prevent these attacks by requiring devices to meet minimum security standards before granting access. It also enables organizations to monitor devices for suspicious activity, helping to detect and prevent attacks. Additionally, by applying security controls outbound and as far reaching as possible allows for additional security control and remediation of potential risks and threats.
Devices can be lost or stolen
Devices can be lost or stolen, potentially exposing sensitive data to unauthorized access. Device trust policies can help prevent this by allowing organizations to remotely wipe data from lost or stolen devices.
In conclusion, device trust is a critical component of both SASE and Zero Trust security models. It helps ensure that only authorized devices can access corporate resources, that devices meet minimum security standards, and that lost or stolen devices can be remotely wiped. By relying on security centered around device trust, organizations can enhance their security posture and reduce the risk of data breaches.