Zscaler’s single-vendor zero-trust SASE brings a new approach to an old problem

This syndicated post originally appeared at Zeus Kerravala – SiliconANGLE.

The rise of hybrid work and distributed applications has created a problem that’s not so new but has been exacerbated.

On-premises security has been the de facto deployment model for decades, but as businesses have become more distributed, on-premises have struggled to meet security demands. The pandemic-induced hybrid work model underscores the difficulty of putting corporate-grade security wherever a user is.

The management complexity would be overwhelming even if a business could afford firewalls everywhere. Secure access service edge, or SASE, has been looked at as a solution to this problem, but there are many flavors of it, many of which are tied to software-defined wide-area networks, which largely replicates the on-premises deployment model.

This week, Zscaler Inc. announced what it bills as the industry’s first zero-trust SASE. The company has built this offering on its zero-trust artificial intelligence, which includes cyberthreat and data protection capabilities, including integrated firewall as a service, secure web gateway, cloud access security broker and data loss prevention services.

I had a chance to discuss this new offering in a briefing with Naresh Kumar (pictured), vice president and general manager of product management at Zscaler. He told me the company wanted to apply its zero-trust principles and apply them in other areas.

“This is the industry’s first SASE built on zero trust,” he told me. “We always wanted to make sure we take those zero-trust principles — not just from users, even going beyond users — and that’s the focus of this launch.”

Flipping the model

Old-style network and firewall architectures are complex and unsuitable for today’s challenges, which increases risk. According to Zscaler, it built this new offering on its zero-trust architecture, which uses business policies to determine user and device access.

“You have to flip the model because it reduces the business risk,” Naresh told me. “The communications need to be brokered through an exchange based on certain principles, whether it’s identity, context or any other aspects about risks. Zero trust is SASE is going to make that available.”

Zscaler’s approach connects every user, location and cloud through its Zero Trust Exchange platform, which means zero-trust protection extends beyond users to devices and server traffic. The company uses an adaptive AI engine to assess user, device, destination and content risk, using 500 trillion daily telemetry signals.

Key features

The company breaks this new offering into three key feature sets, including:

  • Plug-and-play z-connector appliances, which work alongside the existing virtual appliance, provide seamless deployment and integrated gateway features, eliminating the requirement for extra routers or firewalls at branch locations.
  • Integrated secure service edge or SSE, which provides comprehensive zero-trust AI cybersecurity and data protection features, incorporates FWaaS, SWG, CASB and DLP services.
  • Centralized management enables the utilization of a cloud-based management console for centralized policy management across users, locations, and various cloud environments.

Zscaler’s platform eliminates the need for individual products, which the company says will reduce costs and simplify and streamline management for information technology teams. Those teams can enforce detailed forwarding policies for internet, software-as-a-service and private applications, gain centralized visibility and management, and harness AI-driven internet of things device discovery and classification. This approach should improve overall security for users while eliminating extra firewalls and edge routers at branch locations.

A unique approach

Zscaler’s approach is unique, something that Naresh underscored. “Users and organizations want a cafe-like branch experience to empower hybrid work,” he said. “Hybrid employees expect the same seamless and secure access they would have in an office setting, whether at home or on the go, without having to access their applications over a slow, cumbersome VPN. Zscaler Zero Trust SD-WAN will connect and secure users, devices, sites and clouds using our single-vendor SASE platform without the risks of traditional SD-WAN.”

In the announcement, Zscaler quoted Mike Gemza, chief technology officer of Cornerstone Brands. He said that using Zscaler, his company has implemented a zero-trust framework across its branches, data centers and the cloud. “The implementation of Zero Trust SD-WAN has empowered us to protect our business against increasing cyberthreats by reducing attack surface, preventing lateral threat movement, and enhancing application performance with a nonroutable WAN,” he said.

What’s behind this new offering from Zscaler?

For a long time, my thesis has been that computing changes drive network changes. The industry is undergoing a massive computing change – the shift to hybrid multicloud. Although many SASE offerings are available today, Zscaler’s “native” zero-trust SASE is aligned with that change as it’s not an overlay.

When Zscaler first launched, I was skeptical about whether businesses would buy into the proxy approach and be willing to ditch their tried-and-true on-premises firewalls. It’s a big leap of faith, but the ones that have appear more than satisfied with the results. Now, customers can augment their zero-trust deployment with a range of cloud-based security services, improving security and reducing complexity.

Author: Zeus Kerravala

Zeus Kerravala is the founder and principal analyst with ZK Research. Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice.