An element of SASE which we get a lot of questions on is how to achieve Zero Trust principles, especially around network access. Zero Trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.
Excellent guidance has been recently released by the NSA and NCSC giving concrete and viable recommendations helping achieve Zero Trust across organisations. A lot of the guidance matches SASE principles of focusing on user identity, device reputation and the data that users are accessing.
Transitioning to a mature Zero Trust architecture all at once is also not necessary. Incorporating Zero Trust functionality incrementally as part of a strategic plan can reduce risk accordingly at each step. Like most security principles that we encourage at Saepio, gradual maturity through a risk based and prioritised approach is the key to long term security improvement.
The NCSC’s guidance can be more friendly for UK organisations already aligning to NCSC frameworks and language structure. The link below includes hyperlinks to the individual 8 principles.
It’s not a coincidence that a lot of the outcomes found in SASE and Zero Trust architectures are also priorities for organisations now. The Gartner Top 10 2020-2021 security projects are a great way of beginning to put SASE and Zero Trust on the wider business’s agenda as key IT and security initiatives.
Saepio constantly evaluate the guidance and best practise from global security and national intelligence agencies to ensure that we can provide guidance for our customers on some of these objectives. If looking at implementing Zero Trust, or SASE is something you’re considering but aren’t sure where you’re at in your maturity, or not even sure where to start, we’re on hand to help.