SASE architectures allow IT to deliver networking and security to all locations, applications and users. This happens through tight integration of networking and security delivered through a single cloud platform. But one of the fundamental elements of SASE is its identity-based policy framework.
The identity of users, groups, and devices is the foundation of how SASE delivers its policy-driven access. But SASE policies can go even further to include not only the identity of a user, but also factor the context around that identity into a policy decision. This context may include things like location, device security posture, or even the time of day that an access attempt is made.
These factors can help SASE architectures develop and evolve least privileged access enforcement at the network level. Commonly referred to as Zero Trust network access (ZTNA), this micro-segmentation of the network is based on a user’s identity and then applies a policy-based decision to the request. There is no implicit trust in the network or user and every access request is denied by default until an identity-based authentication occurs.
While it is not often discussed, identity is the centerpiece of SASE… and with that comes a ton of advantages over traditional network security approaches.
The SASE model is a significant improvement to the traditional network access strategies that focused on the management of complex network settings. The typical network configuration using IP ranges and static network configurations is replaced with connectivity based on application and user-defined policies.
This shift not only strengthens the security of the connections, but also becomes far easier to manage and support. It also eliminates potential security gaps and ensures that policy enforcement is consistent throughout an organization. With its identity-centric foundation, SASE can automate tasks such as provisioning and revocation of access globally. And since everything centers around a user, the auditing of access across the entire organization becomes more granular and can be pulled from a single source of truth.
But the advantages do not stop at the administration side of the equation. Because connectivity is now tied to identity, users also get the benefit of a single connectivity experience regardless of the resource they are accessing or device they are using. Its seamless integration of security and networking services provides end users the same workflow to connect to private enterprise applications as they do to public cloud and SaaS applications. All authentication, security inspections, and connectivity requirements are abstracted away from the user and happen without a user juggling multiple tools.
Identity has long been the foundation of security so it is no surprise that it plays a key role in SASE. But using identity across an integrated network security experience gives it new super powers. Moving away from entrenched network security models that placed an overemphasis on IP addresses and static configurations will take time. But given the exponential improvements to security, compliance and productivity, this new approach will see rapid adoption over the next couple of years.