Which Zero Trust solutions are most effective at protecting data at the enterprise level?

Another security concept here is the “Secure Access Service Edge” (SASE).  You purchase the entire remote access and security stack outside your own data centers. It’s particularly good for companies that are national or international because a large provider can provide those access points no matter where they are. We're used to the model of surrounding everything with a fortress, with remote access servers granting access at the edge, plus all the services needed to decide whether you let them in or not. The SASE concept is about buying that as a service and it fits in with Zero Trust. Instead of using your own bandwidth in and out of your company, a user’s remote access laptop would connect to the SASE provider (such as vendor Zscaler), and they do the authentication and security.  With Office 365, for example, user traffic can simply be routed directly to Microsoft, with no need to route that back to your own data centers. The SASE vendor needs a link to your Active Directory to authenticate users, but in some cases, if they're using email and SaaS, users are redirected out to the Internet from there, and their traffic may never even come back into to your “fortress” and your data center unless the user starts using an in-house application. Then only that traffic would come back to your fortress. If the user needs Office 365, just route them there. If they're going to some SaaS platform, just send them to where that’s hosted.  There’s no need to send user traffic back to company data centers at all unless they really need to come back there for it.  Oh, OK, it sounds like we’ll be discussing SASE technology in the next session!

Anonymous Author
Another security concept here is the “Secure Access Service Edge” (SASE).  You purchase the entire remote access and security stack outside your own data centers. It’s particularly good for companies that are national or international because a large provider can provide those access points no matter where they are. We're used to the model of surrounding everything with a fortress, with remote access servers granting access at the edge, plus all the services needed to decide whether you let them in or not. The SASE concept is about buying that as a service and it fits in with Zero Trust. Instead of using your own bandwidth in and out of your company, a user’s remote access laptop would connect to the SASE provider (such as vendor Zscaler), and they do the authentication and security.  With Office 365, for example, user traffic can simply be routed directly to Microsoft, with no need to route that back to your own data centers. The SASE vendor needs a link to your Active Directory to authenticate users, but in some cases, if they're using email and SaaS, users are redirected out to the Internet from there, and their traffic may never even come back into to your “fortress” and your data center unless the user starts using an in-house application. Then only that traffic would come back to your fortress. If the user needs Office 365, just route them there. If they're going to some SaaS platform, just send them to where that’s hosted.  There’s no need to send user traffic back to company data centers at all unless they really need to come back there for it.  Oh, OK, it sounds like we’ll be discussing SASE technology in the next session!
0 upvotes
Anonymous Author
I know that for some companies, business intelligence (BI) and data management have to be running on internal databases for the most part. Our data and BI stuff is all done externally now. It's hosted somewhere else and all the data is piped in through somewhere else, so we don't have that issue anymore.
0 upvotes