Coined by Forrester, ZTE (Zero Trust Edge) is a term that describes a new solution for networking and security infrastructure. ZTE converges networking and security while ensuring secure access to resources based on zero trust access principles.
ZTE is a virtual network, based on SD-WAN and the cloud, that is accessible to users worldwide. By employing ZTNA (Zero Trust Network Access) controls, users are authenticated and authorized before they gain access to resources. ZTNA is not the only security technology in ZTE. The ZTE architecture also includes SWG, CASB, Sandboxes, and IDS/IPS.
Unlike legacy network and security solutions, ZTE’s scalability, zero-trust architecture, and optimized performance ensure that remote employees can access organizational resources securely and efficiently from anywhere. Real-time threat protection and consistent policy enforcement across various locations provide a seamless experience for remote employees, without compromising security or performance.
SASE (Secure Access Service Edge) is a term coined by Gartner to describe a similar network architecture. According to Forrester, ZTE is similar to SASE, but ZTE places more emphasis on the zero trust aspect.
With the traditional perimeter dissolving, legacy security solutions have become insufficient and insecure. Employees no longer work only at the office, and they remotely access company resources from various locations around the world. Plus, businesses are attempting to find new and more secure ways to connect with their global customers. The rise of e-commerce, cloud services, and mobile technologies also requires advanced solutions, which legacy solutions cannot provide.
ZTE enables users and devices to securely connect to enterprise resources from anywhere. By operating according to the principle of “never trust, always verify”, zero trust access ensures users are not provided with access until they are verified. The zero trust model is not just about denying access until verification, it’s about continuous monitoring and validation. Even after initial access is granted, the system continues to evaluate the users and devices, adjusting permissions and access as needed.
ZTE also provides comprehensive network visibility. In legacy models, once a user or device was inside the network, they often had wide-ranging access with little monitoring. With zero trust security, every action is logged. This level of visibility enables organizations to respond rapidly to threats and also provides valuable insights for ongoing security improvements.
Zero Trust Edge is based on a combination of zero trust authentication, security controls, and SD-WAN. All users, including remote users, are authenticated and authorized before being given access to on-prem resources, according to the principles of zero trust. This means they are continuously verified according to their identity, rather than given implicit access that is based on their IP address.
In addition, various security controls, such as ZTNA, SWG, CASB, IPS/IDS, and Sandbox, are hosted either within an edge network or on-premises. These controls help secure the system and connectivity. When connecting to cloud resources, for example, users connect via CASB.
Finally, SD-WAN is employed at physical locations at the branches, ensuring high-performing and secure connectivity. SD-WAN also supports east-west segmentation, further enhancing security.
When ZTE is cloud-based, organizations can employ a single set of consistent policies across all controls, users, and resources. This provides context, reduces errors, and ensures seamless security protection without hiccups.
In addition, deploying ZTE as a single, converged solution creates visibility across the entire network, enabling monitoring and management that can help make data-driven decisions.
ZTE integrates cloud security and networking, offering a comprehensive solution with several key benefits:
1. Comprehensive Security
ZTE’s approach to security is holistic. Every connection is meticulously authenticated, inspected, and secured, providing robust defense against potential threats. This continuous verification ensures that trust is never assumed but always validated. Consequently, IT professionals can have peace of mind knowing that each connection and transaction is secure, regardless of where users are connecting from, what applications are being used, or what type of encryption is in place.
2. Saved Costs
ZTE saves costs primarily by consolidating various networking and security functions into a single cloud-based service. By integrating SD-WAN capabilities with security services, organizations can reduce the need for multiple standalone appliances and services. This not only lowers hardware and software costs but also simplifies management and maintenance.
The cloud-native architecture of ZTE also allows for scalability and flexibility, enabling businesses to pay for only what they need, further optimizing costs. Additionally, by enhancing security and connectivity, ZTE can reduce the risk of costly security breaches and downtime.
3. Improved User Experience
By integrating SD-WAN with security functions and delivering them from the cloud, ZTE ensures consistent performance and security policies across different regions and devices. This leads to reduced latency and a more responsive experience, as traffic is intelligently routed through the optimal path. Users can access the resources they need without cumbersome VPN connections or noticeable delays, whether they are in the office, at home, or on the go. The convergence of networking and security in ZTE creates a streamlined and efficient user experience, encouraging productivity and fostering satisfaction.
While ZTE offers many advantages, especially in the context of remote worker security, there are significant challenges that organizations must navigate to fully realize the potential of the ZTE model.
1. Modern vs. Traditional Applications
Modern web applications that support identity federation can be more easily configured in a ZTE environment. However, applications built on non-web protocols present challenges. The absence of standardized protocols for integrating these legacy applications into a ZTE environment can lead to compatibility issues and complexities in deployment.
2. Integrating OT and IoT with ZTE
IT professionals must consider the integration of operational technology (OT) and Internet of Things (IoT) devices. The diverse nature of OT and IoT devices, coupled with their varying security protocols, can create vulnerabilities within the ZTE environment, making management challenging.
3. Cloud Migration Considerations
Organizations may need to undertake cloud migration before transitioning to ZTE protection for certain enterprise assets. This process can be time-consuming and complex, requiring careful planning and execution.
LayerX offers a browser-based authentication solution that provides secure access to SaaS and web applications, from both managed and unmanaged devices. Access policies are based on zero trust security and the principle of least privilege. By using LayerX as an additional authentication factor, enterprises enhance their protection.
LayerX can be used as part of a ZTE solution to provide zero trust-based browser security for users who are connecting to resources. The LayerX extension can be used to configure and enforce zero trust security policies to resources and monitor user activity, to ensure secure connectivity.
LayerX integrates seamlessly with existing SaaS identity providers and there is no need for VPNs or other dedicated network infrastructure. This not only eliminates the costs associated with VPN setup and maintenance but also ensures a rapid and seamless connection to SaaS apps directly from browsers.
LayerX deployment is quick and easy, allowing the rolling out of access protection across the entire workforce without agents or disruption to the user experience, thereby significantly enhancing secure access posture with minimal impact.