What is Zero Trust Edge (ZTE)?

Remote Work is the New Norm

Future enhancements will add software-defined web gateway (SWG), cloud access security broker (CASB), intrusion prevention system (IPS) and sandboxing capabilities to the cloud security service stack. In addition, limitations in software-defined WAN (SD-WAN) technologies will eventually be overcome to one day authenticate, sanitize and monitor remote users, retail branches, remote offices, factories, and data center network connections into the Internet and public clouds.

The COVID-19 pandemic accelerated the growing shift to remote work. In the midst of the pandemic, many organizations moved most or all of their employees to telework. As things return to normal, many organizations have realized the benefits of remote work and plan to support it indefinitely.

This creates new business and security challenges for organizations. Employees need to be connected and able to work from anywhere while protected against cyber threats. However, traditional methods for achieving this – such as adding more point security products to address specific use cases – are unscalable and impair security teams’ efforts to maintain visibility into and secure their environments.

Enter Zero Trust Edge (ZTE)

In January 2021, Forrester analysts David Holmes and Andre Kindness released their vision for a network fabric where security is delivered from the cloud in the paper Introducing The Zero Trust Edge Model For Security And Network Services. This vision complement’s Gartner’s secure access service edge (SASE) model for the future of security, noting how SASE implements zero trust at the network edge by converging networking and security services.

Forrester sees ZTE first adopters applying ZTNA (zero trust network access) principles to securely connect remote users and offices to the Internet and to corporate applications they connect with. This improves performance by moving the security stack closer to the user and the application. In his blog Take Security to the Zero Trust Edge, David Holmes notes that “the ZTE model is a more secure on-ramp to the internet for organizations’ remote workers and physical locations”.

The Future of the ZTE Model

With ZTNA in place, future technologies like SWG, CASB and DLP will be integrated into the cloud-delivered security stack. Today, large data centers and enterprises are not using SD-WAN as a transport to ZTE networks. However, organizations will eventually transition to sending all traffic through these ZTE networks.

SD-WANs, which solve remote branch office connection challenges to the Internet and to cloud applications, work automatically, using predefined policies in order to pinpoint the most efficient route for application traffic passing from branch offices to company headquarters, the cloud, and the Internet. This approach solves the latency and user experience problems caused by legacy practices of backhauling traffic from the branch to the Internet over MPLS circuits to the corporate office.

According to Forrester, ultimately retail branches, remote users, remote offices, data centers and factories will be connected to ZTE networks which will use Zero Trust technologies and approaches.

How Check Point Delivers on the ZTE Model

Check Point Harmony SASE  a solution for securing remote users and branch offices connections to the Internet and cloud applications with Check Point NGFW delivered as a service from a global cloud network.

Quantm SASE prevents data breaches since it eliminates implicit trust from your organization’s network perimeter, and, rather, builds explicit trust in people, devices, assets, and data wherever they are located.

Harmony SASE protects mobile, endpoint and remote branch office Internet and cloud connections from sophisticated attacks while ensuring Zero-Trust Access to corporate applications. To see Harmony SASE in action, request a demo.