CIO Bulletin

An expert ensuring that your connectivity is always secure, and in-sync, with your business: Axis Security

Security Service Edge (SSE) is a relatively new term used to describe a set of integrated, cloud-delivered, security services that broker secure connections between authorized users and business resources by using identity and policy. First introduced by Gartner in 2021, Security Service Edge (SSE) represents the future of security connectivity. As more and more users work outside the corporate perimeter due to hybrid work, adoption of SaaS apps (i.e. M365, Salesforce, Box etc.) increases, and private applications move to public cloud, IT leaders have realized that it no longer makes sense to backhaul user traffic to a corporate network. Because of this, many IT leaders are looking to replace traditional network security appliances (i.e. Firewalls, VPN gateway appliances, web gateway appliances etc.) in an attempt to better protect data, deliver a better experience and reduce costs for the business.

SSE platforms are the modern alternative to traditional network security technologies. They extend secure connectivity out to the users location through cloud services – without connecting users to the corporate network, exposing applications or IT infrastructure to the Internet, or requiring complex network segmentation. Instead, a Security Service Edge (SSE) platform allows IT to provide end users with secure access to private applications from anywhere, safely access the Internet, and quickly access SaaS apps used for work. SSE services that include Digital Experience Monitoring (DEM) can even boost user productivity by making it easier for network operations managers to monitor application, device and network performance. At Axis they believe in a modern workplace powered by connectivity that is always in-sync with the business. The company is committed to enabling a world where access to any business resource, from anywhere, can always be simple, safe and reliable. In doing so, Axis’ customers will make hybrid work simple, turn digital experience into a competitive advantage, and better protect their data from threats.

Zero Trust Network Access (ZTNA)

Created in April of 2019 by Gartner, the term Zero Trust Network Access (ZTNA) represents a set of new technologies designed for secure access to private applications. Also referred to as Software-defined perimeter (SDP), ZTNA technologies use granular access policies to connect authorized users to specific applications, without the need for access to the corporate network, establish least-privileged app-level segmentation as a replacement for network segmentation, and without exposing the applications location to the public internet unlike a VPN concentrator. Gartner expects that by 2023, 60% of organizations will even replace their VPN with ZTNA service. This has led ZTNA to become the fastest growing zero trust product in the industry, and often making it the beginning point for IT leaders looking to adopt a secure access service edge (SASE) architecture.

It’s first important to realize that the reason ZTNA is exploding is because of the fact that every due to work from anywhere every user, application and device now connects via the Internet. This makes sense, as more business apps become SaaS and private apps continue to run in hybrid or multi-cloud environments. The challenge is that the Internet is purely designed to connect things, not to block them. With the proper IP address and outbound call all entities have the ability to communicate. Threat actors love this, and exploit companies who do not have the proper zero trust strategies in place. Unlike VPNs or firewalls. ZTNA services are designed to securely connect specific entities to each other, without the need for network access. In most cases these are employees and third-party users connecting from home, on the road, or in the office. But this is not limited to just users, it’s important to understand that ZTNA can also apply to application-to-application traffic as well in the form of micro segmentation.

Common Use Cases for ZTNA

VPN Alternative for Work from Anywhere

Use ZTNA to replace remote access VPNs that are typical used to connect remote users to a network, and deliver a faster, more secure experience while doing so

In-office Employee Access

Avoid inherently trusting on-premises users, and leverage publicly hosted zero trust brokers, or private brokers that deploy within your own environment for a least-privilege access with simpler segmentation, faster user experience, and easier compliance

Securing Third-party Access

Use agentless access to securely enable business ecosystem partners, suppliers, vendors and customers to access critical business data, without granting access to the corporate network

Accelerate IT Integration During M&A or Divestitures

ZTNA helps accelerate the process of each down from 9-14 months, to just days or weeks by avoiding the need to consolidate (or split) networks, to deal with NATing for overlapping IPs, or to stand up expensive VDI infrastructure. Make securing access to your crown-jewels seamless. Atmos ZTNA ensures that authorized users get the access to private apps they need. The most advanced Modern Day ZTNA service in the industry, the service provides an elegant alternative to traditional VPN and ZTNA 1.0 solutions by providing secure access for any user, any device, and any private application.

Dor Knafo, CEO and Co-founder