Zero Trust and SASE - a new approach to data security

The combination of Zero Trust Networking and Secure Access Service Edge (SASE) represents a fundamental shift in data security strategy. As hybrid workplaces, cloud adoption, and mobile access have become standard, SASE and Zero Trust are redefining how organizations protect their networks. Instead of depending on a fixed perimeter, security is now cloud-delivered and centrally managed, with access decisions based on user identity and contextual factors. This creates a more agile and resilient security framework, safeguarding data and infrastructure regardless of where users or devices are located. 

What is SASE?

Secure Access Service Edge (SASE) is a cloud-based security framework that brings together network and security functions in one unified platform. The concept was introduced in response to the fact that applications and users are increasingly located outside the traditional office network.

In practice, SASE combines network services such as SD-WAN with security services such as Firewall as a Service (FWaaS), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA) - delivered from the cloud.

This gives businesses the ability to enforce security policies close to the user via global hubs, rather than sending all traffic through a centralized data center. Access is no longer just controlled by where you connect, but by your identity, the state of your device and the context of the request.

Key principles of SASE

• Unified security and networking: Network and security are consolidated into one platform. This means fewer separate systems and easier management.
• Cloud-based delivery: Services are delivered via a global network of cloud hubs, providing scalability, flexibility and fast response times.
• Identity-driven security: Access is managed based on who the user is, what device is being used and the context of the request - not just physical location.
• Zero Trust principles: "Never trust, always verify." All users, devices and applications are verified on an ongoing basis, accessing only the resources they need at the time.
• Simplified administration: One centralized platform for policies, monitoring and logging provides better overview and lower complexity, while reducing costs.

From VPN to modern cloud security

Traditional VPN solutions and perimeter security struggle to meet today's demands. Zero Trust-based approaches have therefore emerged as a modern alternative.

Instead of letting users into the entire network, ZTNA and SASE provide secure point-to-point connections between users and applications. This reduces the attack surface, improves performance and provides better control, without detours through old VPN hubs.

Azure Global Secure Access - Microsoft's approach to SASE

Many people associate SASE with specialized security vendors, but Microsoft has also entered the field with Microsoft Entra Global Secure Access (GSA).

1. Entra Internet Access - securing outbound traffic to the internet and SaaS.
2. Entra Private Access - Zero Trust-based access to internal applications.

Cegal + Azure GSA

At Cegal, we see Azure GSA as a natural evolution of our security architecture. By integrating this technology into our portfolio, we can offer customers a modern, cloud-based security model that supports an asset-light and flexible IT world. This means less on-premise equipment, easier scaling and lower complexity, while providing users with a seamless experience and the business with better control and security.