Spirent circle logo

SASE and Zero Trust: Four Requirements to Get Beyond “Vision” and Get it Right


SASE and Zero Trust 4 requirements hero

By combining SASE and Zero Trust, you can consistently apply and enforce security performance policies across your entire network—and give consumers the security and performance they expect.

Gartner coined the term “SASE” (Secure Access Service Edge) less than two years ago, before anyone had heard of “COVID-19.” At that time, Gartner described SASE as a visionary, dynamically created, policy-based security framework that could better protect the explosion of endpoint devices at the network edge.

SASE goes beyond the capabilities of traditional network security and SD-WAN security because it is specifically built for today’s realities, where the data center is no longer a “center,” the corporate network is a myriad of networks, every user is a branch office, and there is no end to new endpoints.

When combined with a Zero Trust (ZT) approach, in which everyone and everything is authenticated before access is granted, SASE enables companies to consistently apply and enforce security across their entire landscape—continuously and at scale.

The pandemic has forced a new model of network security and made it an urgent priority for many companies. Post-pandemic working-from-home projections further intensify the need for distributed security, especially for companies delivering new cloud-native software products that will be consumed at the edge.

SASE with Zero Trust is emerging as the best option for this new world. But the question remains: how will you transform the “promise” and “potential” of SASE/ZT into real results, right now? How can you get control over the new norm of remote workers and distributed applications, and give consumers the security and performance they expect?

This blog gives you four focal points for addressing those questions so you can harness a SASE/ZT framework that really works for your developers, your consumers, and your business.

#1: Test every conceivable deployment environment.

As you develop products and services for the SASE/ZT marketplace, make sure you test, validate and assure your solutions by pushing your software to the limit from every angle. Make sure your offerings will work in any network, from any cloud, under any set of circumstances, so you can accelerate your learning curve and deliver better outcomes for your customers.

Test and validate with fully virtualized testing and validation solutions that can be deployed in any cloud environment—public cloud, private cloud, telco cloud, edge cloud, multi-cloud, hybrid cloud or local cloud.

These principles apply whether you’re creating a 5G Core or Metro Edge, operating a quality assurance lab, integrating with CI/CD developer tool-chain, and more. Make sure you have holistic SASE/ZT testing, validation, and assurance capabilities. Whether your architecture is based on virtual machines, containers, or bare metal infrastructure, you need to maintain maximum flexibility of deployment across all possible network scenarios.

Of course, it is critical to both validate the design of the service prior to deployment and assure that security and performance are up living up to expectations in the actual production environment. Get your testing from a source that has the tools and experience to do both equally well.

#2: Assess with real traffic, not just “simulation.”

You need to be able to fully emulate your application environment at scale and you need the ability to run attack scenarios in the way a hacker would, entering the network the same way and launching the same code or evasion techniques. With simulation, it’s just play-acting.

Real-world traffic generation and test methodologies give you an accurate representation of all facets of the networking landscape—from discrete application emulation behaviors to fully compliant encrypted transmissions, and the ability to inject impairments, system errors or artificial latencies—that help you understand how your solution will perform under duress.

These capabilities ensure that any product or service under development can be stressed with every scenario that might occur in a production environment, giving the developer the peace of mind that their product is prepared for all eventualities.

#3: Measure the impact of the vulnerabilities you identify.

This is a side benefit of doing realistic attack emulation. Simulating attacks with basic packet replay can lead to false results. With stateful emulation you can assess and quantify the impacts of your security countermeasures in real time against real attack vectors, and you can also evaluate the impact your security measures have on your business model.

For example, if application performance is paramount and cannot be sacrificed due to security measures, you can identify security policies that degrade performance without providing additional security coverage. Your teams can make changes and verify the balance between performance and security continuously.

#4: Make sure the testing is objective and vendor-neutral.

When you look at the history of any new innovation in the networking arena, you have to ask one critical question before you adopt the technology: Who’s setting the standards?

Look no further than SD-WAN. Widespread concern over a lack of standards initially threatened multi-vendor interoperability. Vendors with hidden agendas and competing charters made a host of claims about their products and services, leading to confusion and complexity. Thankfully, the community has responded in the Metro Ethernet Forum (MEF) to instill order by creating consensus in the form of SD-WAN certifications.

Simply put, work with a testing solution provider that works with the community to ensure that its solutions conform to industry standards and specifications—not just MEF, but all segments of the network communications market, including high-speed Ethernet, WiFi-6, 5G, Global Positioning and Timing and Lifecycle Service Assurance, and, of course, SASE and Zero-Trust.

If you can get independent, standards-based, vendor-neutral testing, validation, and assurance of security and performance in the SASE/ZT environment, you may just attain something that’s exceedingly rare today: peace of mind.

One example shows how everyone wins

How does the holistic, realistic, standards-based approach to SASE/ZT validation outlined in this blog benefit real-world companies? Here’s one quick example. I’ll leave the company names out, but the story is true.

One of our clients, a large, high-speed telecom service provider, had a request from a customer, a global financial services enterprise. The financial service firm provides a guest network to its end customers in branch offices, and they wanted assurance that an edge security managed service could be integrated into its SASE framework without degrading the user experience.

The company did not want a “best guess.” They wanted a reality check. Spirent was able to validate that the security edge technologies of SASE were operating properly in the policy domain WITHOUT creating latencies in the performance domain.

Spirent tested and confirmed how many users could be supported. Along the way, our testing also uncovered new insights, such as:

  • What types of traffic performed most efficiently

  • What could potentially cause performance slow-downs

  • How those slow-downs could be avoided

  • Capacity of VPN connectivity

  • And traffic anomalies that needed further attention.

This created a win for everyone:

  • The telecom service provider got an objective validation of network performance

  • The security service provider gained insights into performance issues it hadn’t accounted for

  • The financial services customer validated that its guest network met user expectations

  • And Spirent proved its value in the new world of SASE/ZT security testing and validation

To quickly recap: by combining SASE and Zero Trust, you can consistently apply and enforce security performance policies across your entire network. This comes with a number of benefits:

  • Stronger network security with fewer layers to manage

  • Centralized policy management

  • Lower costs with higher scalability

  • And a single view of your entire network

And if you do it right, you can give consumers the security and performance they expect.

Watch the video to learn more about SASE and Zero TrustRight arrow icon

Like our content?

Subscribe to our blogs here.

Blog Newsletter Subscription

Dave Larson
Dave Larson

Chief Technology Officer and General Manager, Cloud & IP

Dave is the CTO for Spirent Communications with responsibility for overall company technology vision and strategy. Dave leads the Spirent Advanced Technology team that incubates forward looking test, measurement and assurance solutions in the Cloud-Native realm for incorporation across all of Spirent’s product lines. Dave has more than 25 years’ experience across networking, network security and cloud architecture working in both emerging technology startups and large public enterprises. Before joining Spirent, Dave was Vice President and General Manager for the Data Center Networking business and Chief Technologist for Networking, Security and Advanced Cloud Technology and Strategy at Hewlett Packard Enterprise. Previously, Dave was COO/CTO for Corero Network Security, a developer of carrier-grade, terabit-class DDoS mitigation solutions. Prior to that, Dave was VP of Advanced Technology and CTO for HP Networking. Additionally, Dave has held senior product and technical roles in a number of organizations, including 3Com Corporation, TippingPoint, Xedia (acquired by Lucent), Sandburst (acquired by Broadcom), and Tizor Systems (acquired by Netezza/IBM). Dave has a Bachelor of Science degree in Physics from Gordon College in Wenham, MA