Cybersecurity Alphabet Soup: SDP, ZTNA and SASE
The technology industry is a breeding ground for creating TLAs (Three-Letter Acronyms) and FLAs (Four-Letter Acronyms). So inviting a few more TLAs and FLAs to the party is just business as usual.
In recent years we’ve added SDP and ZTNA, and in 2020 a new term, SASE, has continued picking up momentum.
If you aren’t sure what all these terms mean, here’s a quick refresher:
Software-Defined Perimeter (SDP)
Software-Defined Perimeter (SDP), also called a “Black Cloud,” is an approach to computer security. It evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007.
If you don’t care for technical jargon, just think of SDP as an architecture that separates the control plane from the data plane while connecting users to the network. This separation helps to achieve access control, asset isolation, high availability and scale.
Zero Trust Network Access (ZTNA)
Zero Trust Network Access (ZTNA) is another security architecture in which only traffic from authenticated users, devices and applications is granted access to other users, devices and applications.
Do these sound similar to you?
If so, it’s because they do have a lot in common — but since they were initiated by different organizations, they have different terminologies. There are some subtle differences as well. For example, when John Kindervag from Forrester first talked about Zero Trust in the year 2010, he talked about “Zero Trust Network Architecture.” The zero-trust principle, “never trust, always verify,” was envisioned as a way to address the broken traditional trust model.
Today’s ZTNA, Zero Trust Network Access, is a way to achieve Zero Trust for access — in other words, you would still need to inspect the traffic to achieve complete Zero Trust.
SDP, on the other hand, provides a much more prescriptive architecture (see below) that separates the control plane and the data plane.
Source: Cloud Security Alliance
Once this separation is in place, it’s easier to control access to the network based on various parameters such as user, device, time of the day, location, etc. The SDP architecture also mandates granting least-privileged access defined by the granular policies.
So, if you think about ZTNA carefully, you will realize that it actually uses the concept of SDP.
Secure Access Service Edge (SASE)
The term SASE was introduced by Gartner in August 2019, in its “The Future of the Network Security is in the Cloud” research report.
As defined by Gartner analysts, SASE combines network security functions (such as SWG, CASB, FWaaS and ZTNA) with WAN capabilities (e.g., SD-WAN) to support the dynamic security needs of organizations.
Source: The Future of the Network Security Is in the Cloud
These capabilities are delivered primarily as a service (aaS) and based upon the identity of the entity, real-time context and security/compliance policies.
Does that term SASE feel like an umbrella term, then? If so, that’s because IMO it is.
Today, the biggest challenge for all cybersecurity vendors (SonicWall included) is to demonstrate that they have SDP, ZTNA and SASE solutions so that their customers don’t feel like they are missing out on innovative new trends.
As a result, we have following types of vendors, which originated in different cybersecurity domains, all trying to pitch their solutions as SDP, ZTNA and SASE.
- Cloud-delivered cybersecurity vendors – Recent additions to the ecosystem
- IdP vendors – Identity Providers
- SD-WAN vendors – Software-defined networking players
- New vendors – New companies that get added the ecosystem (as purists) with every new wave of acronyms
- Traditional cybersecurity vendors – Birthright indisputable, right? J
So, does SonicWall provide SDP, ZTNA or SASE solution(s)?
Hell yes! What kind of question is that?
To learn more about SonicWall’s ZTNA solution, check out our newly launched Cloud Edge Secure Access. You can be up and running in just a few minutes!