SASE: The Path to Zero Trust Part.1



How Long Can the Network Border Protection System Last?

In 2020, the unexpected coronavirus pandemic had quickly struck the world and forced millions to stay at home; as a result, remote working becomes the mainstream working method for many industries. Employees need to connect to the headquarters network for credential information from different locations. The entire IT environment has been affected by the pandemic and started to change; with a massive number of variants such as the personnel who have access to the network and terminal device/system, the diversity and complexity of the network environment are challenging and unpredictable.

Under such circumstances, enterprises need to ask questions such as:

· Who is accessing the system?

· Is the access environment safe?

· Does this person have permission to access?

· How to avoid data leakage?


On the other hand, with the increasing market share of the public cloud and the trending of enterprise business digitalization, more and more key businesses will be deployed on the public cloud, including those highly sensitive businesses only accessed on the intranet. The exposure and attack surface is increasing, the security battlefield is expanding, and the disappearance of network boundaries has become inevitable. The traditional trust system based on network location has been unable to meet enterprises' needs of digital transformation.

A New Trust System Founded on "People"

Based on the risk analysis and insights of the security mentioned above, Forrester Research has proposed a new trust system-Zero Trust:

Zero Trust eliminates automatic access for any source – internal or external – and assumes that internal network traffic cannot be trusted without prior authorization. As operating models evolve with more employees working remotely, the need for a holistic Zero Trust approach is even more urgent (2021).

There is only one core problem to be solved by Zero Trust:

How to ensure that access is only granted to trustworthy personnel, terminal device, and system in this borderless network environment?

How to eliminate the trust vulnerabilities left by the traditional border security model?

1. Continuous Verification and Dynamic Adjustment of Authorization: Authorization in the zero-trust system changes at any time, and there is no permanent authorization. Therefore, the credibility determination of the person, terminal, and business have been completed before the access; the authorization given is only a preliminary static authorization. The access behavior needs to be monitored throughout the process of accessing resources. Once abnormal behavior is found, the credibility of the source of access is reduced immediately. The source of access needs re-authenticated or reduce access permission from this source of access.

2. Confirm Four Credibility: credible people, credible terminals, credible resources, and credible behaviors. Zero Trust does not mean that there is no trust, but to confirm whether everything is trustworthy, with fine-grained and robust authentication.

3. Abandon the Concept of Internal and External Networks: try to move the security barrier forward to the edge to narrow the trust boundary:

In the zero-trust security architecture, "people" are the core value point of the network, the traditional network boundary disappears, and the identity is the new boundary to build a "zero-trust system." No user is trustful. Equipment, identity, and permissions must all be verified constantly.

Subscribe to our newsletters and follow us on social channels for the Zero Trust series part 2 and more industry trends.

LinkedIn @BaishanCloud North America Corporation

Facebook @baishancloudNA

Twitter @baishancloud

Youtube @BaishanCloud


[About BaishanCloud]


Founded in April 2015, BaishanCloud (Baishan) is a leading independent edge cloud service provider in China with strong global outreach capabilities, offering neutral infrastructure, cloud-native security, and developer services. Leveraging its globally distributed edge cloud platform and its software development capabilities, Baishan provides a wide range of industry-agnostic application solutions for global Internet and enterprise customers across different industry verticals. Baishan now has offices in Beijing, Shanghai, Guangzhou, Shenzhen, and Seattle, as well as R&D centers in Xiamen and Gui'an.