Security "Bits"

The Bitglass SASE Triangle: ZTNA for Internal Applications

By Will Houcheime | September 29, 2020 at 5:00 AM

Remote work, the remote workforce, working from home--all common phrases due to the series of unprecedented changes that have occured over the last several months. Organizations have had to adjust in order to continue operations in an effective, yet secure manner. In the first part of the the Bitglass SASE Triangle, we explained how organizations can utilize a cloud access security broker (CASB) to secure their managed applications; then we moved onto part two, where we dove into our SmartEdge Secure Web Gateway (SWG) for web and unmanaged app security. For the final side of the triangle, we’ll be discussing the importance of zero trust network access (ZTNA), and the part it plays in helping organizations operate remotely. With the sudden challenges of this year's events, organizations have typically utilized virtual private networks (VPNs) as a quick solution to enable remote work. However, this approach not only comes with increased costs, but performance penalties, as well. 


As an illustration, let’s say two software companies, Company A and Company B, both switched over from an on-premises workforce to a remote one. Company A has allowed certain employees to work remotely in the past, and VPN has always served as a secure solution for allowing those individuals to access the organization’s on-premises network and internal apps. Company B, on the other hand, is equipped with ZTNA as a part of their secure access service edge (SASE) platform. Both companies are equipped with tools that enable them to function remotely, so what are the major differences between the two approaches? 


David, an employee of Company A (which has just shifted to a fully remote workforce), starts VPN on his device to begin accessing on-prem resources and working from home--as he has done on sick days and vacation in the past. The software on his device connects with an appliance on premises to establish a secure tunnel. However, he notices that he can’t seem to access his tools and applications as efficiently due to drastically increased latency (far more than the normal VPN lag that he experienced in the past). He contacts the IT team and continues trying to complete his work duties. However, the performance issues intensify, preventing access altogether and causing a delay in project completions for David’s team (and others at Company A). 

The cause of this delay is actually simple--it comes down to the on-premises VPN appliance, its fixed capacity to serve a limited number of users, and the load surge caused by the increased amount of remote workers VPNing in. As a result, the system overloads and slows down all operations in order to sustain secure access. In order to continue with this VPN approach, Company A would need to quickly purchase and install more or better appliances to scale and function. Naturally, this would be costly. Additionally, VPN violates the core tenets of zero trust security by giving users indiscriminate access to everything on the network. In other words, VPN is not as secure as organizations need them to be. 


Company B, on the other hand, uses ZTNA--a more scalable alternative that also ensures greater security for remote access to organizational resources on premises. Rather than relying upon expensive appliances on premises that have fixed capacities and, consequently, scaling problems, leading ZTNA solutions are deployed in the cloud for infinite scalability and enhanced performance. With this approach, secure access is granted based on adaptive controls, user activity is monitored, and continuous risk assessments are performed. The solution extends access to specific resources rather than everything on the network, real-time DLP and ATP policies are enforced automatically, and detailed logs are generated for IT. 

Organizations like Company A that have been scaling with appliances are taking a reactive approach rather than adhering to a sustainable, long-term plan. Zero trust network access delivered from the cloud boasts the following benefits over VPN:

  • Operational efficiency
  • Scalability
  • Cost savings
  • Enhanced security


Bitglass’ ZTNA delivers all of the above benefits as a part of its Total Cloud Security Platform, a market-leading secure access service edge offering. Additionally, customers are provided with two options for cloud-delivered ZTNA deployments: an agentless option for browser apps, and an agent-based option for thick client apps such as SSH and remote desktops. With Bitglass, a single dashboard can be used to configure a single set of policies that protect data and defend against threats consistently for any interaction. 

With all three parts of the triangle in hand (CASB, SWG, and ZTNA), organizations can utilize Bitglass’ SASE offering to secure the use of their apps, the web, and their on-premises resources. 

Want to learn more about SASE? Download the Top SASE Use Cases white paper below. 

Download Now



see all