The arrival of identity-driven Zero Trust Network Access means that operators of corporate networks can confidently support highly-secure remote usage, a great benefit at a time when many companies have many more remote workers than ever as a result of hybrid working trends. Ironically, those remote users–who could be accessing the network from almost anywhere–are able to take advantage of much greater protection than their counterparts working within the walls of the traditional office campus, where legacy perimeter-based security measures still rule the day.
“This fragmented approach creates islands of security repositories that are often inconsistent with each other, multiple policies for the same user and location-specific enforcement, increasing risks and operational complexity,” said Versa Networks CEO Kelly Ahuja, in an email exchange with Fierce Telecom. “Enterprises want to simplify this situation by using a single, consistent security framework to protect their users, devices and sites everywhere, and deliver an optimal application experience no matter where users work.”
That means giving the corporate office its own ZTNA upgrade, which is what Versa has in mind with its unveiling this week of Versa Zero Trust Everywhere. The launch expands Versa's secure access service edge (SASE) family with new offerings that provide Zero Trust security and optimized application performance for both remote and on-premises users in office buildings and corporate campuses.
There are two new products in Versa’s Unified SASE portfolio. The first is Versa Zero Trust – Premises (ZT-Prem), an integrated, standalone appliance which extends granular Zero Trust access policies to branch and campus users connecting to applications and workloads hosted in the enterprise data centers or private clouds. The other is Versa Secure Software-Defined LAN (Versa SD-LAN), which provides a ZTNA solution aimed at modernizing the campus and branch LAN with a software-defined, hardware agnostic approach supporting an assured user-to-application experience.
Key features of the SD-LAN solution include switching and routing at line rate speeds with distributed adaptive micro-segmentation; inline Zero Trust policy enforcement at the user, device and application level; dynamic best-path traffic selection to optimize user-to-application experience; advanced automation; and AI/ML-based network and security anomaly detection.
Ahuja said the pair of products help resolve fragmentation by creating a path forward from “fragile spanning-tree protocols and perimeter-based network access [control] approaches (NAC, 802.1x, VLANs)," which he noted were "never designed for the granular policy control and micro-segmentation required by Zero Trust solutions.”
He added that most enterprises see Zero Trust as the future of security but have run up against the reality that “deploying ZTNA solutions that were originally designed for the cloud as on-premises standalone virtual instances that try to replace or overlay existing perimeter-based approaches is quite technically challenging. These solutions do not address the need for visibility and control to troubleshoot application performance issues, they don’t address the need to support all applications (voice/video), and they can’t address the barrage of new IoT devices that require on-network Zero Trust controls.”
Ahuja said some care has been given to designing these products so that they can seamlessly be integrated into existing infrastructure environments. ZT-Prem, for example, “can integrate with existing identity management systems on the campus; a single policy for a user or device can be defined and enforced at any campus edge, WAN edge or cloud edge. Additionally, SD-LAN based Ethernet switches can be deployed in an existing campus or branch or can be used to build an overlay across an existing campus that uses other switches.”
He said each of the new products could be deployed on its own, but “combining the two into a Zero Trust Everywhere approach for on-site and remote workers provides ultimate value.”
Versa pointed out that the opportunity to replace legacy NAC-based security approaches has been cited by Gartner, which said in a 2022 report, “Enterprises spend billions to secure campus networks via a combination of switching features and NAC — an approach ripe for disruption with the shift to hybrid work...Gartner believes evolving existing ZTNA products to secure campus/branch environments better aligns with future work patterns and zero trust principles, and it simplifies the operational and administrative burden to manage the solution.”
Both ZT-Prem and SD-LAN will be demonstrated at next week’s RSA Conference in San Francisco. Ahuja did not specifically identify customers who already are using the new products, but said early adopters include companies in several sectors. He described one of these clients as “a global financial services institution.”