Best-in-Class – Scale, Performance, and Security – Compared to Any ZTA as a Service Vendor

The combination of Fortinet’s Security Fabric with OPAQ’s patented SASE Cloud platform, constitutes the industry’s first Zero Trust Architecture (ZTA) delivered as a service.  It does this by integrating industry-leading next-generation firewall and SD-WAN capabilities, web security, sandboxing, advanced endpoint, identity / multi factor authentication, multi-cloud workload protection, cloud application security broker (CASB), browser isolation, and web application firewalling capabilities with a patented zero-trust cloud architecture to offer a flexible and dynamic Secure Access Service Edge (SASE)[1] solution that can be managed and controlled through a single interface.

[1] Gartner: “The Future of Network Security Is in the Cloud,” G00441737, August 30, 2019.

Benefits of Fortinet and OPAQ SASE and ZTA

The OPAQ SASE platform solves for the challenges of enterprises building their own ZTA stack, by delivering a fully provisioned and integrated ZTA – as a service – with a unified management platform that cuts through unnecessary administrative overhead.

Integrated with Fortinet’s Security Fabric, OPAQ SASE provides enterprise-grade security, deployed into a purpose-built private cloud with carrier-grade network performance.  With a worldwide network of points of presence (POPs) and peering relationships, enterprises benefit from an infinitely tailorable network fabric that provides low-latency access to users, devices and cloud services anywhere required.

With OPAQ SASE, inspection engines and access controllers are always close to the sessions, configuration is centralized via the OPAQ SASE Console – and ZTA-as-a-Service – is just mouse-clicks away.

The business benefits of the OPAQ SASE platform are:

  • Reduction in complexity and costs
  • Enable new digital business scenarios
  • Improvement in performance/latency
  • Ease of use/transparency for users
  • Improved security 
  • Low operational overhead
  • Enable zero trust network access
  • Increased effectiveness of network and network security staff
  • Centralized policy with local enforcement

Why the Need for Zero Trust Architecture?

The adoption of SaaS, public cloud and most recently edge computing has driven many organizations to reconsider their perimeter security strategy.  Perimeter as a construct is becoming less relevant as digital business transformation drives company IT services from datacenters to the cloud while organizations are asking their employees to work from home for what is likely an extended period of time.

Solving for these challenges requires a different networking and security approach.  Rather than backhauling traffic to a perimeter firewall to inspect it, companies need to augment their security approach – where security is defined in terms of the network the user and applications are located on – with security that directly controls access to applications on a per-connection basis, anchored in the identity of the user and their device, wherever they are.

What is Zero Trust Architecture?

ZTA provides granular access controls that allow subjects (users, IoT devices, bots, micro-architecture processes) to reach the resources they require without also allowing everything within an internal network to access everything else by default.

There are three basic tenants to networks built with Zero Trust Architecture (ZTA):

  1. There is no implicit zone of trust. There is no internal and no external network.  All requests are treated with the same degree of verification before access to any resource is granted, including remote access to company web applications hosted in data centers, SaaS applications and workstations and servers on local networks.
  2. Access is assessed on a per-connection basis. Without zones of trust, the trustworthiness of each new connection must be verified.  This assessment will change continuously with each connection in accordance with the next point.
  3. Access control decisions are multi-faceted.  Without the implicit reliance on defense-in-depth layered network controls, access decisions are made based on a variety of factors, including the user identity and the sensitivity of the resource they are accessing, but also the device they are using and its state, what geography they are accessing from and what time of day it is, what behavior they’ve engaged in and whether any characteristics of their activity match known threat intelligence information.

ZTA as a Service Enabled by the Secure Access Service Edge (SASE)

The challenge with achieving Zero Trust has always been the complexity of implementing granular controls.  The overarching challenge for enterprises wishing to build and implement ZTA is in the design, integration and management of a broad range of security and networking functions, including next-generation firewalls, access proxies, microsegmentation controllers & agents, secure web gateways, cloud access security brokers, endpoint security, DNS security, Remote Browser Isolation, SD-WAN, networking points of presence, peering relationships, and bandwidth and path optimization.

Learn more: