Secure by Design · Controls Assurance

SASE — how ZTNA, Defence in Depth & PAM are fulfilled

Same converged Secure Access Service Edge, viewed as a controls map. Pick a lens to focus the components involved, watch how a request is handled, and trace each requirement to the architectural control that satisfies it.

Speed
Access edge SASE cloud PoP Destinations Standard user managed endpoint Privileged user administrator Branch / SD-WAN site tunnel Identity provider · MFA · device posture SAML / OIDC · step-up authentication · compliance signals ZTNA broker — per-app, least privilege outbound app connectors · no inbound exposure · no lateral movement Defence in depth — layered inspection (single pass) L3 · FWaaS L3–L7 firewall · IPS L4 · SWG TLS inspect · RBI L5 · CASB SaaS · shadow IT L6 · DLP content inspection · egress control L7 · Threat prevention sandbox · threat intel · AV Policy engine — PDP / PEP identity · device · context · risk → least-privilege entitlement Continuous authorisation & telemetry session re-evaluated on risk / posture change · full logging Privileged Access Management — engaged for privileged sessions Credential vault no standing creds injection — endpoint never sees secret JIT elevation time-bound access approval workflow MFA step-up Session broker isolated proxy full recording immutable audit Internet / web filtered egress SaaS apps M365 · Salesforce Private apps data centre · IaaS Infrastructure servers · databases

Zero Trust Network Access

Hover a requirement to spotlight the control that fulfils it Live highlight follows the animation through the architecture