Versa Networks is extending zero-trust security to campus and branch office users through its secure access service edge (SASE) platform. Under its “Zero Trust Everywhere” solution concept, the vendor announced two new products: Versa Software-Defined LAN (SD-LAN) and Versa Zero Trust – Premises (ZT-Prem).

The Versa SD-LAN can be built into an existing SD-WAN edge from the vendor or integrated within a LAN, according to the company. The SD-LAN delivers an “in-line” zero-trust network access (ZTNA), which means that the SD-LAN will expand the Versa Operating System (VOS) software stack across LAN access points and Ethernet switches with added-in layer two switching functionality, Versa CEO Kelly Ahuja explained.

“The challenge is that so far any approach to bringing zero trust onto the premise has really been an adjunct approach, a bolt-on approach,” Ahuja told SDxCentral. “Now you can actually deploy our software as well as the zero-trust prem capability in a switch, in line, and that's the difference.”

To optimize user experience, the Versa SD-LAN allows enterprises to direct network traffic on premises, so it doesn’t need to go to the cloud and back in certain cases (such as two employees in the same office joining the same Zoom call.)

“Most current ZTNA solutions are cloud-based and lack the ability to be deployed on premises, so technically they do support both remote and on-premises users, however, always going to the cloud to enforce zero trust can create latency issues and impact performance and thus a positive experience,” ESG Analyst Bob Laliberte said.

“In today’s dynamic environment, organizations can’t afford to trade performance for security or vice versa. Now that many organizations are beginning to have employees return to the office in some capacity, it will be important to have comprehensive solutions that enable zero trust and deliver consistently good experiences regardless of where they are located.”

Laliberte said integrating its technology into LAN and WLAN equipment for both branch and campus environments extends Versa VOS further into the enterprise for unified management of wired, wireless and WAN.

Other capabilities include switching and routing at line rate speeds with distributed adaptive micro-segmentation, best-path traffic selection to optimize user-to-application experience, and artificial intelligence/machine learning-based network and security anomaly detection.

Versa Networks is “not in the hardware business,” Ahuja pointed out, and uses an open approach to the hardware so manufacturers and OEMs can build hardware to the specs that the vendor certifies and will be able to sell the Versa SD-LAN directly into the market.

Versa ZT-Prem secures network access for branch and campus users connecting to applications and workloads hosted in enterprise data centers or private clouds by applying zero-trust access policies based on identity, device and application.

Analyst firm Gartner claims enterprises typically spend billions to secure campus networks via a combination of switching features and network access control (NAC). The analyst firm said extending ZTNA products to campus environments “creates several benefits for enterprises, including unified policy, enhanced visibility and consumption-oriented licensing.”

“Cloud is being adopted by everyone and collaboration tools are becoming more prevalent,” Ahuja said. “Now the challenge for the enterprise is really around securing the enterprise because what’s happening is this hybrid workforce is coming back to the office and they’ve been working somewhere and they could have infected their machines or could be bringing IoT devices with them on the premises.”

The Versa ZT-Prem can be used as a standalone product or integrated into any campus or branch architecture.

According to Ahuja, until now many offices have been using “unconditional access,” and rely on VLANs to manage and secure users on the network. But when users are remote, they get much more granular security, he said.

This fragmented approach of managing several different policy engines depending on where users are is “very complex and cumbersome.”

“Not only that, but it creates security gaps and user experience gaps, because the user application in one is not the same as the other,” Ahuja added. “The legacy approach is to take a box from here, a box from there, operations for these teams are separated between networking and security. Most of the CISOs and enterprises have talked about having dozens of different bespoke products that they have to deploy and manage.”

To help enterprises eliminate an overflow of point products they are looking for a platform approach, Ahuja claimed. “And that’s really where a SASE strategy comes in,” he said. “Where we’re actually simplifying how users, devices and sites anywhere can connect the workloads and applications anywhere.”

By leveraging Versa’s SASE, zero trust configurations can be set across remote users, the Versa ZT-Prem and Versa SD-LAN for “a single and persistent policy that travels with users no matter where they are.”

“Essentially what we’re doing is we’re extending the on ramp for our SASE fabric deeper inside the enterprise,” Ahuja said. “All that capability that we've been using for remote users, we're now actually extending to users that are on premises as well. So you can use the same client and you can replace or fit into the existing NAC architecture. ”

SASE and zero trust are frameworks that aim to ensure secure connectivity and enhanced security, Laliberte said. In an effort to accelerate the adoption of these frameworks, vendors like Versa, are “building out capabilities that enable organizations to apply these principles to their highly distributed environments,” he added.