What is CASCE?
According to a 2021 Gartner® Innovation Insight for Comprehensive Secure Connectivity for Composite Applications report, “Comprehensive Secure Connectivity for Composite Applications or CASCE describes the convergence of application and network security to build a comprehensive policy configuration and enforcement model.”* At NetFoundry, we believe this convergence of app and network security is the way to turn the tide on the cybersecurity war, so the topic is near and dear to our hearts.
Why is CASCE important for cybersecurity?
Composite applications, apps which spawn multiple administrative domains, often leveraging multiple third-party APIs for functions such as payment and communication have inherent security challenges. Making connections to multiple third-parties creates a larger attack surface increasing the risk of a breach. The Gartner report further states “by 2025, the percentage of third-party APIs used in new applications will average 30%, up from under 10% in 2021. This shift toward using third-party components will complicate security, governance and procurement”.*
CASCE approaches
The Gartner report lists 10 Representative Providers. In our opinion, each of the providers which Gartner listed (including NetFoundry) takes a different approach. Gartner states “CASCE describes the convergence of application and network security to build a comprehensive policy configuration and enforcement model. CASCE can leverage and propagate edge-based authentication context across the distributed components and back-end services of a composite application”.*
NetFoundry’s approach of enabling developers to embed Zero Trust networking into their applications with OpenZiti, enables all segments to be addressed by one set of code (regardless if the first segment is over Internet or SD-WAN/NWaaS/SASE). However, as a cloud orchestrated, as code solution, NetFoundry can be selectively used for specific CASCE segments, without impacting others.
A CASCE example: securing BI
A good CASCE example is Business Intelligence (BI) apps (and apps in data science, analytics, visualization, reporting, etc. follow the same pattern):
BI app user <–> App server segment
There are of course BI interactions on the segment between the BI app user and the application server. Use cases such as research on shared data sets can add many different user domains, different administrators and different access methods, so this segment can vary greatly.
For this segment, businesses often leverage NetFoundry’s Zero Trust JDBC driver because the driver approach means end users and IT administrators do not need to worry about agents, VPNs, gateways or WAN integration – they just use a JDBC driver, as they usually do. This Zero Trust JDBC driver solution creates a Zero Trust connection between the user and the database server, providing end to end Zero Trust, over a private overlay. From a cybersecurity perspective, this is absolutely critical – it means the database server can close its link listeners, and the inbound firewall ports can be shut down.
App server <–> Database server segment
There are also BI interactions between the app servers and database servers (because app servers are often deployed close to end users, and database servers are usually more centralized, the app servers and database servers are often in different public clouds or private data centers). These interactions are the types which CASCE focuses on.
NetFoundry enables Zero Trust networking between data application servers and their backend databases without requiring VPNs between the app servers and database servers (the Zero Trust is embedded in the JDBC driver, or in the BI app itself). This is a great example of a CASCE type interaction in that this API call to the database server is often invisible to the end user, but is critical because you are forced to leave inbound firewall ports and link listeners open if you can’t embed Zero Trust into the JDBC APIs or into the BI app.
Database replication and inter-database segments
Meanwhile, there are often multiple data stores, and the data stores themselves need secure connections for replication, backups, recovery and HA.
In the case of NetFoundry, the same solution works for these other ‘backend’ parts of this CASCE example. For example, here is how Sesame Software, an Enterprise Data Management leader, uses NetFoundry’s Zero Trust Platform to provide Zero Trust replication, data warehousing, integration and backup services across SaaS, on-premise, and cloud applications. The Zero Trust can be built into the specific app, or embedded in the driver, or accessed via thin Zero Trust agents (on user or IoT devices), or integrated in a virtual gateway (container or VM) model.
Since everything described in the BI secure networking example above is code, it is partitionable. Meaning, it can be used for all segments or some segments of the data flows. The example is specific to NetFoundry’s implementation.
Regardless of what vendors you may use, it is critical to secure these ‘backend’ app components in the CASCE type approach which Gartner describes so well in this paper. We need this type of convergence between app security and network security to win the cybersecurity war.
*Gartner, “Innovation Insight for Comprehensive Secure Connectivity for Composite Applications”, John Santoro, Joe Skorupa, Neil MacDonald and Mark O’Neill, October 14, 2021 –
Gartner Disclaimer: GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
