A massive increase in the amount of employees working remotely, a growing number of ecosystem partners, and the adoption of public cloud has reignited the need for a zero trust model. Close to 80% of organizations have a zero trust strategy today. This is due to the fact that every user, device, and application are now connected over an external network, the Internet. In order to protect their business, IT leaders must ensure that prior to enabling access to critical business resources, that all traffic is inspected, each entity is validated based on identity and policy, and that applications are obfuscated from the open internet. This is where zero trust network access becomes vital to the business.
Zero trust network access (ZTNA) is a strategy that embraces least-privilege secure access, which is the notion that users and applications should never inherently be trusted and only have access to the specific resources they need, and nothing else. Instead of allowing for remote network connections through technologies like VPN or VDI, or allowing in-office users to go directly to business resources simply because they are on the corporate network, trust is only granted once traffic is inspected, the entity is properly validated, and policy is met. Connections are then established only through outbound connections from the app to the zero trust service. API integrations between technologies like zero trust network access (ZTNA), identity, endpoint security and SIEM ensures that policies are automatically updated based on context.
The tenets of a zero trust security model
Terminate connections and inspect traffic – Instead of allowing connections to automatically flow to its destination, all connections to business apps should be stopped, inspected for malicious files. Zero trust architecture sits inline to perform these capabilities.
Validate based on identity and business policies – Key to the idea of never trust, always verify, zero trust checks for the identity of the entity (user or application) first, then enforces access rights based on the access policies set by the customer. Since device health, user location, and job status can change over time, the ability to adapt access policies based on contextual changes is required
Ensure App-level segmentation without network access – Least-privilege access is about providing granular access to specific resources only, without the need for network access. This surgical on-to-one level of access reduces the chance of lateral movement across the network. Since the apps sit behind a zero trust model, the application is made invisible to the open Internet.
“The old security model of “inside means trusted” and “outside means untrusted” is broken. When users became mobile and when business partners on the “outside” required access, virtual private networks (VPNs) and demilitarized zones (DMZs) became common. They also granted excessive implicit trust — trust that attackers abused. The reality of digital business is that it requires anywhere, anytime access to any application, regardless of the locations of the users and their devices.”
Marketing Guide for Zero Trust Network Access, June 2020
Why is it time to adopt zero trust?
77% of companies believe they will enable a hybrid work environment going forward. But security threats have risen 500% year or year due to this new work reality, and IT budgets are only increasing 4% each year. Zero trust not only allows users to safely connect to business resources from anywhere – regardless of their device, location or network, but helps prevent compromises, prevent lateral movement and prevent data from getting into the wrong hands. Some zero trust services can be delivered via a cloud architecture – reducing the need for point products used for inbound and outbound gateways, or expensive network infrastructure used to connect branches to HQ and datacenter to public cloud providers. Because of this zero trust is often used by IT leaders to enable key initiatives like enabling remote access / work from home, securing third-party access and even modernizing network infrastructure.
Benefits to look forward to:
Protect your business
Use zero trust to adopt least-privilege access for the employees and third-parties who need access to your critical resources by preventing compromises introduced by the Internet through inline inspection, preventing lateral movement across your network through application segmentation, and by protecting data from leaking out.
Deliver a better experience for your users
Many zero trust services are deployed via a cloud-architecture. This ensures a larger number of PoPs where user to application traffic can be brokered, creating a faster experience for end-users. Zero trust services with inline digital experience capabilities also help IT track metrics hop-by-hop to ensure the best app, network, and device performance. API integrations with existing identity solutions enable users to seamlessly connect to business resources.
Reduce costs of network infrastructure
Zero trust platforms that are designed as-a-service can reduce the need for expensive inbound and outbound gateways that are composed of firewalls, DDoS, load balancers, and several other point products at each datacenter and branch office location. Secure connections are established via full encrypted Internet-based connections to private apps in hybrid environments and SaaS applications.
Comply with industry regulations
Zero trust services are used to help IT achieve better visibility into what users are accessing, ensure data and logs are stored in a compliant location, and reduce the potential attacks surface of the company leading to less negative audit reports. Some even have the ability to deploy a localized broker in the customer’s environment to help customers that operate within industries that do not allow for the use of cloud-hosted security services.
Every vendor is talking about zero trust, which we know can be a bit frustrating. Aside from understanding what it is, it’s also important for you to think about where it makes the most business sense to begin with zero trust. Are you looking for a safer, more user-friendly technology for remote access than VPN? Do you have third-party users who need access to resources, and not the entire network? Do you have branch offices where the majority of traffic is going out to the Internet, yet you’re still paying for MPLS back to headquarters?
We’ve worked with dozens of organizations each looking for guidance around how to best get started, and we’d love the opportunity to speak with you as well. Schedule a meeting with us to learn more about zero trust and how to adopt it within your organization.