The 3 Drivers of Zero Trust Network Access Implementation

It’s human nature to put off tasks that aren’t urgent. Whether it’s planning that never ends or simple procrastination, it’s easy to let timelines slip until an external force lights a fire under the project. At many organizations, that’s what’s happened with Zero Trust Network Access (ZTNA).

The zero-trust security model has been around for a long time now and it’s well understood that it improves security because it forces ongoing verification of users and devices, the creation of small zones of control, and grants only minimal access to users and devices. Unlike a VPN, devices and users aren’t able to access anything until they have proven that they can be trusted, whether they’re outside or inside the network perimeter. The ZTNA verification and application access policies are the same, no matter where the user or device may be located.

The pandemic and the sudden need for employees to work from home forced many organizations to reevaluate their remote security and take a closer look at ZTNA. But that’s not the only reason for all the interest in zero trust. When I talk to customers, I’ve found that there are three major drivers that are leading organizations to consider implementing ZTNA sooner, rather than later.

Supporting Work from Anywhere

As more and more employees expressed interest in work flexibility, many organizations were on track to implement work-from-anywhere (WFA) over the next few years. But then the COVID-19 pandemic moved up the timeline. Now, a year later, workers have discovered they like flexible work arrangements and want employers to provide a WFA option. Many organizations are planning a hybrid work experience so going forward employees can still work remotely part of the time. But they need to be able to do so securely.

The rush to work from home because of the pandemic demonstrated the limitations of VPNs. One of the core tenants of zero trust is that access is only granted after explicit verification. ZTNA supports WFA both by providing consistent security as well as offering the same user experience no matter where an employee may be working.

ZTNA takes remote access to the next level with security that goes beyond the network. Anywhere a user may be working, whether in the office, the home, or an airport, they have the same security policies, checks, and verifications applied to them before they are granted access.

From a user standpoint, the experience of using ZTNA is consistent across all of these locations. A secure, encrypted tunnel is automatically created when they launch an application and their identity and right to access that specific application is checked before they are granted access. Organizations running hybrid networks need flexible ZTNA solutions that aren’t cloud-only because the same zero trust security should apply everywhere, whether the user is working from a data center or remote location.

Supporting The Journey to the Cloud

Organizations are increasingly depending on hybrid and multi-cloud environments, and ZTNA addresses their concerns around securing and managing access to cloud-based applications. Any cloud security plan needs to ensure that consistent protocols and policies are implemented across the entire network.

ZTNA provides seamless access to applications no matter where the user or the application may be located. The access proxy architecture provides a control point to ensure only approved users get access to applications and makes it possible to connect to applications no matter where they’re located.

With ZTNA, applications can be moved around, hosted from data center, private cloud, or public cloud and moved between public clouds, as needed. IT admins can control who gets access to what resources while also controlling where the access proxies point. Because the location of the applications is completely hidden from users, it is easy to shift applications around.

Reducing Risk                

Cybersecurity professionals are well aware of the increase in attacks, so it’s no wonder that they’re looking at ZTNA more closely. Attacks on high-profile targets, including the supply chain attack on SolarWinds and the disruption of Colonial Pipeline and JBS Meats made headlines and affected thousands of organizations and millions of people. And research released by FortiGuard Labs reported an almost 11x increase in ransomware between July 2020 and June 2021.

The entire attack surface is expanding as organizations increase connectivity, move to hybrid environments, and adopt more technologies that incorporate artificial intelligence and machine learning. As a result, IT teams are looking for more ways to cover potential avenues of attack. ZTNA brings the principles of zero trust to the use case of connecting users to applications, and it doing so dramatically reduces the attack surface both through the ongoing checks and the inherent security of the architecture.

ZTNA reduces the attack surface by hiding applications from the internet behind a proxy point.  With ZTNA, users must provide access credentials such as multi-factor authentication and endpoint validation. Once users are connected, they are only given least privileged access, which means they can access only the applications they need to perform their jobs and nothing else. Because ZTNA operates in terms of identity rather than securing a place in the network, policies follow applications and other transactions.

 ZTNA can help keep out the people and devices that shouldn’t be accessing the network by giving only the right people the right level of access to the right resources at the right time. And it provides visibility and control of those entities once they are connected.  

The Time Is Now

There’s no question that the principles underlying zero trust improve security. By guaranteeing only authorized individuals have access, ZTNA reduces the number of entry points into the network. Limiting access also reduces the attack surface and strengthens an organization’s overall infrastructure. ZTNA provides granular access and by combining it with microsegmentation, you can enforce this access and break up the lateral (east-west) path through the network. The combination makes it more difficult for hackers to gain access, and if there is a breach, it also reduces an attacker’s ability to move around the network and exploit other systems. Tightly integrating ZTNA with a Secure SD-WAN solution brings even more value by ensuring superior user experience that’s also secure.

The reason I get so many questions about ZTNA is because the need for remote access and better security isn’t going away. ZTNA is rapidly replacing most user-based VPN remote access because of its security advantages and ease of use. If you haven’t already, the time to work on your ZTNA strategy is now.

Learn more about Zero Trust solutions from Fortinet that enable organizations to see and control all devices, users, and applications across the entire network.