The effect of zero-trust network access (ZTNA) on the cloud
What Is ZTNA?
As the work-from-anywhere-with-any-device culture picks up, organisations need to manage complex and diverse ecosystems, while at the same time defending against the assault on their network. In such a situation putting access controls in place becomes an important point to consider.
This is where Zero Trust Network Access (ZTNA) comes into play. ZTNA is an IT security solution that provides secure access to an organisation’s data, services, and applications for remote users.
The solution takes care of security threats that the internet exposes an organisation’s internal applications and resources to, all along ensuring a seamless, secure connection to remote users.
How does ZTNA work?
ZTNA is based on the framework of the zero-trust security model.
The model works on the philosophy that trust is not a default assumption. Its driving motto is “never trust, always verify”.
Therefore, verifying user id is of paramount importance. And even after a thorough verification, users are granted restricted access (only the minimum amount needed) to resources.
The user verification process
Verification includes the following three pillars:
- Security posture:
Involves identification (who are you?), authentication (are you who you claim to be?) and authorisation (are you authorised to use that resource?)
How is the user trying to access the resource? This pillar is based on the least privilege security model where users are granted the minimum needed access
This focuses on the connecting device. That is, is the machine secure? Does it meet the necessary compliance standards?
Following verification, the system monitors the three cornerstones for any changes. If found, the user is revalidated, and if necessary, access is revoked.
The tenets of ZTNA
ZTNA, along with being a component of the zero-trust security model, is also a fragment of the Secure Access Service Edge (SASE) security model.
It adopts a radically new approach based on these four principles:
- Micro segmentation:
- Invisible network:
- Application-level access verification:
- Least privilege access:
Network perimeters must be protected to maintain corporate cybersecurity. ZTNA micro-segments the network, creating boundaries around the firm's most valuable assets. It is easier to conduct security inspections and implement access controls at these boundaries. In addition, you can lessen the lateral movement of threats, and contain and isolate a potential breach. Furthermore, micro-segmentation enables the creation of application-level security rules.
ZTNA makes network and application infrastructure visible only to authorised users by making outbound-only connections. IPs are never exposed to the internet (don’t waste time pinging to check connectivity). So, the network is impossible to find.
ZTNA focuses on user-to-application security. Authorised users are granted access to specific applications on a one-to-one basis, that is users are verified for every application they try to access.
Users will have the minimum level of access needed to carry out their job successfully and not more than that. That is, they will not have access to resources they do not need. This way, exposure of sensitive data and assets to everyone in the network is prevented.
Use cases for the cloud
- As an alternative to Virtual Private Network (VPN):
- For securing multi-cloud access:
- To reduce third-party risk:
VPN is a service that provides an encrypted connection from a device to a network, thus protecting the internet connection and privacy. However, its limitations — inconvenient, slow, easily-breached security, difficult to manage — make organisations re-evaluate their reliance on VPNs.
An increasing number of companies are adopting cloud applications and services in hybrid and multi-cloud environments. For organisations, securing access is paramount, so ZTNA is an ideal place to start.
Third-party users pose two major security threats: overprivileged access and untrusted devices. ZTNA significantly reduces both since, primarily, it is not a network-based access system, and secondly, only verified and authorised users can access applications.
As remote working is picking up, users will access data and applications from different locations: coffee shops, homes, co-working spaces, etc. Organisations must combine seamless resource availability and security to adapt to the shifting work landscape. A standalone security solution only makes an already complex networking situation more complicated. Hence, a cloud based ZTNA service solution can be of immense help. ZTNA should be everywhere to keep everything secured and agile* through consistent policies and controls across all operating environments, both on-premises and cloud.
* For organizations on the digital transformation journey, agility is key in responding to a rapidly changing technology and business landscape. Now more than ever, it is crucial to deliver and exceed on organizational expectations with a robust digital mindset backed by innovation. Enabling businesses to sense, learn, respond, and evolve like a living organism, will be imperative for business excellence going forward. A comprehensive, yet modular suite of services is doing exactly that. Equipping organizations with intuitive decision-making automatically at scale, actionable insights based on real-time solutions, anytime/anywhere experience, and in-depth data visibility across functions leading to hyper-productivity, Live Enterprise is building connected organizations that are innovating collaboratively for the future.