Coined by Gartner in 2019, zero trust network access (ZTNA) is a simple risk management concept shaped by the principle, "never trust, always verify". It was designed to protect company applications and resources at the network level from bad actors in a world where hybrid and remote business models have become mainstream. On paper, continuous authentication and authorisation of users and devices, regardless of a user’s title or company affiliation, protects companies from outward threats. However, it’s not as easy to implement, and organisations are finding security gaps in a technology we ironically use every day – the browser.
ZTNA is a concept within the secure access service edge (SASE) cyber security architecture, which operates on a perimeter less security model. SASE solution performance is exceptional in this regard. However, the primary focus of ZTNA – and SASE, by extension – is controlling access to applications, rather than inspecting the content or behaviour within the browser itself. Why is this a concern? Today's business applications (Salesforce, Microsoft 365 and Google Workspace, etc) are delivered, accessed and operated through the browser.
Understanding the professional role of the browser
According to recent research from Forrester, 80% of employees now perform all or most of their work within a browser. Employees are doing this to conduct business and perform their day-to-day functions. It’s the frontline of user access and data security, making it a leading cause of risk, and thus a critical layer for enforcing zero trust principles. Granular user actions and potential misuse within sanctioned applications can be missed. In a distributed workforce, this oversight enables risks such as data leaks and missteps in monitoring company data, compromising the access controls that ZTNA is designed to implement.
Now entering the room: Unmanaged devices
When it comes to device security, not all are created equal. Company-managed devices can sometimes prevent malicious downloads or the execution of malicious files if endpoint agents and security configurations are installed directly on the device. However, there are limitations, such as browser exploitation or data leakage. Even if an organisation provisions a managed device, it’s rare to find a professional who doesn’t use multiple devices to do their work. When personal, unmanaged devices are used, those browser protections afforded by the managed device are lost.
Closing visibility gaps on unmanaged devices
Consider this: the browser is used by all managed and unmanaged device types, offering a distinct opportunity to bridge this gap by acting as a control point for all. By implementing security at the browser level in conjunction with the benefits of SASE solutions, organisations can gain insight into user activities to achieve consistent policy enforcement across all devices that attempt to access corporate networks.
To start filling the browser visibility gap with ZTNA principles on unmanaged devices, organisations should manage access to corporate applications, thereby enabling continuous identity verification throughout the user session, monitoring what devices are trying to access your network and when. This capability also extends to desktop versions of SaaS applications like Slack. Complemented with the visibility to see a user’s location services, device security status and user activity, enterprise browser security can reliably close the unmanaged device security gap without requiring complete device management.
In conclusion
In closing, the best-laid plans for implementing and comprehensively enforcing ZTNA policies and controls across all devices will inevitably fall short if the role and security of browsers are not factored into your security plan. Secure browsing solutions deliver essential controls directly at the browser level, covering the applications and data users interact with most. When paired with a SASE framework, they provide a comprehensive security model.
To learn more about Seraphic, contact its distributor partner, Solid8 Technologies, at info@solid8.co.za.
Share
Seraphic
Seraphic is redefining enterprise browser security with unmatched protection against 0- and N-day exploits and phishing, a simple, fast deployment, and preserving the native browser experience. With browser vulnerabilities on the rise and more users working remotely, hackers have turned the browser into the most serious threat to business. Seraphic turns any browser into a secure enterprise browser so users can work the way they want to, and security has all the tools they need to keep the business safe.