It’s time to adopt zero trust networks
A massive increase in the number of employees working remotely, a growing number of ecosystem partners and the adoption of public cloud have reignited the need for a zero trust model. Close to 80% of organisations have a zero trust strategy today. This is because every user, device and application are now connected over an external network – the internet. To protect their business, IT leaders must ensure that, prior to enabling access to critical business resources, all traffic is inspected, each entity is validated based on identity and policy, and that applications are obfuscated from the open internet. This is where zero trust network access becomes vital to the business.
Zero trust network access (ZTNA) is a strategy that embraces least-privilege secure access, which is the notion that users and applications should never inherently be trusted, and should only have access to the specific resources they need and nothing else. Instead of allowing for remote network connections through technologies like VPN or VDI, or allowing in-office users to go directly to business resources simply because they are on the corporate network, trust is only granted once traffic is inspected, the entity is properly validated and policy is met. Connections are then established only through outbound connections from the app to the zero trust service. API integrations between technologies like zero trust network access (ZTNA), identity, endpoint security and SIEM ensures that policies are automatically updated based on context.
A zero trust security model should:
- Terminate connections and inspect traffic;
- Validate based on identity and business policies; and
- Ensure app-level segmentation without network access.
Created in April 2019 by Gartner, the term zero trust network access represents a set of new technologies designed for secure access to private applications. Also referred to as software-defined perimeter (SDP), ZTNA technologies use granular access policies to connect authorised users to specific applications, without the need for access to the corporate network, establish least-privileged app-level segmentation as a replacement for network segmentation, and without exposing the applications location to the public internet, unlike a VPN concentrator.
Unlike VPNs or firewalls, ZTNA services are designed to securely connect specific entities to each other, without the need for network access. In most cases, these are employees and third-party users connecting from home, on the road or in the office. ZTNA is not limited to just users, it’s important to understand that ZTNA can also apply to application-to-application traffic as well in the form of micro-segmentation.
Some key concepts about ZTNA include:
- With ZTNA, access is granted based on identity and policy. The policies adapt based on changes in context (device health change, employee status change, suspicious activity, etc) – ensuring that access is always continuously adaptive. Only after proper inspection of traffic, and validation of identity and policy, does the ZTNA service broker a secure 1:1 connection between the authorised entity and the business application.
- In-office employee access. Avoid inherently trusting on-premises users and leverage publicly hosted zero trust brokers or private brokers that deploy within your own environment for a least-privilege access with simpler segmentation, faster user experience, easier compliance.
- Securing third-party access. Use agentless access to securely enable business ecosystem partners, suppliers, vendors and customers to access critical business data, without granting access to the corporate network.
- Accelerate IT integration during M&A or divestitures. ZTNA helps accelerate the process of each down from nine to 14 months, to just days or weeks, by avoiding the need to consolidate (or split) networks, to deal with NAT-ing for overlapping IPs, or to stand up expensive VDI infrastructure.
Andre Kannemeyer, CTO at Duxbury Networking, says: “We see a lot of customers with security concerns associated with digital business enablement, remote work and cloud transition. As PaaS, SaaS and IaaS use increases, there is more data outside of the data centre, more users are working remotely and VPNs are typically sluggish and exploitable. Using outdated network topologies, it is impossible to protect all of this.
Benefits provided by a ZTNA include:
- Protecting your business.
- Delivering a better experience for your users.
- Reducing the costs of network infrastructure.
- Complying with industry regulations.
“ZTNA has been one of the buzzwords floating around for the last couple of years and a lot of our clients have considered it. We see a large adoption rate in the large enterprise space and expect the same adoption rate to grow in the small and medium business markets,” says Kannemeyer.
Duxbury will be hosting an event on 21 September in Cape Town on ZTNA technology. For further information on the event, please email email@example.com
Since its formation in 1984 by CEO, Graham Duxbury, Duxbury Networking has embraced ongoing technological changes within the ICT sector in order to provide its customers with access to the latest trends and solutions. Satisfying the evolving and diverse needs of its customer base is achieved through an emphasis on sourcing cost-effective, high-quality products from carefully selected local and international vendors. Aligned with this is the provision of uncompromising technical support, which is possible due to an extensive investment in the training and upskilling of its team. The company is driven to take an active role in reshaping and redefining the South African digital landscape in its mission to help its customers build a network that will support current and future technologies.