When you see the letters ZTNA, you may not immediately think cybersecurity, but you should, as those letters stand for zero-trust network access. This article explains what ZTNA is and why it is advisable for securing remote access.
Globally, work environments are re-opening to employees. Yet remote work is here to stay. The consulting firm McKinsey suggests that “the virus has broken through cultural and technological barriers that prevented remote work in the past, setting in motion a structural shift in where work takes place.”
According to a survey by Enterprise Technology Research (ETR), the percentage of global workers permanently working from home is expected to double in 2021.
That probably means a shift at your business, too. One obvious change is the need to provide remote access to systems and software. You may have provided employees with business laptops for use away from the office. Perhaps you added a virtual private network (VPN) to secure application access. Many businesses turned to cloud-based solutions as another answer.
Yet all this digital business transformation increases business cybersecurity risk. Remote workers want access from anywhere, anytime, from any device. While this supports convenient connections and collaborations online, the attack surface also grows.
In 2020, during the disruption of the pandemic, ransomware attacks grew 485%.
Traditional methods verify users relying on IP addresses and network location, but security and risk-management leaders suggest this approach involves “excessive implicit trust.” That’s why ZTNA’s identity- and context-based verification is the latest trend for businesses.
What Is ZTNA?
ZTNA is an adaptive, context-based way to offer remote-worker access. Developed in 2010, zero-trust security sees trust as a vulnerability. Trust undermines vigilance, according to ZTNA’s creator. Instead, ZTNA has three key ideas:
- Act as if you’ve been breached already.
- Verify explicitly.
- Limit user access to just enough access and just-in-time access.
If you assume everything is a potential threat, you will verify each access attempt. ZTNA doesn’t have to replace VPN completely, but it often will, especially as ZTNA addresses hardware and bandwidth limitations of traditional VPN access.
Some businesses add multi-factor authentication (MFA), too. The old model that establishes a safety perimeter based on device location is broken. Mobile and remote work have rendered it unreliable.
You can think of the “old way” of doing cybersecurity as the “castle and moat” approach. The security perimeter (the moat) was put up around a company network. Any users or devices already inside that perimeter (inside the castle) were trusted automatically.
Using this approach is outdated in today’s work world because all a hacker needs to do is compromise one user password and they’re trusted to be in the company’s network.
Disadvantages of this old approach include:
- Overuse of privileges (giving users higher privileges than they need)
- Lack of visibility into data security
- Data leakage coming from bring-your-own-device (BYOD) policies
- Relying too much on passwords to protect valuable company assets and data
ZTNA means that just because a device or user has made it inside your network, they’re not trusted by default. Checks and balances for authentication are deployed throughout the company network and cloud environment.
Advantages of using this zero-trust strategy include:
- Reduces risk of an insider attack
- Unauthorized devices/users are identified and blocked immediately
- Improves data privacy compliance
- Automates security through a consistent set of policies
- Mitigates the security risk of remote & mobile teams
Why ZTNA for Remote Work?
Remote workers connect via unsecured public networks or inadequately protected home networks. They use personal devices. So, ZTNA makes sense.
ZTNA grants access based on the identity of humans and their devices, but that’s not all. It adaptively considers contextual clues (such as time/date, geolocation, and device posture).
Adding MFA moves the verification of trust beyond a single factor. For example, a hacker with stolen access credentials might get past a single-factor check, but with MFA, the hacker would also need to have access to the individual’s physical device.
A strong zero-trust strategy verifies identities across all devices and users. No individual or device earns trust simply because it is within the network. The ZTNA approach gains visibility of all devices trying to access the network. This wariness also helps the business discover malicious applications or inappropriate user actions.
ZTNA uses the least-privilege-access principle. That means people access only what they need to do their work, no more. Plus, communications are encrypted, too.
All this makes the business system more resilient. Remote workers and partners enjoy a more flexible, responsive way of gaining access. Meanwhile, the business reduces its surface attack area. Only what is needed at that moment by that particular person is exposed to the internet, and the underlying network remains protected. Hackers are prevented from being able to move through the systems and wreak more havoc.
Starting with Zero-Trust Security
To get started with ZTNA, assess your current IT landscape, plan strategy, and execute changes. You don’t have to do this alone. Partner with our zero-trust security experts to put this method in place at your business. Contact us today!
Schedule a consultation by calling 1-866-433-5411 or reach us online.