You’d never know that Zero Trust Network Access (ZTNA) has been around as long as it has, given the curious stares and fundamental lack of understanding whenever the topic comes up.
In fact, judging by some responses, it’s like the concept appeared yesterday, or two years ago when business was upended and workers traded offices for their homes. Before the pandemic, Gartner had modest predictions for the future of ZTNA — a 14 percent adoption rate by 2025 — but that changed after 2020, with the company now predicting a 50 percent adoption rate by 2023.
While it’s true that the pandemic underscored that ZTNA is an idea whose time has come, organizations have been mulling it over for quite some time, often as a part of their roadmaps for moving resources into the cloud. Perhaps hampering the embrace of ZTNA is a fundamental misunderstanding of what it is and how it can fit into existing security schemes.
First, let’s focus on Zero Trust. Simply put, Zero Trust is a “do not trust, always verify” approach to security. Zero Trust assumes that an entity or asset isn’t what it claims to be until it’s verified.
One reason the concept of Zero Trust confounds CISOs is that it differs vastly from technology such as VPNs, which traditionally have been the conduit to secure remote work for the better part of two decades. And when considering taking a Zero Trust approach to security, organizations may hesitate because they know its adoption and implementation is a lengthy process that racks up significant costs in both time and money.
It’s true that folding ZTNA into any security strategy does require retooling and retraining. However, the myriad benefits it brings make Zero Trust worth that time and effort — and the dollars spent.
With Zero Trust Network Access in play, organizations can:
In a business world where the hybrid work model is likely to dominate for quite some time — maybe forever — organizations must retool their security strategies to give workers access to the data and applications they need wherever they are, whenever they need them, and from whatever device they’re using. ZTNA provides dynamic access to apps and data, making for a more nimble work environment than VPNs allow, and ensuring that remote workers operate securely and remain productive regardless of their location or device.
Because applications and services must be verified before they can communicate with the user, and ZTNA calls for continuous monitoring of the communications between them in order to block malicious content and scan for DLP violations, the risk of miscreants exploiting systems and accessing sensitive data and apps is significantly reduced. A ZTNA approach literally demands identities to be constantly verified.
The accelerated shift to the cloud and the proliferation of assets brought by remote work and more complex environments have left organizations without the visibility they need. ZTNA brings security closer to the assets themselves.
Because ZTNA allows central management of security policies, it’s easier for organizations to move apps between data centers and cloud environments without reinventing security policy.
The vast majority of a user’s day is going to be spent working within applications that are browser-based and where a clientless approach makes the most sense. That’s where a cloud-based ZTNA shines. In addition, ZTNA doesn’t abandon those custom-built applications and edge cases that require a client.
Unfortunately, bad actors don’t just gain access, stay on a straightforward path, and duck back out. The real destruction comes when they move laterally through an environment. ZTNA’s strict control over network access not only ensures that unverified users don’t gain access to assets or share corrupt or malicious content, it also prevents authentication from deviating beyond established security policies.
ZTNA is a governance maven’s dream. It literally assesses each and every access request and tracks them, creating a verifiable audit trail. That makes governance easier, as well as reduces costs associated with security incidents.
Organizations have sunk quite a bit into their VPN strategies and they don’t want to abandon that investment. But workers’ rush back home as the pandemic shut down companies highlighted the vulnerability of VPNs. Not only did they sag under the weight of so many remote users, the “once you’re in, you’re in” approach to security didn’t prevent bad actors from accessing apps or sensitive data. There’s no reason for organizations to abandon their investment in VPNs — ZTNA can be used to complement an existing VPN schema and further tighten security.
ZTNA is purpose built to prevent bad actors from getting in, and it certainly won’t allow unauthenticated users to take anything out. ZTNA solutions should be designed from the ground up to scan data flow both ways to prevent either accidental or malicious loss of your organization’s data.
When looking at ZTNA solutions, it’s critical to find ones that tightly integrate with the rest of your security stack, such as Secure Web Gateways, Cloud Access Security Brokers, and Data Loss Prevention technologies. Having a single management console – to not only create policy but also gain visibility – is important to ensuring as much simplicity as possible for your already overworked security teams.
ZTNA can help organizations continue their digital transformation efforts, although the journey requires effort and diligence. In the end, the payoff is worth it. Once Zero Trust is set in motion, it’s far less cumbersome than a VPN strategy. To get the most out of ZTNA, organizations must align it to their business objectives, as well as their security team’s principles.