Webinar:
First Line of Defense: Menlo Secure Enterprise Browser
Icon Rounded Closed - BRIX Templates

ZTNA 2.0: What it means and why it matters to your agency

Mark Guntrip
|
September 29, 2022
linkedin logotwitter/x logofacebook logoSocial share icon via eMail

Two years after the pandemic forever changed how we work, IT teams continue to struggle with providing fast, reliable, and secure application access to remote workers.

At the onset of the pandemic, immediate access was the priority. Newly remote workers required access to the tools and information they needed to keep the business running as if they were in the office. But now, two years later, the chickens are coming home to roost. The shift to hybrid work has expanded threat surfaces and opened the door for highly sophisticated threats that leverage advanced evasion techniques to easily bypass legacy security technology. Ransomware, spearphishing, credential theft, and other malware attacks are growing in volume and success — providing a major risk to your workers, data and constituents.

It’s time for IT teams at state and local government agencies to acknowledge the security concerns of the remote access connectivity solutions they hastily put in place two years ago. They need to finally close these security gaps by adding back in the security visibility and control that was lost when the world turned upside down.

Applying a Band-Aid to address connectivity issues

Many agencies responded to the acceleration of digital transformation and work-from-home policies by deploying Zero Trust Network Access (ZTNA) tools as a way to replace or augment existing virtual private network (VPN) environments that couldn’t handle the massive increase in traffic. Based in the cloud, these ZTNA solutions serve as highly scalable, direct connections between applications and a highly distributed workforce.

However, once that connection is established, IT has no visibility into traffic or policy control — leaving the organization vulnerable to malicious activity. Once a user (or, in unfortunate cases, a threat actor) is authorized to access an application, they can essentially behave in any way they want. This prevents the agency from identifying abnormal behavior such as making admin or configuration changes or exfiltrating data.

ZTNA solutions provided a crucial Band-Aid that was applied in unprecedented times, but they eliminated much of the security and visibility that VPN access provided for remote workers. Two years into the new normal, it’s time to implement a better, more secure network access solution that meets the connectivity, security, and user experience expectations of today’s way of working.

Enter next-gen ZTNA solutions

Next-gen ZTNA solutions combine the accessibility of legacy ZTNA products with robust security and visibility capabilities that protect the organization from today’s Highly Evasive Adaptive Threats (HEAT). These highly sophisticated threat actors use advanced evasion techniques to make an initial breach and then spread laterally through the network. Enhancing legacy ZTNA solutions with visibility and policy control allows security teams to prevent these initial breaches and identify potentially malicious activity.

But not all next-gen ZTNA solutions are created equal. Here are two things to consider when looking to fill security gaps in remote application access capabilities for a hybrid workforce:

1. Bidirectionality

Legacy ZTNA solutions focus on application security while leaving the user and data exposed. The ability to monitor traffic in both directions expands protection to the user and the data — ensuring that a malicious actor who has already made an initial breach is not able to spread laterally through the network. Next-gen ZTNA solutions provide this bidirectional visibility into all communication — allowing security teams to protect users from attacks originating from an application and implement Data Loss Protection (DLP) policies.

2. Integration

Complexity and inconsistency are the death knell for robust security. You can’t secure private applications differently than web apps or Software as a Service (SaaS) platforms, and you shouldn’t have to use different solutions to protect data and users. Security capabilities should be layered on top of each other, working together to orchestrate fast, reliable, and secure experiences for users. Next-gen ZTNA solutions should integrate seamlessly with your existing security investments — expanding protection and visibility.

3. Closing ZTNA security gaps

Today’s security solutions need to protect users, data, and applications from increasingly sophisticated malicious actors. While legacy ZTNA solutions focused almost exclusively on access, the next generation of ZTNA solutions needs to add the security that the modern hybrid workforce needs. We’ve been flying blind for two years, so now it’s time to close those gaps.