Virtualization Technology News and Information
Zero Trust Network Access Explained

By Joe Gleinser Co-Founder and Chief Product Officer of Trustgrid

As the workforce has left the confines of an office environment they have taken with them the old models of network security. The devices they work from are now much more difficult to manage and they are working from  home offices, airports or using the wifi at a vacation rental in Wyoming.

Prior to this abrupt disruption to the traditional workplace, IT infrastructure had been going through its own transformation as applications that used to be exclusively hosted in centralized corporate data centers are now served from public and private cloud environments.

And while the workplace and its IT environment has changed, there are many things that haven't... Applications still need to be accessed, end users still present the biggest security risk, and ensuring productivity is still a top business priority.

The sudden changes of 2020 have put a spotlight on the fact that decades old VPN technology no longer meets the needs of today's modern workforce. Problems such as lack of support for cloud applications, high latency from tromboning traffic to a centralized location before reaching its final destination, and a lack of east/west network access protections have caused organizations to seek a better way to secure access for remote users. And when challenged to rapidly scale the number of concurrent users VPN's faced their ultimate day of reckoning.

These dynamics have given rise to a new network security approach called Zero Trust Network Access (ZTNA). Zero Trust Network Access is an identity-focused security model that authenticates every user trying to access a resource on a private network. The goal of ZTNA is to limit the blast radius of a compromised user, centralize visibility of all connections, and to use its integration with leading identity providers to enhance the organization's overall security posture.

At its most basic, ZTNA is just another way to implement network access control. Traditional networks divide users into two groups - trusted and untrusted. Those inside the internal network were deemed ‘trusted', the untrusted were users external to the network. This castle and moat approach created a hardened exterior perimeter, but left the internal network soft and unprotected.

Zero Trust Network Access enhances network segmentation to a one-to-one model that creates tailored network sessions between each user and application. This micro-segmentation only provides access to a single application at a time.

Compared to VPN, ZTNA provides a number of important security distinctions. First, instead of allowing traffic to tunnel through a firewall unchecked, ZTNA isolates application access from corporate network access. This means that infected devices and traffic cannot pass malicious code across an IT environment and limits the damage of a breach.

Next, ZTNA helps to minimize the risk of DDoS attacks and other IP based threats by hiding the IP addresses of private networks and applications and only exposes them to authenticated users. Malicious actors can't attack what they can't see.

And finally, it restricts user access to only approved applications. These policy-defined permissions are tied to a user's identity creating a least privileged access model for all IT resources and prevents east/west movement. And because each session starts with an authentication of the user, it creates an auditable log of all access events.

On top of the obvious security benefits, ZTNA also enhances the user experience for end users. By eliminating the routing of traffic through data center bottlenecks, user's traffic is routed directly to the application. This reduces latency and ensures that a user has a consistent experience no matter how far they are from the corporate data center.

From a management perspective, ZTNA simplifies network infrastructure. As a software-based solution it is easy to deploy without the need to configure and manage expensive proprietary appliances. ZTNA doesn't require a rip and replace of legacy IT investments and can run alongside existing VPN infrastructure. Management of firewall policies are no longer needed for remote users and granular access policies can be built at both the application and user level. Its ability to provide visibility into application access also helps streamline the efforts of compliance and support teams.

Until recently, ZTNA was an architectural concept built by security engineers who pieced together various elements to build one-off infrastructure. But over the last year or so, solution providers, recognizing the need for a more integrated approach, have begun deploying turn key, scalable solutions to meet the demand. As the changes of 2020 continue to ripple across the workplace, expect to see ZTNA replace much of the space that end-user VPN has dominated.


About the Author

Joe Gleinser, Co-Founder and Chief Product Officer of Trustgrid

Joe Gleinser 

Joe is a seasoned technology executive with experience in growing technology product and service organizations in highly competitive markets. Prior to Trustgrid, he co-founded and led GCS Technologies, a managed service provider in Austin, Texas. GCS has been featured in the Inc 5000, ABJ Fast 50, and was twice named a ChannelPro 20/20 Visionary.

Published Wednesday, December 09, 2020 7:41 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2020>