By Joe
Gleinser Co-Founder and Chief Product Officer of Trustgrid
As the workforce has left the confines of an
office environment they have taken with them the old models of network
security. The devices they work from are now much more difficult to manage and
they are working from home offices,
airports or using the wifi at a vacation rental in Wyoming.
Prior to this abrupt disruption to the
traditional workplace, IT infrastructure had been going through its own
transformation as applications that used to be exclusively hosted in
centralized corporate data centers are now served from public and private cloud
environments.
And while the workplace and its IT environment
has changed, there are many things that haven't... Applications still need to be
accessed, end users still present the biggest security risk, and ensuring
productivity is still a top business priority.
The sudden changes of 2020 have put a
spotlight on the fact that decades old VPN technology no longer meets the needs
of today's modern workforce. Problems such as lack of support for cloud
applications, high latency from tromboning traffic to a centralized location
before reaching its final destination, and a lack of east/west network access
protections have caused organizations to seek a better way to secure access for
remote users. And when challenged to rapidly scale the number of concurrent
users VPN's faced their ultimate day of reckoning.
These dynamics have given rise to a new
network security approach called Zero Trust Network Access (ZTNA). Zero Trust
Network Access is an identity-focused security model that authenticates every
user trying to access a resource on a private network. The goal of ZTNA is to
limit the blast radius of a compromised user, centralize visibility of all
connections, and to use its integration with leading identity providers to
enhance the organization's overall security posture.
At its most basic, ZTNA is just another way to
implement network access control. Traditional networks divide users into two
groups - trusted and untrusted. Those inside the internal network were deemed
‘trusted', the untrusted were users external to the network. This castle and
moat approach created a hardened exterior perimeter, but left the internal
network soft and unprotected.
Zero Trust Network Access enhances network
segmentation to a one-to-one model that creates tailored network sessions
between each user and application. This micro-segmentation only provides access
to a single application at a time.
Compared to VPN, ZTNA provides a number of
important security distinctions. First, instead of allowing traffic to tunnel
through a firewall unchecked, ZTNA isolates application access from corporate
network access. This means that infected devices and traffic cannot pass
malicious code across an IT environment and limits the damage of a breach.
Next, ZTNA helps to minimize the risk of DDoS
attacks and other IP based threats by hiding the IP addresses of private
networks and applications and only exposes them to authenticated users.
Malicious actors can't attack what they can't see.
And finally, it restricts user access to only
approved applications. These policy-defined permissions are tied to a user's
identity creating a least privileged access model for all IT resources and
prevents east/west movement. And because each session starts with an authentication
of the user, it creates an auditable log of all access events.
On top of the obvious security benefits, ZTNA
also enhances the user experience for end users. By eliminating the routing of
traffic through data center bottlenecks, user's traffic is routed directly to
the application. This reduces latency and ensures that a user has a consistent
experience no matter how far they are from the corporate data center.
From a management perspective, ZTNA simplifies
network infrastructure. As a software-based solution it is easy to deploy
without the need to configure and manage expensive proprietary appliances. ZTNA
doesn't require a rip and replace of legacy IT investments and can run
alongside existing VPN infrastructure. Management of firewall policies are no
longer needed for remote users and granular access policies can be built at
both the application and user level. Its ability to provide visibility into
application access also helps streamline the efforts of compliance and support
teams.
Until recently, ZTNA was an architectural
concept built by security engineers who pieced together various elements to
build one-off infrastructure. But over the last year or so, solution providers,
recognizing the need for a more integrated approach, have begun deploying turn
key, scalable solutions to meet the demand. As the changes of 2020 continue to
ripple across the workplace, expect to see ZTNA replace much of the space that
end-user VPN has dominated.
##
About the Author
Joe Gleinser, Co-Founder and Chief
Product Officer of Trustgrid
Joe
is a seasoned technology executive with experience in growing technology
product and service organizations in highly competitive markets. Prior to
Trustgrid, he co-founded and led GCS Technologies, a managed service provider
in Austin, Texas. GCS has been featured in the Inc 5000, ABJ Fast 50, and was
twice named a ChannelPro 20/20 Visionary.