Virtualization Technology News and Information
VMblog Expert Interview: Banyan Security Survey Reveals Interesting Findings in Zero Trust Network Access (ZTNA) Adoption


Banyan Security recently revealed new research highlighting organizations' preferences and hesitations for adopting modern remote access solutions.

While VPN deployments remain the most popular option for secure remote access, adopting a zero trust model is a top priority for almost all organizations.

To better understand those findings, VMblog spoke with Den Jones, CSO at Banyan Security.

VMblog:  First off, what surprised you about the survey results?

Den Jones:  Well to begin with, we were excited to see the number of respondents who know about and are actively seeking to implement zero trust in their organizations, as evidenced by their budgetary commitment. This is an important shift as more IT professionals are realizing not just the benefits of Zero Trust Network Access (ZTNA) over traditional VPNs and other security systems, but that they are, in fact, easier to implement than they once thought. In the past, ZTNA was considered a laborious undertaking which could take months to complete across an organization's network. Now, however, with the newest tools available, network administrators and IT professionals can look to implement ZTNA solutions quickly, efficiently, and without interrupting any existing network service.

VMblog:  ZTNA has become a very popular word amongst IT & security professionals. However, that doesn't mean they're actually implementing it. What are the current trends that your research shows around ZTNA that are currently being seen in the wider community, and how has the community done in their work to put ZTNA security protocols in place?

Jones:  While the phrase "zero trust" has become a catch-all phrase recently for new security implementations, we're concerned with the number of respondents who still believe ZTNA is a large undertaking for their organization. The awareness and acknowledgement of its importance/benefits are definitely up compared to previous years; however, it's still taking many organizations - particularly small and medium sized businesses - time to move away from network-centric solutions like legacy VPNs. However, even though there are some hiccups amongst the industry where we see slow implementation, the overall trend is one of keen uptake when it comes to professionals and organizations that are looking to bring their security posture into the future - especially as remote work continues to be normalized throughout many different sectors.

VMblog:  What are some practical differences that an organization can expect to see between a legacy VPN and a ZTNA infrastructure?

Jones:  VPNs do not provide granular network protection, nor do they address network security as narrowly as ZTNA. While a VPN allows a user to mask their IP address, it still relies on very broad network-based protection, allowing attackers to move laterally within a network once compromised. A well-constructed ZTNA infrastructure allows an organization to breathe easy with the peace of mind that their assets are only accessible by those that are allowed to interact with them. The principle of least privilege is applied here, only giving workers access to those resources needed to do their job. Granular access can be defined by worker type (employee vs. contractor), group membership, role, resource sensitivity, etc. Device trust ensures that users can only access resources from known, trusted devices, providing an additional strong layer of security that also enables passwordless access, if desired. Finally, ZTNA continuously verifies and validates users in real time based on user identity, device identity, and device security posture assessments.

VMblog:  How can an organization begin to implement a ZTNA framework into their existing IT security stack?

Jones:  One recommendation is to stay grounded on tangible business outcomes and value statements. CISOs have budget constraints and need to determine where to spend their limited funds, and ultimately ensure those investments show results. Of course, a CISO's number one job is to ensure organizational security, but they should also focus on investments that improve workforce experience or are tied to a previous breach (if not yours, one that impacted your industry).

Another recommendation is to incrementally deploy zero trust by application or user/group. By methodically implementing key zero trust measures such as least privilege access, continuous authorization, device trust, and multi-factor authentication, the entire process is eased since you don't have to "rip and replace" what you already have deployed and working. You can focus on specific divisions or teams within the organization instead of the entire business all at once.

VMblog:  What are some hesitations that you have heard from organizations through this research surrounding the implementation of a ZTNA infrastructure? How would you recommend addressing those hesitations?

Jones:  We have heard a number of concerns from respondents on how they believe it can take a long time to implement a well-constructed ZTNA infrastructure. While in the past this might have been the case, implementing zero trust principles has become significantly easier, as mentioned in my previous answer. Another concern we heard was the price - both in terms of purchasing a service and the downtime of the current network while implementing the new one. Simple, per-user pricing is the norm, and since the leading solutions can be deployed incrementally, downtime is not a concern. Some vendors even offer a free, no-cost solution for smaller teams. Businesses no longer have to worry about whether they can implement a stronger security posture based on zero trust, they simply need to take the first step to do it.

VMblog:  Based on the recent research you conducted, how likely are we to see the uptake of ZTNA in organizations in the coming months and years?

Jones:  The research confirms that IT & Security professionals are committed to adopting a zero trust strategy. As time goes on, we're confident that zero trust will become the gold-standard - not just desirable, but expected of security organizations. In just the last few months, more organizations than ever are implementing stronger security measures that incorporate ZTNA, including popular household brand names. As the threat landscape continues to shift due to rising tensions stemming from the war in Ukraine and continued impacts on the global supply chain due to COVID-19, we will continue to see what this survey has confirmed - near-universal awareness of ZTNA, and near-term budgetary commitments to implement it.

VMblog:  This has been great information. Where can readers go if they want to download more information about your survey results?

Jones:  Readers can see the full details of the survey on our blog here.

Published Tuesday, August 02, 2022 7:30 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2022>