Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Why ZTNA Will Emerge as a New Standard for Secure Access
The Rise of ZTNA Solutions in a Post-COVID Security Landscape
By
Itay Glick, VP of Products at OPSWAT
Hybrid work is now the norm for most organizations in the
post-COVID landscape, creating new challenges for security personnel.
Non-compliant devices, when connected to an organization's network, may become
a threat vector for malicious actors to access important internal resources. As
cyber-attacks such as the recent Zeppelin ransomware attack have demonstrated, if threat
actors can exploit just one vulnerability, the rest may fall apart like a house
of cards.
VPNs have been the usual defense against unsecured access,
but they bring considerable security liabilities to an organization which,
among other reasons, have driven enterprises to seek alternatives. The COVID
pandemic, which forced organizations to provide employees remote access to
corporate assets, was a catalyst for organizations to ensure both secure access
and a seamless user experience. Featuring a far more secure network as well as
better performance and user experience, Zero Trust Network Access (ZTNA) is
emerging as the VPN replacement.
The Problems with VPNs
Remote workers have been using VPNs for years. VPNs work by
acting as an intermediary and they reroute incoming connections. When remote
workers connect to the VPN, they connect to an encrypted channel that prevents
malicious actors from snooping on sensitive data.
However, VPNs come with their own set of issues. While
performance issues cause inconveniences to remote workers which is less
acceptable in a hybrid working environment, VPN servers are vulnerable to
outside threats as
they are constantly exposed to the internet. In addition, once a user is
granted access to the network via the VPN, they have free rein to access any
corporate resource on the network. This "all-you-can-eat" access enables users
to access not only required applications but also all other applications they
may have no business accessing. For a hacker,
this is a great opportunity to leverage compromised accounts, as once they are
in, they can move laterally to gain unrestricted access to all corporate
resources.
Organizations need a more secure alternative. In fact, regulators are requiring them to adopt
one. More specifically, they point to Zero Trust Network Access to be
implemented for ensuring secure access.
What is ZTNA?
ZTNA is an approach that grants secure access to remote
users based on an adaptive trust model, where trust is never implicit. Remote
workers can only access resources on a need-to-know and least-privileged
basis.
Forrester defines Zero Trust Access as adhering to the
following three principles: All entities are untrusted by default; least
privilege access is enforced, and comprehensive security monitoring is
implemented.
To understand the centrality of ZTNA, one can look to
Gartner (who coined the term SASE in 2019 and later the security element in the
SASE model - the Security Service Edge (SSE) where ZTNA is a central pillar).
In their top cyber predictions for 2023, Gartner predicts that by 2025, 80% of
enterprises will adopt a strategy to unify web, cloud, and private application
access from a single vendor's Security Service Edge (SSE) platform.
Why ZTNA is the New Standard for Secure
Access
There are many reasons why ZTNA is taking the center stage.
Here are just a few:
Secure
Network Access
Unlike traditional VPNs, ZTNA solutions only provide users
access on a need-to-know basis. This means that users will not gain access to
resources that they do not need for their tasks, preventing data
leakage.
Better
User Experience
Remote workers who use VPNs have complained about bad user
experience, mostly due to policy inconsistencies between on-prem connections
and cloud-based ones. ZTNA solutions offer universal policies anywhere, whether
on-prem or cloud, vastly improving user experience.
The
Cost of Not Implementing ZTNA Can Be High
While implementing ZTNA is important for organizations of
all types, for critical infrastructure, the need is even more imperative. In
January 2022, the White House released a new directive that highlighted the federal
zero-trust strategy, demanding that agencies should implement zero-trust.
In addition, The US Department of Defense
announced in November 2022 a plan outlining
what it will take to achieve "targeted zero trust"
by fiscal 2027. There is a need to address current threats, including those
posed by adversaries like China - starting with a zero-trust cloud pilot this
fiscal year. Other regulators are pushing in this direction as well.
In its 2022 Data Breach Report, IBM shows that critical
infrastructure lags behind other organizations in implementing ZTNA. 79% of
critical infrastructure does not yet have a Zero-trust approach to
cybersecurity. Translating that into real financial loss, organizations that
didn't have a Zero-trust approach implemented had an average cost of $1M (25%)
more than those who did. And with 83% of
organizations (according to the report) having had more than one data breach,
this is significant money. [1]
The consequences for not adopting ZTNA can be catastrophic,
as the Colonial Pipeline ransomware attack demonstrated. To sum it
up in the optimistic words of the World Economic Forum: "To cope better with
cyber threats such as the Colonial Pipeline ransomware attack that affected the
largest refined-oil pipeline in the United States, industry players are
increasingly turning to the Zero Trust security model." [2]
Perhaps the industry has finally got the message.
##
ABOUT THE AUTHOR
Itay Glick, VP of
Products, OPSWAT
Itay Glick at global technology companies
based in the U.S., Europe, and Asia. Before OPSWAT, he served as AVP of network
and cloud security at Allot, and before that, founded his own company and
played a key role in managing the development of equipment for the lawful
interception market on behalf of Verint Systems. Itay launched his career as a
software engineer in an elite intelligence unit of the Israel Defense Forces.
He holds an M.B.A. from Bar-Ilan University and a B.Sc. in electrical
engineering from the Technion - Israel Institute of Technology.
[1] Cost of a Data Breach Report 2022, IBM
Security
[2] The ‘Zero Trust' Model in Cybersecurity:
Towards Understanding and Deployment, Community Paper, August 2022