Virtualization Technology News and Information
Article
RSS
OPSWAT 2023 Predictions: Why ZTNA Will Emerge as a New Standard for Secure Access

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

Why ZTNA Will Emerge as a New Standard for Secure Access

The Rise of ZTNA Solutions in a Post-COVID Security Landscape

By Itay Glick, VP of Products at OPSWAT

Hybrid work is now the norm for most organizations in the post-COVID landscape, creating new challenges for security personnel. Non-compliant devices, when connected to an organization's network, may become a threat vector for malicious actors to access important internal resources. As cyber-attacks such as the recent Zeppelin ransomware attack have demonstrated, if threat actors can exploit just one vulnerability, the rest may fall apart like a house of cards. 

VPNs have been the usual defense against unsecured access, but they bring considerable security liabilities to an organization which, among other reasons, have driven enterprises to seek alternatives. The COVID pandemic, which forced organizations to provide employees remote access to corporate assets, was a catalyst for organizations to ensure both secure access and a seamless user experience. Featuring a far more secure network as well as better performance and user experience, Zero Trust Network Access (ZTNA) is emerging as the VPN replacement.  

The Problems with VPNs 

Remote workers have been using VPNs for years. VPNs work by acting as an intermediary and they reroute incoming connections. When remote workers connect to the VPN, they connect to an encrypted channel that prevents malicious actors from snooping on sensitive data. 

However, VPNs come with their own set of issues. While performance issues cause inconveniences to remote workers which is less acceptable in a hybrid working environment, VPN servers are vulnerable to outside threats as they are constantly exposed to the internet. In addition, once a user is granted access to the network via the VPN, they have free rein to access any corporate resource on the network. This "all-you-can-eat" access enables users to access not only required applications but also all other applications they may have no business accessing. For a hacker, this is a great opportunity to leverage compromised accounts, as once they are in, they can move laterally to gain unrestricted access to all corporate resources.

Organizations need a more secure alternative. In fact, regulators are requiring them to adopt one. More specifically, they point to Zero Trust Network Access to be implemented for ensuring secure access.  

What is ZTNA? 

ZTNA is an approach that grants secure access to remote users based on an adaptive trust model, where trust is never implicit. Remote workers can only access resources on a need-to-know and least-privileged basis. 

Forrester defines Zero Trust Access as adhering to the following three principles: All entities are untrusted by default; least privilege access is enforced, and comprehensive security monitoring is implemented.

To understand the centrality of ZTNA, one can look to Gartner (who coined the term SASE in 2019 and later the security element in the SASE model - the Security Service Edge (SSE) where ZTNA is a central pillar). In their top cyber predictions for 2023, Gartner predicts that by 2025, 80% of enterprises will adopt a strategy to unify web, cloud, and private application access from a single vendor's Security Service Edge (SSE) platform.

Why ZTNA is the New Standard for Secure Access 

There are many reasons why ZTNA is taking the center stage. Here are just a few:

Secure Network Access  

Unlike traditional VPNs, ZTNA solutions only provide users access on a need-to-know basis. This means that users will not gain access to resources that they do not need for their tasks, preventing data leakage.  

Better User Experience 

Remote workers who use VPNs have complained about bad user experience, mostly due to policy inconsistencies between on-prem connections and cloud-based ones. ZTNA solutions offer universal policies anywhere, whether on-prem or cloud, vastly improving user experience.  

The Cost of Not Implementing ZTNA Can Be High

While implementing ZTNA is important for organizations of all types, for critical infrastructure, the need is even more imperative. In January 2022, the White House released a new directive that highlighted the federal zero-trust strategy, demanding that agencies should implement zero-trust.

In addition, The US Department of Defense announced in November 2022 a plan outlining what it will take to achieve "targeted zero trust" by fiscal 2027. There is a need to address current threats, including those posed by adversaries like China - starting with a zero-trust cloud pilot this fiscal year. Other regulators are pushing in this direction as well.

In its 2022 Data Breach Report, IBM shows that critical infrastructure lags behind other organizations in implementing ZTNA. 79% of critical infrastructure does not yet have a Zero-trust approach to cybersecurity. Translating that into real financial loss, organizations that didn't have a Zero-trust approach implemented had an average cost of $1M (25%) more than those who did. And with 83% of organizations (according to the report) having had more than one data breach, this is significant money. [1]

The consequences for not adopting ZTNA can be catastrophic, as the Colonial Pipeline ransomware attack demonstrated.  To sum it up in the optimistic words of the World Economic Forum: "To cope better with cyber threats such as the Colonial Pipeline ransomware attack that affected the largest refined-oil pipeline in the United States, industry players are increasingly turning to the Zero Trust security model." [2]

Perhaps the industry has finally got the message.

##

ABOUT THE AUTHOR

Itay Glick, VP of Products, OPSWAT

Itay-Glick 

Itay Glick at global technology companies based in the U.S., Europe, and Asia. Before OPSWAT, he served as AVP of network and cloud security at Allot, and before that, founded his own company and played a key role in managing the development of equipment for the lawful interception market on behalf of Verint Systems. Itay launched his career as a software engineer in an elite intelligence unit of the Israel Defense Forces. He holds an M.B.A. from Bar-Ilan University and a B.Sc. in electrical engineering from the Technion - Israel Institute of Technology.



[1] Cost of a Data Breach Report 2022, IBM Security

[2] The ‘Zero Trust' Model in Cybersecurity: Towards Understanding and Deployment, Community Paper, August 2022

Published Tuesday, December 27, 2022 7:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2022>
SuMoTuWeThFrSa
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567