Zero trust network access (ZTNA) is becoming increasingly relevant as the concept of the perimeter, and the traditional “castle-and-moat” mentality of cybersecurity, becomes obsolete. The advent of mobile devices, Wi-Fi networks, remote work, and work-from-home models, internet-of-things (IoT) devices, cloud computing, SaaS apps, and the increasing diversification of the modern workforce have all contributed to the erosion of the perimeter and have added exponential scope and complexity to the attack surface.
Traditional security models were based on the idea of a perimeter, where the local network and all of the users and devices connected to it were considered safe by default, while the network perimeter acted as a barrier to keep unwanted users and unauthorized or potentially malicious traffic out. However, digital transformation – especially applications and resources moving to the cloud – and the rise of mobile devices have made it difficult to define a clear boundary between the “inside” and “outside” of a network. This has led to a shift to a philosophy of “people are the perimeter.”
Everything Is Remote
The full-blown adoption of cloud computing and end-user mobility has effectively made all applications and resources “remote.” There is still a mindset that you don’t need to be as vigilant or worry about users or devices if you’re at the office, but that is no longer true. Ironically, users who are technically inside what was once the perimeter are still effectively remote because the applications and data they are connecting to exist in the cloud outside of the organization. All of this makes it even more challenging to define a perimeter. As a result, the traditional security model is no longer able to protect against today’s ever-evolving threat landscape.
It is actually a liberating concept. The sooner organizations and IT security teams can dispel the notion that they can relax their security for users or devices at the office, the faster they will have better visibility, easier to manage, and more consistent policies. The sooner they get the old thinking out of their head, the sooner they can simplify their world and improve their security.
Zero Trust Network Access
ZTNA addresses these challenges by shifting the focus from the network perimeter to the devices that the workforce uses. Instead of relying on the network perimeter to keep unwanted users and traffic out, ZTNA uses multiple layers of security to protect devices and resources. This includes identifying and authenticating users and devices, securing communication channels, and enforcing security policies.
One of the key advantages of ZTNA is that it recognizes that not all devices are corporate-issued. This is an important consideration, as many companies are now allowing bring-your-own-device (BYOD) policies or have third parties who have devices that the company can’t touch. ZTNA addresses these situations by providing policy enforcement and security for all devices, regardless of whether they are corporate-issued or not.
When done right, ZTNA doesn’t rely on forcing all traffic through a firewall choke point in someone else’s cloud to inspect all traffic. Setting aside the potential performance impact and possible single point of failure for network traffic, this is important because very few companies have the talent and resources to really do anything with the data that is generated. Instead, ZTNA allows companies to handle traffic appropriately, depending on whether it is a corporate application in the private cloud, data center, public cloud, or SaaS website. This approach provides security while avoiding the performance and management penalties of forcing all traffic through a single point.
Embrace Device-Centric Security
The perimeter is dead. Or, more specifically, each device is its own perimeter from a cybersecurity perspective. ZTNA addresses the challenges posed by the extinction of the perimeter security philosophy by shifting the focus from the network perimeter to the devices that the workforce uses. It recognizes that not all devices are corporate-issued and handles traffic appropriately to provide security. While ZTNA is an important step forward in the evolution of cybersecurity, it is just one element of effective cybersecurity. For example, using internet threat protection to protect users from being phished, straying onto malicious websites, or being exposed to ransomware is another important consideration. Companies should embrace device-centric thinking to stay ahead of this ever-evolving threat landscape.
- Challenges of Securing the Modern Workforce - March 31, 2023
- John Gillis Talks about Automating the SOC with Browser Extensions - March 24, 2023
- Review: Surface Slim Pen 2 - March 20, 2023