Security Experts:

Building a Secure Remote Connection Solution for Today's Business

The need for secure and reliable connectivity continues to be top of mind for many organizations. The persistence of the pandemic is making this essential. But even if it wasn’t, many organizations are now committed to implementing permanent hybrid work and learning models, where employees and student alternate between on-premises and remote participation. The challenge of this transition involves more than just simple connectivity. Issues like reliability, scalability, and flexibility are essential to maintaining quality of experience (QoE) for users, without sacrificing protection for application performance.

Two solutions that every organization needs to secure and connect a work-from-anywhere (WFA) strategy is Zero Trust Network Access (ZTNA) and Secure SD-WAN.

Zero Trust Network Access

Many organizations rely on virtual private networks (VPNs) to create encrypted tunnels back to the company network. One new technology that is rapidly becoming crucial for organizations looking to evolve their VPN remote access is zero-trust network access (ZTNA). It simplifies secure connectivity by providing seamless, per-use access to applications, no matter where the user or application may be located.

ZTNA is also a critical extension of a zero trust security strategy. Zero trust assumes that every user or device is potentially compromised. As a result, access to resources is only granted after verifying the user and device. It also follows the least privilege principle, which means that once a user and device have been authenticated, access is only granted to those resources needed to do their job. Connections are then monitored to ensure that they comply with policy. 

ZTNA applies this same principle to application access. Unless specified by policy, location does not necessarily grant trust, so where a user is working from becomes irrelevant. This means that the same zero trust approach applies no matter where a user or device is physically located, so access to business-critical applications is consistently protected across hybrid worker and network models. ZTNA also only grants per-session access to individual applications and workflows, even after a user and/or device has been authenticated. This multi-step process happens automatically and invisibly. Users are verified and authenticated to ensure they are allowed to access an application before being granted access. And every device is also checked to ensure the device meets the application access policy. And these checks happen each time an application is accessed. And beyond simple password authentication, authorization also leverages a variety of contextual information, including user role, device type, device compliance, location, time, and how a device or user is connecting to the network or resource.

A true zero-trust approach to cybersecurity is a complex process that touches many systems and may take years to fully implement. But because ZTNA is much simpler to deploy, it can be run independently, to augment other systems, such as VPN or as a good first step as part of a larger ZTA strategy. 

Organizations looking to implement ZTNA should understand that not every solution is the same. Some may be limited in the types of applications they can support. Others only offer a partial solution. Building a complete ZTNA solution from scratch requires a variety of components: a client, a proxy, authentication, and security. When these elements are cobbled together from different vendors, run on different operating systems, and use different consoles for management and configuration, establishing an effective and manageable solution can be difficult.

Secure SD-WAN

Another critical technology for enabling and securing the WFA workforce is SD-WAN. An effective SD-WAN solution is essential for organizations that need to connect branch offices and remote workers to multiple cloud environments. SD-WAN accelerates the delivery of cloud-based resources, whether those assets are deployed in a private or public cloud environment or users require access to business-critical Software-as-a-service (SaaS) applications, such as Salesforce, Microsoft Office 365, or streaming video and teleconferencing. 

However, the same challenges related to ZTNA apply to SD-WAN. Providing reliable access to cloud-based resources requires accelerated cloud on-ramp, broad application support, and granular controls, including dynamic failover, SLA-based application steering, and application availability—even during brownout or blackout conditions. Proven, enterprise-grade security is another critical function that is essential but that can be expensive to deploy after the fact. And which few SD-WAN vendors provide.

Finding the solution that’s right for you—today and tomorrow

When researching WFA solutions, organizations also need to make sure adaptability is part of the equation because circumstances and plans change. For maximum flexibility and to future-proof your investment, a solution provider should be able to support a variety of uses cases, including cloud-to-cloud and cloud-to-data center connections. It should also support you throughout your business transformation efforts, whether you plan to return all employees to the office, continue work-from-home policies, or any hybrid work combination in between. The ability to support the full range of work-from-anywhere models, even when they change, is essential to maintain QoE regardless of where a worker is performing their job. This is something all solutions need to accommodate. And most importantly, they should be able to do it securely.

view counter
John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.