Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

Universal ZTNA is Fundamental to Your Zero Trust Strategy

Universal ZTNA ensures that every user and device has secure access to the applications they need to do their jobs

Universal ZTNA ensures that every user and device has secure access to the applications they need to do their jobs

Digital transformation requires a fundamental security paradigm shift that catches many organizations unprepared. New business demands, fueled mainly by the recent transition to a hybrid workforce model, mean any user on any device needs to access resources distributed across the network. This inevitably introduces security challenges because point security products cannot deliver consistent and comprehensive end-to-end security policies across all those environments and scenarios.

Part of the challenge is that most organizations use a security model that defines trusted users and devices by which side of the perimeter they are on. Because users and devices inside the perimeter are trusted implicitly, they have broad access to resources. But that’s not how most networks today work. Perimeters are eroding. Applications, data, and other resources can be deployed anywhere, and users and devices need access regardless of location. And worse, those networks are also subject to constant change. Traditional security solutions were simply never designed to protect these fluid, perimeterless environments.

Zero Trust requires rethinking security

Rather than dialing back on digital acceleration, organizations are being encouraged to adopt Zero Trust as a corporate security strategy. The basic idea behind Zero Trust is that today’s network perimeters are highly porous and distributed, making every transaction a potential risk. As a result, every user and device must be authenticated, specific rights granted based on a least privilege model, and continuous monitoring applied. But according to Gartner, while “60% of organizations will embrace Zero Trust as a starting point for security by 2025”, “more than half will fail to realize the benefits.”

That’s because while the idea of transitioning from implicit Trust to an explicit Zero Trust model is compelling, it’s easier said than done. Explicitly securing every user, device, and application—whether on-premises or remote, in the cloud, within a specialized OT environment, or part of a distributed IoT strategy—allows organizations to implement effective digital strategies to meet business demands without creating security gaps that cybercriminals are eager to exploit. But achieving that consistently across the network is another matter. 

Zero Trust Access (ZTA) can require rethinking and retooling fundamental network and security functions, like access and authentication. Dynamic network segmentation, microsegmentation, and Network Access Control need to be put in place not just to control user access but literally every device on the network, from printers to HVAC systems to badge scanners. And it requires coordinating solutions across the entire distributed network, whether access controls are deployed at the edge, on-prem, or in the cloud.

Even ZTNA can create unexpected challenges

Advertisement. Scroll to continue reading.

One of the easiest ways to get started is to add ZTNA to your security strategy. Zero Trust Network Access provides foundational ZTA functionality right out of the box to ensure secure, granular, and authenticated access to applications and data no matter where they are located. Per-user and per-application rules can be easily set up, per-user/per-application access rights can be enforced, connected users can be easily monitored, and intervention can be automatically triggered when anything happens outside of policy.

However, even with ZTNA, it is vital that organizations carefully consider the use cases they need to address now and in the future. Many ZTNA solutions are optimized to preferentially support cloud-based applications to secure remote users. But that doesn’t work for the growing number of organizations with a hybrid network that includes both cloud-based and on-premises applications. To be most effective, ZTNA must operate as close to the application as possible, which means that ZTNA must be deployed in multiple environments. This eliminates challenges such as hairpinning traffic through the cloud when accessing an application running on a server across the hall. 

The need for a Universal ZTNA solution

When every space is an office space, and every user operates as their own network edge, Universal ZTNA is the answer. Universal ZTNA can be deployed anywhere—as a cloud-native solution in public and private clouds, in physical and virtual data centers, at the network edge, in the cloud as a service, and as an agent on endpoint devices. It ensures that every user or device anywhere on the network needing access to applications is protected with a single enforcement policy while helping organizations augment or transition away from their aging VPN technology

Because Universal ZTNA operates as a single, integrated solution regardless of where it is deployed, it also enables centralized management, consistent policy enforcement, and coordinating policies and transactions between environments. Rather than adding complexity to an already overburdened IT team, visibility and control are increased. And because security alerts are centralized, response times can be accelerated, providing consistent protection and control on-prem and in the cloud.

Adding Universal ZTNA to SD-WAN also provides seamless protection and end-to-end monitoring for complex transactions between home, campus, branch, multi-cloud, data center, and OT networks, which is vital in helping organizations move towards a SASE strategy. In addition to securing traditional SD-WAN connections, such as imposing per-user/per-application access control between a branch user and the cloud, it also adds a critical layer of protection for advanced cloud-to-cloud and cloud-to-data center SD-WAN connections.

Universal ZTNA – Secure Access to Applications Anywhere

Business models are undergoing rapid transformation, adding complexity to networks and increasing organizational risk. Beginning down the Zero Trust path helps ensure that security systems have the flexibility to adapt to digital transformation demands. Universal ZTNA is the easiest and most effective way to begin that journey, ensuring that every user and device has secure access to the applications they need to do their jobs.

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Funding/M&A

The private equity firm merges the newly acquired ForgeRock with Ping Identity, combining two of the biggest names in enterprise IAM market.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...