Future of Networking – ZTNA (Zero Trust Network Access)
Why is zero-trust emerging as a new cybersecurity paradigm?
We can build Zero Trust with existing technologies like legacy VPNs, Privilege Access Management (PAM) solutions, Firewalls & DMZ’s, placing applications behind a WAF, Using CDN’s to arrest DDoS, Provisioning VDI, MFA, etc. We did help many organizations in achieving some of the zero-trust principles based on the traditional security models.
What is Zero Trust?
A zero-trust model replaces perimeter-centric security architecture. It ensures that security and access decisions are dynamically enforced based on identity, device, and user context. A Zero Trust security framework also dictates that only authenticated and authorized users and devices can access applications and data.
Zero Trust across the digital estate
Zero Trust Architecture – Guiding Principles
- Micro-segmentation, not network segmentation.
- Application access without network access
- Mask applications from the internet with outbound connections
- Integrations with SAML for identity-based access
- The internet must become the enterprise’s new transport network.
- Integrations with technologies for traffic inspection for outbound traffic, monitoring for botnet calls, data loss prevention, and visibility into anomalous activities. It ensures an overarching security view across privately and externally managed apps.
How it works:
- User authentication with IDP (first time only)
- Authorized user attempts to access an app; This creates a Client Connector tunnel.
- The SDP solution Service Edge enforces policy and sends a dispatch to connectors.
- The App Connector closest to the app sends outbound connections through a tunnel to SDP Service Edge
- The SDP Service Edge stitches together the connection between app and user.
Use Cases of Zero Trust
- Work from Home – VPN less (anti-DDoS, Global Load Balancer, Firewall appliance) fast, secure private application access.
- Zero Trust On-Premises – Enable least-privilege user access to private apps without network segmentation.
- Secure multi-cloud access – enables migration to the public cloud by standardizing on a single security service that works across all cloud platforms.
- Secure Partner Access – Ensure contractors on your payroll get access to the right apps, not the network.
- Accelerated M&A integration – Mergers and acquisitions (M&A) typically require converging multiple networks and dealing with overlapping IP addresses because of network address translation (NAT). So ZTNA reduces complexity & accelerates IT Integration projects.
Benefits of Zero Trust
- Users are NEVER placed on the network.
- Internal apps are entirely invisible.
- Lateral movement gets eliminated.
- The internet gets used as a secure means of connectivity.
- Good user experience with Security & Simplification
- Browser access service eliminates the need for a client on devices.
- Proxy-based architecture for a full inspection of encrypted traffic at scale
- Brings security and policy close to the user to eradicate unnecessary backhaul.
- Zero attack surface that does not expose your source networks and identities to the internet, preventing targeted attacks.
- Remote access solutions, offer poor visibility into partner activity limited to IP address and port data. Zero Trust provides comprehensive visibility into all partner activity down to the user, device, and named app level.