ZTNA - What is it and why do you want it?

The abbreviation ZTNA stands for Zero Trust Network Access. This is also called a software-defined perimeter or SDP. It ensures that you give secure access to private applications without giving the user access to the enterprise network.

Why do enterprises want a ZTNA?

Everything is being moved to the cloud and more and more sensitive data is being stored in this cloud. In the past, it was possible to secure a network by securing the connection to the internet with a firewall. Nowadays users work from home or on the road and the data itself can be in the office or stored in a cloud application. As a result, a simple firewall as a digital guardian no longer suffices.

External attacks and internal threats are increasing every day. These attacks and threats have increased security awareness in all industries and security investments are growing. However, the security effect is not so satisfactory, one security incident after another is coming to light. ZTNA is a must if an organisation as a whole is to be properly protected, wherever the users and the data are.

The zero-trust network architecture has set up a dynamic, digital identity-based perimeter with four important properties:

• Access based on identity
• Secure access to files and applications
• Continuous evaluation of the user and his access throughout the day
• Strong access control

Trust is the problem

The main cause of the failure of traditional security architecture is trust. The fundamental basis of security is dealing with risks, these risks are closely linked to "loopholes". The traditional perimeter-based network security architecture assumes that the people and devices in the internal network are trustworthy, which is why the security strategy focuses on building the company's digital walls. But there are a number of assumptions that you always have to make:

• There are always undiscovered weaknesses in network systems
• There are always discovered but unpatched loopholes in the system
• A hacker may always have actively taken over the organisation and systems
• Insiders are always unreliable

These four assumptions cancel out the technical methods of traditional network security by segmenting the network and building the walls. They also cancel out the abuse of trust under the perimeter-based security architecture. In addition, perimeter-based security architecture and solutions are difficult to deal with in today's network threats.

Creation of a zero-trust architecture

A new network security architecture is needed to cope with the modern and complex enterprise network infrastructure. And also to be able to deal with the increasingly severe threats in the network. Zero trust architecture arises in this context and is an inevitable evolution of security thinking and security architecture.

In the book 'Zero trust networks: Building secure systems in untrusted networks', Evan Gilman and Doug Barth define zero-trust as being built around five fundamental statements:

1. The network is always supposed to be hostile
2. External and internal threats always exist on the network
3. The location of the network is not sufficient to determine trust in a network
4. Every device, every user and every network flow is authenticated and authorised
5. The policy must be dynamic and calculated on the basis of as many data sources as possible

No person/device/application in the enterprise network should be trusted by default. The fundamental basis of trust must be based on renewed access control using proper authentication and authorisation. The zero trust architecture has changed the traditional access control mechanism, and its essence is an adaptive trusted access control based on identity.