ZTNA - What is it and why do you want it?
The abbreviation ZTNA stands for Zero Trust Network Access. This is also called a software-defined perimeter or SDP. It ensures that you give secure access to private applications without giving the user access to the enterprise network.
Why do enterprises want a ZTNA?
Everything is being moved to the cloud and more and more sensitive data is being stored in this cloud. In the past, it was possible to secure a network by securing the connection to the internet with a firewall. Nowadays users work from home or on the road and the data itself can be in the office or stored in a cloud application. As a result, a simple firewall as a digital guardian no longer suffices.
External attacks and internal threats are increasing every day. These attacks and threats have increased security awareness in all industries and security investments are growing. However, the security effect is not so satisfactory, one security incident after another is coming to light. ZTNA is a must if an organisation as a whole is to be properly protected, wherever the users and the data are.
The zero-trust network architecture has set up a dynamic, digital identity-based perimeter with four important properties:
- Access based on identity
- Secure access to files and applications
- Continuous evaluation of the user and his access throughout the day
- Strong access control
Trust is the problem
The main cause of the failure of traditional security architecture is trust. The fundamental basis of security is dealing with risks, these risks are closely linked to "loopholes". The traditional perimeter-based network security architecture assumes that the people and devices in the internal network are trustworthy, which is why the security strategy focuses on building the company's digital walls. But there are a number of assumptions that you always have to make:
- There are always undiscovered weaknesses in network systems
- There are always discovered but unpatched loopholes in the system
- A hacker may always have actively taken over the organisation and systems
- Insiders are always unreliable
These four assumptions cancel out the technical methods of traditional network security by segmenting the network and building the walls. They also cancel out the abuse of trust under the perimeter-based security architecture. In addition, perimeter-based security architecture and solutions are difficult to deal with in today's network threats.
Creation of a zero-trust architecture
A new network security architecture is needed to cope with the modern and complex enterprise network infrastructure. And also to be able to deal with the increasingly severe threats in the network. Zero trust architecture arises in this context and is an inevitable evolution of security thinking and security architecture.
In the book 'Zero trust networks: Building secure systems in untrusted networks', Evan Gilman and Doug Barth define zero-trust as being built around five fundamental statements:
- The network is always supposed to be hostile
- External and internal threats always exist on the network
- The location of the network is not sufficient to determine trust in a network
- Every device, every user and every network flow is authenticated and authorised
- The policy must be dynamic and calculated on the basis of as many data sources as possible
No person/device/application in the enterprise network should be trusted by default. The fundamental basis of trust must be based on renewed access control using proper authentication and authorisation. The zero trust architecture has changed the traditional access control mechanism, and its essence is an adaptive trusted access control based on identity.
ZTNA partner of Nomios
We have partnerships with various suppliers who provide Zero Trust Network Access with various techniques such as IoT endpoint protection, device protection, identity & access management and next-generation firewalls.
Related news & blogs
Mist AI Enterprise networking
Back to the office with a strong Wi-Fi connection
With hybrid working, the use of workstations is becoming increasingly flexible. One consequence is that the existing Wi-Fi network is more heavily loaded than before. Is the network ready for this?
Zero-Trust Palo Alto Networks
Why Zero Trust is essential in a post-pandemic world
The rapid transformation to hybrid work and hybrid networks/clouds has exposed weaknesses in the first ZTNA approaches in this post-pandemic world.
Kumar Ramachandran from Palo Alto
OT security Fortinet
Global OT and cybersecurity report outlines key challenges for industrial organisations
Fortinet released the 2022 State of Operational Technology and Cybersecurity Report. The global report highlights the current state of OT security and provides a roadmap to better secure OT organisations.