Security Experts:

Working Securely From Anywhere With Zero Trust

Over the past year, two things have become clear. First, the network infrastructure organizations need to operate in today’s increasingly digital world will continue to evolve. And second, rather than “returning to normal,” the future will be even more fragmented than ever. Users will need faster access to a growing number of applications and resources deployed across an increasingly distributed infrastructure. Those applications will continue to deliver richer and more complex data. And they will need to do this from a wider variety of devices and locations and at faster and faster speeds. 

Maintaining such capabilities is a critical challenge for any organization hoping to compete successfully in today’s global digital marketplace. This puts increasing pressure on IT teams to build systems capable of delivering optimal performance while maintaining security. However, one of the biggest challenges those teams face is that security and performance are often not compatible. Achieving consistent policy orchestration and enforcement across an increasingly distributed infrastructure is already challenging. Delivering those protections—including the inspection of rich streaming media—without impacting user experience is often impossible, especially when the security infrastructure is built around a portfolio of isolated and disjointed point products.

Worse, cybercriminals have quickly modified and adapted their attack strategies and technologies to exploit rapidly expanding attack surfaces. Inconsistent security solutions and enforcement often result in security gaps that can be exploited. Visibility and control become fragmented because security deployed in different environments cannot seamlessly interoperate. And traditional, perimeter-focused protections mean that once the network has been breached, attackers often lurk inside networks for days or months—and though average “dwell time” has decreased in recent years, any amount of time inside a network allows criminals to move laterally to detect, steal, and encrypt critical resources. 

Moving to a Zero Trust Architecture

What’s needed is a new approach to security. Security solutions need to work consistently across the various edges that comprise a modern network as well as follow applications and data beyond the perimeter. This allows enforcement and monitoring to follow critical transactions end to end. For many organizations, Zero Trust Access (ZTA) is the glue that can hold these new highly dynamic networks together.

ZTA is not just about perimeter control and securing connections. It is foundational to business success. ZTA can establish and maintain consistent protection, visibility, and control across today’s hybrid and highly distributed networks. And because it can be broadly deployed and universally managed, it is crucial for securing access to everything, whether inside or outside the core network. And its ability to secure and monitor any user or device seeking access to any resource means it is essential to the future of connectivity, enabling and protecting the ways we work, learn, collaborate, and interact with our digital world. 

Augmenting ZTA with Zero Trust Network Access

And now, many organizations are looking to make what was assumed to be a temporary remote worker strategy permanent. According to a recent report from Gartner, thirty-two percent of all workers worldwide are expected to be working remotely in 2022, representing nearly half of all knowledge workers. And seventy percent of those will be hybrid workers, working at least one full day a week from a home office. 

Empowering workers to move between different work environments has critical implications for maintaining consistent user experience and security. Many organizations that quickly implemented a remote worker strategy last year found they had to trade the protections provided by the enterprise-grade security solutions inside their LAN for little more than a VPN connection from an undersecured home network. Cybercriminals have been quick to exploit that trend, switching from a network-centric attack strategy to targeting older, unpatched consumer-grade solutions over just a few weeks in early 2020. 

Zero Trust Network Access (ZTNA) augments ZTA by extending secure access controls to critical applications for any user or device, per use, whether they are on or off the network. Like ZTA, ZTNA checks the credentials of a user and device to ensure they have permission to access an application. It then automatically creates a secure connection and logs and monitors the transaction.

What to look for in a ZTNA solution

There are a growing number of ZTNA solutions on the market. And as with all new technology, the features and functions they provide can vary widely. Organizations considering ZTNA should look for these three essential components as a minimum when evaluating any solution.

• The ZTNA application access policy and verification process should be the same whether a user is on or off the network. This ensures consistent protections as well as an optimal user experience. By default, users on the network should be assumed to be no more trustworthy than those off the network. By extending traditional ZTA network access controls to per-request application usage, systems administrators know who and what is on the network and which applications they are currently using. And all transactions and usage are constantly being monitored and inspected. 

• A ZTNA solution should automatically generate an encrypted tunnel for instantaneous, secure connectivity from the user device to the ZTNA application proxy point the moment access to an application is initiated. 

• The most effective hybrid work strategy is for security and networking to be integrated. ZTNA should be able to be seamlessly integrated with things like SD-WAN, SASE, and cloud-based security to ensure consistent protection. And it should work with any transport method or network, including broadband, LTE, and 5G. By creating a unified, security-driven networking strategy, where security and networking function as a unified solution, organizations can automatically adapt to inevitable changes and expansion without compromising access or security. This allows security and connectivity to automatically adjust and scale whenever the network evolves or expands.

ZTA and ZTNA Support Today’s Dynamically Evolving Networks

Networks will not only continue to change and expand, but they will also do so at an increasingly accelerated rate. Traditional security solutions and strategies struggle to keep up. Fully integrated solutions like ZTA and ZTNA built around a security-driven networking strategy enable organizations to refocus security on access and transactions rather than static perimeters. This allows the underlying network structure to evolve and adapt to enhance user experience without impacting protections.

view counter
John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.