ZTNA is eating the security world. Earlier in 2022, Gartner released its newest Market Guide for Zero Trust Network Access (ZTNA) naming Perimeter 81 as a Representative Vendor in the report. Zero Trust is all the rage right now, and demand will only increase as old school VPN-only approaches move out and ZTNA strategies move in. “The ZTNA market has continued to mature and grow at a rapid pace,” Gartner said in its Market Guide. “In our Forecast: Enterprise Network Equipment by Market Segment, Worldwide, 2019-2025, 4Q21 update, Gartner captured a 60% YoY growth rate for ZTNA.”
In a separate announcement, Gartner also predicted that “60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits.” That’s just a few years from this writing, which suggests a more rapid adoption of new security practices than we’re used to seeing from large organizations.
All the fuss over ZTNA and its potential for rapid adoption becomes clear once you see the benefits of this strategy. Under the old model, most corporate resources were on-premises and employees connected through a VPN. Then once they were in the network that was pretty much it. People ended up with wider access than they needed, which in turn made a threat actor’s job easier if they ever harvested user credentials.
The ZTNA approach, by contrast, divides users into groups and provides access only to what they need to do their job. That sounds a lot like the least privileged access security posture where a company limits an employee or third-party vendor to specific apps or data. ZTNA takes this idea further, however, and says that not only will we provide least privileged access, we’ll also start from the position of never trust, always verify.
Instead of allowing anyone to access resources if they have the right login and multi-factor authentication token, ZTNA also checks other attributes such as the time and date of the request, the location, and the status of the device making the request.
That latter point is known as device posture check (DPC), and it’s one of the major advantages of a ZTNA approach. A DPC implementation evaluates devices on a per-user basis so that employees can only access certain company assets from, say, their work laptop, while other resources are accessible on a phone or employee-owned laptop at home. On top of that, corporate devices can be monitored for key attributes such as a specific antivirus suite, a minimum required operating system update, or the presence of a custom security certificate.
That’s just for starters. After authenticating the user, a solid ZTNA solution keeps tabs on the user’s status to make sure that all policies, including DPC, remain in force. That means ZTNA isn’t just about verifying legitimate devices trying to get inside a company’s network perimeter or cloud resources, it’s also about maintaining that verification once they’re in.
ZTNA solutions are typically easier to implement than on-prem hardware strategies; however, planning is key. As Gartner said in its top cybersecurity predictions for 2022-23, “60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits.”
To be part of that successful minority, develop a transition plan with clear outcomes and an understanding of how Zero Trust benefits the business. That can go a long way to achieving a successful switch.
In its Market Guide, Gartner recommends that you, “Establish a high-level zero trust strategy first and ensure that your identity and access management technologies and processes are well understood and mature before selecting and implementing a ZTNA solution.”
Zero Trust implementations are more successful once certain prerequisites are in place such as the use of a single sign-on (SSO) provider, and well understood roles for user groups within a network.
Starting the move to ZTNA incrementally with a small group of users is also a good idea. Providing agentless access to third parties via ZTNA web portals, for example, is an easy place to start. This has the added benefit of boosting the security of DMZ applications that are accessible via the public Internet. “When replacing applications exposed in DMZs with ZTNA, services are no longer visible on the public internet and are thus shielded from attackers,” Gartner said in its Market Guide.
Once working with the ZTNA solution becomes better understood you can deploy it to a wider user base such as a department or entire organization.
At Perimeter 81, ZTNA is an essential part of our radically simple solution to secure corporate networks. We make it easy to start with a small number of licenses, and then expand as your needs grow.
We’ve also worked hard to make it simple to deploy; many of our customers find they can fully transition to our platform within days, if not hours.
We support a wide variety of SSO providers such as Google, Jumpcloud, Microsoft, Okta, and OneLogin, and our DPC feature is customizable to suit your company’s device policy requirements. Our agentless, web-based access also extends Zero Trust principles to vendors and outside contractors.
Combine all that with data centers around the world to mitigate latency issues, and you will see the benefits of total network awareness from a single pane of glass with Perimeter 81’s Zero Trust Network Access.
If you’d like to read Gartner findings in full, check out the complete Market Guide for Zero Trust Network Access.
Gartner Press Release, “[Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23],” [June 21, 2022]. [https://www.gartner.com/en/newsroom/press-releases/2022-06-21-gartner-unveils-the-top-eight-cybersecurity-predictio]. Gartner, Market Guide for Zero Trust Network Access, Aaron McQuaid, Neil MacDonald, John Watts, Shilpi Handa, 17 February 2022 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.