ZTNA: A Blueprint for Securely Granting Network Access

It’s ironic that trust is a common theme in cybersecurity since even an unintentional network breach may cause a company to lose trust in its employees.  For many tech-forward organizations, the fear of losing control becomes more pronounced with each new breach that hits the headlines.

Although the fear of a network breach has not yet reached some industries, for network security professionals it is not a new phenomenon. Whether from malware, ransomware, or a classic unauthorized access network breach like the 2019 Capital One hack, many network professionals have little optimism concerning their corporate or personal cybersecurity. Fortunately, the mere awareness of vulnerability is the first step to improving your safety and it enables you to take pragmatic steps to secure your data. 

Rethinking Network Security 

Until recently, corporate IT and security teams were primarily focused on defending the corporate network from attacks on the perimeter. While this was the right approach when everyone worked inside the same corporate office, the workforce has dramatically changed. COVID-19 accelerated the “work from anywhere” trend, making remote work commonplace or even the standard for many companies. As countries emerge from the COVID-19 restrictions, many companies and industries will continue with a hybrid working environment in which employees will work from home 2-3 days a week. 

With more employees working outside the physical office, hackers have a much larger attack surface. In addition, employees often use multiple devices to perform their job, including personal devices such as mobile phones or USB storage devices. While most of these devices are probably secure, this cannot be taken for granted. Each unsecured device is an unnecessary risk and a potential source of a catastrophic network breach.

IT and security teams need to modify their network security strategies and build them around the location of each user rather than the location of the network. Instead of emphasizing perimeter security, they need to control employees’ network access and grant permissions for specific network resources when needed.

One of the most common mistakes organizations make is granting unrestricted access to any user that is authorized. If a user or part of an organization is compromised, their authorized credentials can enable a hacker or virus to infiltrate the entirety of the network. 

So how can you stop this?

Zero Trust: Helping Us Trust Again 

The Zero Trust model (“never trust, always verify”) has become a popular method for securing network access since it was first proposed by Forrester in 2010. The basic premise is that no user should be trusted with network access until they can be verified. Implementing Zero Trust is done through setting up organizational guidelines regarding access to company networking resources and using Zero Trush Network Access (ZTNA) products and services to create secure boundaries around applications and granting access based on user identities and context.

By implementing the ZTNA model for secure network access, IT teams can have full control over who accesses the network at all times. ZTNA lets you create specific rules and policies that ensure that each network segment, resource, or application is accessible only after a user has been vetted or authenticated using multi-factor authentication and device management verification. Even once access is granted, it is restricted to specific network segments using software-defined architecture to limit the damage of a network breach.