When you see the letters ZTNA, you may not immediately think cybersecurity, but you should, as those letters stand for zero-trust network access. This article explains what ZTNA is and why it is advisable for securing remote access.
Globally, work environments are re-opening to employees. Yet remote work is here to stay. The consulting firm McKinsey suggests that “the virus has broken through cultural and technological barriers that prevented remote work in the past, setting in motion a structural shift in where work takes place.”
That probably means a shift at your business, too. One obvious change is the need to provide remote access to systems and software. You may have provided employees with business laptops for use away from the office. Perhaps you added a virtual private network (VPN) to secure application access. Many businesses turned to cloud-based solutions as another answer.
Yet all this digital business transformation increases business cybersecurity risk. Remote workers want access from anywhere, anytime, from any device. While this supports convenient connections and collaborations online, the attack surface also grows.
Traditional methods verify users relying on IP addresses and network location, but security and risk-management leaders suggest this approach involves “excessive implicit trust.” That’s why ZTNA’s identity- and context-based verification is the latest trend for businesses.
What Is ZTNA?
ZTNA is an adaptive, context-based way to offer remote-worker access. Developed in 2010, zero trust security sees trust as a vulnerability. Trust undermines vigilance, according to ZTNA’s creator. Instead ZTNA has three key ideas:
Act as if you’ve been breached already.
Limit user access to just enough access and just-in-time access.
If you assume everything is a potential threat, you will verify each access attempt. ZTNA doesn’t have to replace VPN completely, but it often will, especially as ZTNA addresses hardware and bandwidth limitations of traditional VPN access.
Some businesses add multifactor authentication (MFA), too. The old model that establishes a safety perimeter based on device location is broken. Mobile and remote work have rendered it unreliable.
Why ZTNA for Remote Work?
Remote workers connect via unsecured public networks or inadequately protected home networks. They use personal devices. So, ZTNA makes sense.
ZTNA grants access based on the identity of the humans and their devices, but that’s not all. It adaptively considers contextual clues (such as time/date, geolocation, and device posture).
Adding MFA moves the verification of trust beyond single factor. For example, a hacker with stolen access credentials might get past a single-factor check, but with MFA, the hacker would also need to have access to the individual’s physical device.
A strong zero-trust strategy verifies identities across all devices and users. No individual or device earns trust simply because it is within the network. The ZTNA approach gains visibility of all devices trying to access the network. This wariness also helps the business discover malicious applications or inappropriate user actions.
ZTNA uses the least-privilege-access principle. That means people access only what they need to do their work, no more. Plus, communications are encrypted, too.
All this makes the business system more resilient. Remote workers and partners enjoy a more flexible, responsive way of gaining access. Meanwhile, the business reduces its surface attack area. Only what is needed at that moment by that particular person is exposed to the internet, and the underlying network remains protected. Hackers are prevented from being able to move through the systems and wreak more havoc.