The season of ice and snow has arrived in North America and after a year of confinement, when you see the typical photos related to working from anywhere, it’s easy to be jealous. The image of a person writing lines of code or peerless prose from a white sand beach in the Caribbean might seem like just a fantasy when you’re staring out the window at torrents of freezing rain.
Although your home office may not have an ocean view, hybrid and flexible work environments are becoming the new norm. Work from Anywhere (WFA) is quickly being adopted by many organizations as the new ideal work model because it improves employee productivity and overall work satisfaction. For many employees, one of the only silver linings of the pandemic is enhanced work flexibility.
However, implementing WFA isn’t easy without the security capabilities zero-trust network access (ZTNA) brings to the table. In fact, WFA is essentially the use case ZTNA was designed to support. ZTNA can make WFA a reality because it provides the same security no matter where someone is located, and it reduces the attack surface by hiding applications from the internet behind a proxy point.
Implementing WFA securely goes beyond simply working from home. The goal is to keep users productive and secure as they move to different locations. Whether they’re working from the road or a home office, they need secure access to applications and resources that may be located in the cloud or data center. The key to keeping everything consistent is to unify ZTNA, endpoint, and network security with a common set of APIs and integration points. From a security standpoint, the situation may be different depending on the location, but the user experience and protection need to be consistent no matter where the users are connecting from or what applications and services they need to access.
Employees who work remotely all or part of the time generally log in from a specific location, such as their home office. Their setup might include a home network and hardware that facilitates their work, including a monitor and webcam. That said, connecting to a home network introduces risks from everything else that is connected to it, such as non-secure Internet-of-Things (IoT) devices or other users. Those users could be streaming video or gaming, which introduces potential vulnerabilities because their connections are generally outside corporate network security and control.
Because ZTNA creates a secure tunnel, it insulates the user from other issues that may plague their home network. The ZTNA client on the endpoint will make the secure tunnel, and can then provide the device identity and report on the status of that endpoint. This helps determine if that specific device should get access to the requested application.
When employees travel, they often have to connect using unknown and potentially unsecured networks that are vastly less secure than a corporate office or remote workspace. Connecting to work applications and resources can introduce new threats, such as exposing communications to hackers and revealing exploitable devices that could be used to launch attacks. Because ZTNA only gives access to people and devices that should be accessing the network, it keeps out those that shouldn’t be there. Once entities are connected, it also provides visibility and control. By engaging in per-session device posture checks, ZTNA also makes sure that if a device is compromised while traveling, it will be detected quickly.
Even in a corporate environment, consistent security is an important aspect of a layered defense. ZTNA provides seamless access to applications no matter where the user or the application may be located, including the office. Even when in the office, users must provide access credentials such as multi-factor authentication (MFA) and endpoint validation. Once connected, they only receive the least-privileged access, which means they can access only the applications they need to perform their jobs and nothing else.
Work from Anywhere demonstrates how important it is for organizations to have the same security protection and control no matter where someone may be physically located. Users at many organizations often need access to both cloud and non-cloud resources, and consistent protocols and policies must be implemented across the entire network. To meet this need, organizations running hybrid networks need flexible ZTNA solutions that aren’t cloud-only. It’s even better if ZTNA and SD-WAN are integrated into the same solution (without additional licenses or fees) to also ensure a better quality of experience for users.
Because it shouldn’t matter where a user is working. The same zero-trust security should apply everywhere and offer a consistent experience for users, whether they’re sitting in a lounge chair on a beach or at a desk in their home office.
Discover how Fortinet’s Zero Trust Access framework allows organizations to identify, authenticate, and monitor users and devices on and off the network. Read more about why the Fortinet Security Fabric is the industry’s highest-performing cybersecurity mesh platform.