Maintaining network visibility, orchestrating security policies, and consistently enforcing controls has become particularly challenging due to near-constant digital innovation over the last few years. Efforts to remain competitive in today’s digital marketplace have led to fractured network perimeters and the expansion of the attack surface. To address these challenges, IT teams must move toward a zero trust approach to cybersecurity.
The strain on security teams was exacerbated during the massive work-from-home shift that forced most employees to essentially operate as a branch of one. Due to increased network complexity, the need for remote connections to critical corporate resources, and the introduction of both work and personal devices on unsecured home networks, VPNs alone were not enough to securely support all the connectivity needs of remote and hybrid workforces.
Securing highly distributed networks – particularly those filled with remote workers, dynamically changing environments, and IoT devices– begins with a zero trust approach. This means trusting nothing and no one while also assuming any user or device that seeks network access has already been compromised.
With zero trust, no devices are allowed to connect to corporate resources freely. Instead, any user or device requesting access must provide validated credentials. Even then, they are only permitted to access the minimally required resources needed to do their job. By denying all unvalidated traffic by default, bad actors and compromised devices can’t even ping the network to explore its resources, let alone the rest of the network.
Organizations must adopt two critical strategies to implement a true zero trust approach to cybersecurity: zero trust access (ZTA) and zero trust network access (ZTNA).
The way ZTA works is by extending and expanding upon the perimeter access controls already in place. This includes firewalls, authentication, authorization, and accounting (AAA) services, as well as single sign-on (SSO). ZTA also adds additional levels of verification to this existing setup, such as tying access to the user’s role, physical geolocation, or even the time/day. All devices are likewise scrutinized to determine whether they are corporate or non-corporate assets, what software they are running, and whether they have the latest patches and required security solutions installed and enabled.
For network-connected devices without an end-user, such as printers, secured entryways, security cameras, HVAC systems, and other IoT solutions, a ZTA solution should also include network access control (NAC) technology for discovery, authentication, and control, in addition to also applying the same zero trust principle of least access.
Authenticating every device and user provides IT teams with up-to-date network visibility and control, enabling easy identification of anything suspicious and allowing them to take appropriate countermeasures as needed.
As the new addition to the zero trust model, ZTNA is designed for organizations and users who rely on applications. With ZTNA, any users connecting to the network on any device and from any location – including inside and outside the corporate network – are authenticated and granted access based on policy, with each user receiving the same level of protection.
ZTNA provides secure access to applications regardless of whether they are deployed in data centers or in private or public clouds. Once authenticated, users are granted access only to the requested application. The authentication process is dynamic, seamless, and transparent to the user unless they are denied access to something they do not have permission for.
IT leaders have been looking for ways to maintain network control and visibility as the network edge evolves and the threat landscape expands. The changes caused by the COVID-19 pandemic made the need for consistent network visibility and access control even more pressing. With remote work likely here to stay even as offices open up around the world, and with network complexity ever on the rise, IT and security teams must implement zero trust protections and controls to enable robust cybersecurity.
This is a summary of an article written for Forbes by Michael Xie, Founder, President, and Chief Technology Officer at Fortinet. The entire article can be accessed here.
Discover how Fortinet’s Zero-Trust Access framework allows organizations to identify, authenticate, and monitor users and devices on and off the network.