3 minute read
ZTNA is Evolving to Deal With the Threat Landscape
Do you believe that enterprise IT departments today require a new way of thinking because the castle itself no longer exists in isolation as it once did? In some ways, it does require new thinking, in what and who you can trust. In other ways, the same thinking still applies: that you need to protect your network from unauthorized access. Whether your network is still largely centralized and surrounded by a castle wall and moat, or highly distributed with infrastructure and applications in the cloud and users working remotely, you still need to protect it.
So that hasn’t changed. What has changed is how you best protect it - who and what can you trust? Can you trust a user’s credentials? No. You need to verify they are who they say they are. Can you trust their device is compliant and risk free? No. You need to verify it’s healthy and compliant. Even then, should you trust them to access whatever they want on the network? No. You need to only allow access to specific applications or resources that individual users need to do their jobs. This should not be new thinking, but it is for many.
Advertisement
How can companies get started with zero trust?
Getting started with zero trust these days is very easy. You will need to have a few prerequisites such as applications you host or own either in the cloud or on-premise that you need to protect and control access to. You’ll also need an identity provider (or IDP) such as Azure Active Directory to facilitate authentication and MFA.
Then you’ll need to pick a ZTNA solution vendor: Look for one that offers an integrated agent for your desktop AV protection and ZTNA in a single agent, a cloud based solution to make deployment easy, and a single cloud management console that allows you to manage all your cybersecurity products together using a single pane of glass. Then start by evaluating it yourself, using it to access one application you use often. See how easy it is to setup, to manage, and how seamless and secure it can be. Then roll it out to more of your users when you’re ready.
How has the Zero Trust Network Architecture evolved since it was first coined in 2010?
Zero Trust, like cybersecurity protection mechanisms, is continually evolving to deal with the threat landscape. Zero Trust architecture and approaches for zero trust have manifested themselves more predominantly into product features with a natural evolution of products that have been designed with zero trust principles at the core.
It’s important to keep in mind that Zero Trust architecture provides guiding principles and no single product deployment will make your environment “Zero Trust”. Vendors have made concerted strides to discuss how their products and approaches support zero-trust environments.
Do you believe that technologies that support zero trust are moving into the mainstream?
Many organizations are challenged with securing their environment but when their environment is no longer centralized but rather quite distributed in terms of where their data, applications, and users live, historical approaches are found wanting. We’ve seen a rapid evolution of solutions and products that support zero trust in recent years.
As one example, the challenge of providing secure application access has taken the front stage with the evolution of ZTNA. Security-minded organizations are looking to remove the implicit trust that comes with VPN-esque style deployments, recognizing the benefits that come from removing endpoint from the network and providing them with discrete application access instead of broad network access.
Industry experts have warned that cyber-attacks will be focused on techniques that zero trust controls can’t mitigate. What according to you can be done to address this?
Cybersecurity is certainly a challenging problem for many organizations which is why it also attracts a lot of talent to help combat the dynamic threat landscape. I think it’s important to understand that there are no silver bullets when it comes to dealing with the complex nature of cyber attacks.
Zero trust approaches help prevent and mitigate the damage from a diverse set of threats. For example, a common technique for malware is to use lateral movement within a network to identify other assets for compromise. By removing the ability for a given host to easily navigate the networking, including assets that the device doesn’t need access to, you help mitigate the blast radius for an impacted host.
