ZTNA; Improved connectivity & security for remote users

Remote access challenges

During the last twelve months countless businesses have dramatically increased their network surface via the unprecedented rollout of remote working capability. Employees whose role can be carried out from home are now almost certainly connecting back into their business via remote VPN capability. Where remote working was once the exception, it has now rapidly become the convention.

Most organisations purchased a VPN solution to gain remote connectivity into their network to serve a minority subset of users that travelled for their job or sometimes worked away from the office on an occasional basis. Both scenarios are typical of VPN deployments in the main and solutions were sized accordingly. Until 2020 it was extremely rare that remote users outnumbered those sat in the HQ or branch office behind a perimeter firewall and as such many VPN solutions struggle to serve the increased capacity needs of todays distributed workforce model.

Additionally, the mass move away from centralised workloads presents another set of problems.  If we consider the need for remote users to connect to both on premise and cloud infrastructure, access SaaS applications, plus provide some level of user device flexibility, the challenge of suitable remote user access begins to become quite a challenge. This type of hybrid requirement presents considerable issues from a security, performance, and user experience perspective, issues that all now manifest in our newly expanded and distributed environments.

Remote access for today

It is the move to cloud that has largely redefined the network perimeter and shifted focus away from the data centre. Prior to 2020, many businesses were happy to serve their remote users as was and continue with a compromise to maintain legacy VPN type access, primarily because it worked to an acceptable level but also because user quantities were low and therefore the compromise was easy to manage.

The cloud and the distributed working model requires a very different approach to remote access. More flexible but equally secure connectivity is needed to protect the larger numbers of remote users and also accommodate the different types of connections we need for on-premise, data centre, Cloud, SaaS, IaaS etc. etc. The SASE model (SASE Explained) talks about Zero Trust Network Access (ZTNA) for remote connections. ZTNA delivers a more scalable solution with distinct and enhanced security rules and monitoring per connection or resource session. This is ideal for our now commonplace hybrid environments where security needs vary depending on what the user is accessing.

Benefits of ZTNA

ZTNA is an innovative remote user connectivity solution that provides secure access to applications and workloads. Access can be from any device or location and can continuously be verified so that only the right person, with the right device, and the right permissions can access company data, applications or infrastructure. ZTNA massively improves device and access security and simplifies the user authentication process for disparate connections, thereby improving the user experience, reducing breach risk, increasing performance and overall employee productivity.

ZTNA also provides better management capabilities that allow easy on-boarding of users and methods to control their access via global policies across public, private, and hybrid environments. Monitoring of ZTNA connections gives insightful data and in-solution reporting tools provide full visibility into enterprise resource access. Logs are maintained for compliance delivering audit trail and reports of system access across the entire organisation.

Summary

In 2020 cloud delivered services reached a new peak and we saw unprecedented change in our IT landscapes. The needs of our businesses and users has evolved, and thankfully so too have the technologies that can better support us through these changes. Businesses must guide themselves through the challenges and demands of workforce movements and the disparate services they access to provide better security regardless of device type, user location or the role our users perform.

Gartner reports that by 2022, 80% of new digital business applications will be accessed through ZTNA, for more on SASE and ZTNA;

https://blogs.gartner.com/andrew-lerner/2021/03/26/checking-in-on-sase/?_ga=2.257875464.223662595.1618474823-266010466.1618474823

https://www.networkworld.com/article/3574014/what-is-sase-a-cloud-service-that-marries-sd-wan-with-security.html

https://www.gartner.com/en/information-technology/glossary/zero-trust-network-access-ztna-

https://www.networkworld.com/article/3611530/zero-trust-network-access-the-evolution-of-vpn.html

To check out our other cyber security blogs click here.

Blog written by Howard Johnson, Cyber Practice Lead – https://www.linkedin.com/in/johnsonhoward.