We reside in a world the place work is an exercise, not a spot. Following the pandemic’s wake, greater than three-quarters of worldwide employees expressed that they need the choice to do business from home at the very least part-time. For organizations massive and small, this implies absolutely embracing hybrid work. Equally, most of our functions have moved from the safety of the non-public information middle to the cloud. This pattern has been accelerating, with 80% of organizations embracing hybrid cloud methods. The flexibility to supply safe, seamless entry to all functions from anyplace has by no means been extra essential.
Beforehand, we secured the organizations by deploying quite a few safety home equipment inside non-public information facilities—like firewalls and internet proxies—and funneling all site visitors by them. Now that the majority functions and customers have left the constructing, customers join on to functions moderately than heading into company headquarters or a department workplace to entry the apps they should do their jobs.
This direct-to-app shift dramatically will increase the assault floor, requiring extra safety and entry controls to guard functions and information. In an effort to regain management over the increasing assault floor, zero belief community entry (ZTNA) options emerged.
The Limitations of ZTNA 1.0
Legacy ZTNA options have been launched nearly a decade in the past when the menace panorama, company networks, and the way and the place folks labored have been vastly totally different. These legacy options, generally known as ZTNA 1.0, not align with the realities of labor, and malicious actors know the best way to exploit the gaps inside them.
ZTNA 1.0 gives organizations minimal safety because the applied sciences function as a primary entry dealer. When a consumer requests entry to an utility, the dealer verifies whether or not the consumer has permission to entry an utility. As soon as the permission is verified, the dealer grants entry, establishing a connection between consumer and utility. And…that’s it. The consumer’s session is now “trusted,” so the dealer goes away, leaving the consumer with full entry to the appliance with none extra monitoring or scrutiny.
That is the architectural mannequin of ZTNA 1.0. This mannequin isn’t simply problematic; within the context of at the moment’s menace panorama, it’s harmful. Listed here are 5 ways in which ZTNA 1.0 places organizations in danger:
- Violates the precept of least privilege: ZTNA 1.0 is overly permissive, granting entry to functions primarily based on outdated constructs like IP handle and port numbers. This legacy strategy doesn’t present entry management to sub-applications or particular app features.
- Permits and ignores: As soon as entry to an utility is granted, ZTNA 1.0 implicitly trusts no matter or whoever accessed the appliance with out monitoring consumer, utility, or gadget conduct adjustments.
- No safety inspection: ZTNA 1.0 can’t detect or forestall malware or lateral motion throughout connections. It focuses on utility entry, not securing site visitors to and from functions.
- Doesn’t defend all enterprise information: ZTNA 1.0 doesn’t present visibility or information management, leaving enterprises susceptible to the chance of information exfiltration from attackers or malicious insiders.
- Can’t safe all functions: ZTNA 1.0 solely secures a subset of personal functions that use static ports, leaving non-public functions that use dynamic ports, cloud-native functions, or SaaS functions unprotected.
ZTNA 2.0 is a greater approach to defend everybody and every thing, in all places
Preserving firm information safe is tough now that work will be completed in all places. ZTNA 2.0 options provide infinite scalability and full and constant safety for perimeterless organizations with:
- Least privilege entry: ZTNA 2.0 permits exact entry management on the utility and sub-application ranges, unbiased of community constructs like IP and port numbers.
- Steady belief verification: After entry to an utility is granted, ZTNA 2.0 gives steady belief evaluation primarily based on adjustments in gadget posture, consumer conduct, and utility conduct.
- Steady safety inspection: ZTNA 2.0 makes use of deep and ongoing inspection of all utility site visitors, even for allowed connections. This helps forestall all threats, together with zero-day threats.
- Safety of all information: ZTNA 2.0 gives constant management of information throughout all functions, together with non-public functions and SaaS functions, with a single information loss prevention (DLP) coverage.
- Safety for all functions: ZTNA 2.0 persistently secures all varieties of functions used throughout the enterprise, together with fashionable cloud-native functions, legacy non-public functions, and SaaS functions.
Watch our ZTNA 2.0 launch occasion to study improvements and greatest practices for securing the hybrid workforce with ZTNA 2.0.
Kumar Ramachandran serves as Senior Vice President of Merchandise for Safe Entry Service Edge (SASE) merchandise at Palo Alto Networks. Kumar co-founded CloudGenix in March 2013 and was its CEO, establishing the SD-WAN class. Previous to founding CloudGenix, Kumar held management roles in Product Administration and Advertising and marketing for the multi-billion greenback department routing and WAN optimization companies at Cisco. Previous to Cisco, he managed functions and infrastructure for corporations corresponding to Citibank and Providian Monetary. Kumar holds an MBA from UC Berkeley Haas College of Enterprise and a Grasp’s in Pc Science from the College of Bombay.
