Introduction: Know about ZTNA!
Do you know Cloud is the new Data Center and Internet is the
new Network?
It means that on-premises applications are moving to the cloud.
Not to one but to multiple clouds and these clouds are implemented as Infrastructure
as a Service (IaaS) and Software as a Service (SaaS) where corporate
applications are hosted.
Now enterprise users are free outside the office wall – they
are accessing applications from everywhere Рhome, airport, caf̩ shop, etc. Not
only corporate users, contractors, 3rd party vendors, partners, and IoT
are also part of the enterprise ecosystem. And all need application access.
These two trends are the reality of modern enterprises. This
reality comes with multiple challenges. In this article, we are going to talk
about one of them – “the Need to connect Enterprise applications in a very flexible
and secure way”. In fact, in this article, I'll cover what is the solution to this!
Zero Trust Network Access (ZTNA)
ZTNA is the set of technologies that helps modern
enterprises to have an adaptive trust model (no absolute trust). The enterprise
with ZTNA grants access to users based on granular authentication policies. This
access is least-privileged access, I mean users are given access to only what
is required for them to perform their duty. This is not the same as VPN-based
access where once a user is authenticated has full lateral access to the network.
User-to-Application Approach - Modern enterprises’ big challenge today is – how they can provide secure and flexible access to applications to their users irrespective of their locations. In the old days, security policies used to be defined using network information and it was predictable as the users were inside the office wall. But now the landscape has changed so the solution.
ZTNA allows security experts to configure the policies just
to grant access to an application, not to the corporate network. This connection
is secured using encrypted TLS tunnels established over the public Internet –
so the user-to-application access is secured.
Another important aspect of ZTNA is that it ensures once the
user is authenticated and authorized, application access is provided explicitly
to this user. It’s access to applications not to the corporate network – which sometimes
leads to lateral movement throughout the network (increased attack surface).
Key Drivers to ZTNA
Let’s examine some of the key drivers that forcing modern
enterprises to adopt ZTNA –
As the network parameter is diminishing, VPN-based access is
not able to meet the business requirement, that is to provide access to anyone
to corporate resources. More and more enterprises are phasing out remote access
VPNs in favor of ZTNA.
As applications are hosted in multi-cloud data centers, ZTNA
is a preferred authentication and authorization approach for enterprises compared
to traditional solutions that are sometimes slow and always difficult to manage
and scale to meet today’s dynamic requirements. ZTNA is not based on the network policies, but
on users, it is easy and quick to implement.
As we discussed more things and other parties are on the network
that needs application access, ZTNA ensures these users and IoT devices only
get access to applications and not to the network. Provide access based on the least-privilege
access philosophy.
Common Use Cases
VPN Alternative to provide application access to any user
Corporate Users Access – avoiding blind trust for on-prem
users and using the cloud-hosted Zero Trust brokers or on-prem private brokers for
least-privilege access
3rd Party User Access – use agentless access to
quick access to critical business applications without allowing them to access your
corporate network
Figure 1: ZTNA High-level Architecture
Hope you find it informative there is more to come on this!
Continue Reading...
