Introduction: Know about ZTNA!


Do you know Cloud is the new Data Center and Internet is the new Network?

It means that on-premises applications are moving to the cloud. Not to one but to multiple clouds and these clouds are implemented as Infrastructure as a Service (IaaS) and Software as a Service (SaaS) where corporate applications are hosted.

Now enterprise users are free outside the office wall – they are accessing applications from everywhere – home, airport, café shop, etc. Not only corporate users, contractors, 3rd party vendors, partners, and IoT are also part of the enterprise ecosystem. And all need application access.

These two trends are the reality of modern enterprises. This reality comes with multiple challenges. In this article, we are going to talk about one of them – “the Need to connect Enterprise applications in a very flexible and secure way”. In fact, in this article, I'll cover what is the solution to this!

Zero Trust Network Access (ZTNA)

ZTNA is the set of technologies that helps modern enterprises to have an adaptive trust model (no absolute trust). The enterprise with ZTNA grants access to users based on granular authentication policies. This access is least-privileged access, I mean users are given access to only what is required for them to perform their duty. This is not the same as VPN-based access where once a user is authenticated has full lateral access to the network.

User-to-Application Approach - Modern enterprises’ big challenge today is – how they can provide secure and flexible access to applications to their users irrespective of their locations. In the old days, security policies used to be defined using network information and it was predictable as the users were inside the office wall. But now the landscape has changed so the solution.

ZTNA allows security experts to configure the policies just to grant access to an application, not to the corporate network. This connection is secured using encrypted TLS tunnels established over the public Internet – so the user-to-application access is secured.

Another important aspect of ZTNA is that it ensures once the user is authenticated and authorized, application access is provided explicitly to this user. It’s access to applications not to the corporate network – which sometimes leads to lateral movement throughout the network (increased attack surface).

Key Drivers to ZTNA

Let’s examine some of the key drivers that forcing modern enterprises to adopt ZTNA –

As the network parameter is diminishing, VPN-based access is not able to meet the business requirement, that is to provide access to anyone to corporate resources. More and more enterprises are phasing out remote access VPNs in favor of ZTNA.

As applications are hosted in multi-cloud data centers, ZTNA is a preferred authentication and authorization approach for enterprises compared to traditional solutions that are sometimes slow and always difficult to manage and scale to meet today’s dynamic requirements.  ZTNA is not based on the network policies, but on users, it is easy and quick to implement.

As we discussed more things and other parties are on the network that needs application access, ZTNA ensures these users and IoT devices only get access to applications and not to the network. Provide access based on the least-privilege access philosophy.  

Common Use Cases

VPN Alternative to provide application access to any user

Corporate Users Access – avoiding blind trust for on-prem users and using the cloud-hosted Zero Trust brokers or on-prem private brokers for least-privilege access

3rd Party User Access – use agentless access to quick access to critical business applications without allowing them to access your corporate network

Figure 1: ZTNA High-level Architecture

Hope you find it informative there is more to come on this!

Continue Reading...