Today, more organizations are offering the option to work from home, in the office or a mix of both, and company leaders are being forced to contend with the issues that come with this work landscape, looking for options to increase protection and achieve airtight cybersecurity.
Aaron Kiemele is Chief Information Security Officer at Jamf.
When many employees were forced to work from home during the COVID-19 pandemic lockdown, organizations quickly found their security measures were lacking in a new work-from-anywhere environment. Now, it’s out with the old solutions like VPNs, and in with the new. Enter Zero Trust Network Access (ZTNA).
ZTNA operates on a model that does not grant immediate or ongoing trust to any user, instead granting application access on a strictly need-to-know basis. ZTNA technology zeroes in on each individual user and device, rather than allowing full access to any given network. It’s a tighter way to keep a company (and users) safe, working on an individual basis to determine whether an access request is trustworthy at a particular moment in time. ZTNA determines if a user or device is suspicious by looking at a number of factors, giving you visibility into whether device security is put at risk due to an unintentional slip up, one that could allow outsiders into a company’s network and data.
Essentially, the ZTNA model has moved forward from trusting the entity to only trusting the transaction. There are a variety of reasons for companies to consider switching to ZTNA—here are a few.
Ideal for work-from-anywhere
Flexibility has proven an important tool in achieving work-life balance, and many employees have shown they’re just as productive at home as they are in the office. While some companies are returning to full in-house operations, many will continue to offer remote work options for employees.
However, working from anywhere exposes companies to expanded risk, particularly as employees operate from multiple devices across multiple networks. VPNs and other traditional security simply can’t keep up with emerging risks because of its cumbersome configuration and limited flexibility. ZTNA, on the other hand, allows configurable and precise access to applications across networks, with quick and seamless checks along the way. This prevents any nefarious actors or malware from accessing an entire network at once—it’s far easier to detect attempted untrustworthy activity when users, devices, and services are making security decisions at each step along the way.
Enhanced security gives companies and employees the freedom to safely work from home, on other private networks or in a public setting without having to worry or be burdened by cumbersome processes.
Enhanced ability to work from any device
Just as ZTNA reduces a user’s and organization’s risk by limiting the scope of any authentication to a limited application or service, it also gives employees the freedom to work from any device without compromising productivity OR security. From smartphones to tablets, personal laptops to company computers, the average employee accesses sensitive company data across a multitude of devices. It’s an important development in the work-from-anywhere model, and one employees rely on to complete tasks and communicate outside of an office setting.
The core philosophy of ZTNA is that trust is not given, it is earned through deep visibility into device posture and authorization. After all, devices can be stolen, multiple people may operate on one device, and mistakes happen. By requiring devices to pass security checks each time a device requests access to an application, company leaders can rest easy, even while knowing their employees operate across multiple devices.
Protects companies from sophisticated attacks
Cyber-attacks are becoming more frequent and sophisticated as criminals take advantage of existing and emerging vulnerabilities around the world. There is no longer a hard shell - soft center, no single point of ingress that could allow an evildoer access to enter an entire network. It lets you segment resources at a very granular level. It removes firewalls as potential keys to the kingdom.
Additionally, in a zero trust world, lateral movement and privilege escalation are much less likely. With constant iterative reevaluation of trust, an attacker can’t take the one thing they acquired and leverage it to access your neighbor’s machine - they are also going to be expected to have a good systems posture, authorization and repeated authentication to services/data. Hackers are extremely familiar with VPNs, how they work and how to exploit the weaknesses inherent to those systems. Often this weakness is single check or basic authentication that once complete grants trust to all future activity.
VPNs are also expensive and only solve network access security issues—if someone can hack or exploit their way into the VPN, they may gain access to an entire host of applications and sensitive data. VPNs are also expensive and neglect to account for authentication of users or devices.
ZTNA, on the other hand, adds several layers of protection against increasingly sophisticated criminal efforts. Many companies have taken notice—a Gartner report found that by 2022, 80 percent of new digital business applications will be accessed through ZTNA. Further, the same study found that by 2023, 60 percent of enterprises will phase out most of their VPNs, trading them in for ZTNA.
To protect against data breaches, it’s essential to consistently be improving your security posture to keep up with the criminals who are constantly improving their capabilities. You can’t use yesterday’s technology to solve for tomorrow’s problems. The ZTNA model provides that protection in a far more secure way than VPNs, as it is not a single gatekeeper for all your data, but a real process for ensuring continuous monitoring, evaluation and RE-evaluation of the trust you are leveraging to access a resource. It’s the kind of protection users want, presented in a streamlined fashion that can give both users and organizations peace of mind.
Networks have to be secure, but that security shouldn’t prevent innovation and forward movement in business. The purpose of ZTNA technology isn’t to stop users from accessing company data—it’s to empower organizations to move at the speed of business to improve operations, without constantly worrying about the next security breach.
