When it comes to securing a ‘single branch’, integration and coordination are important
Today, the need for security is at an all-time high. Huge, high-profile ransomware attacks are all too often in the news, so it’s no surprise that cybersecurity professionals go out of their way to secure their networks. Many people frantically buy all new solutions, but launching multi-point products to the problem is not the answer. Too many products inevitably lead to too much complexity. Managing multiple vendors and products with little integration or coordination can turn into a tedious mess. A well-integrated platform, especially a platform designed with open APIs and common standards to allow true interoperability with third-party solutions, is a much more effective strategy. And it’s definitely easier to manage.
With more people working from anywhere and the resulting increase in the number of network edges, the complexity will only increase because each remote user is effectively a “branch of one.” But even these smallest remote sites still need continuous threat protection with constant security. And whenever you talk about the edge of the network, you have to think about network access. Traditional VPNs simply don’t provide the functionality that today’s networks require. You need to know and control everyone and everything, both on and off the network.
Users on different devices consume a variety of cloud applications, so making sure you have a consistent security solution that can cover the endpoint across all edges of the network and the cloud is critical. In today’s distributed environments, a collection of point products can never give you the control and visibility management you need. On the other hand, a comprehensive cybersecurity platform provides endpoint, edge, user security, so that you have simple and efficient management and strong security in place for you. ensure an optimal user experience, regardless of where a user is located. .
It starts with not trusting anyone
The concept of zero trust has been around for a long time, but it is gaining more and more attention due to the increase in remote working and the dissolution of the perimeter of the network. Zero trust comes down to a philosophical approach to dealing with user data and the applications you want to protect. In today’s fast-paced security and network environments, you can no longer afford to have just one internal trusted zone and one external untrusted zone.
Since users, devices, and even apps can be found virtually anywhere, nothing and no one should be trusted until proven guilty. On a practical level, this means that you need authentication to verify users and devices repeatedly and regularly with as granular control as possible. Authentication occurs not only when users join the network, but also to access assets and applications. Every transaction should be verified as any transaction has potentially been compromised. With a zero trust policy in place, users and devices have verifiable access to what they need, but not more.
Know your acronym
By learning the zero trust model, it’s easy to get bogged down in acronyms. Although they both have no trust in the name, Zero Trust Access (ZTA) is not the same as Zero Trust Network Access (ZTNA). ZTA is about network access for users and devices, while ZTNA is about application access. ZTA is all about how users log on and the type of access they receive on the network. But ZTNA specifically refers to controlling access to applications, whether the applications are on-premises or in the cloud.
Unlike a VPN, ZTNA doesn’t differentiate between when you are on the network or when you are off the network. It simply creates a secure tunnel automatically, no matter where the user is located. And while a VPN typically requires a remote user to create a secure tunnel to the network, ZTNA does this automatically even when a user logs in from a “secure network”. The process is easier and simpler for users than connecting using a VPN. And because zero trust is so much more secure than a VPN, providing both authentication and content inspection, it is driving the evolution of VPN connectivity.
Make zero trust work
Due to the number of users, applications, and locations an organization can have, implementing a zero trust model can seem complicated. And if it’s not done well, it can be. Convergence efforts require converting networking and security into a unified solution. And unfortunately, many vendors claiming to have a zero-trust solution have simply concocted disparate products and agreements so that they can say they have a “zero-trust” solution. But deployment and management can quickly turn into a nightmare. Other times, ZTNA solutions are simply Secure Access Service Edge (SASE) options with high fees for enterprise-wide coverage. But a zero-trust solution doesn’t have to involve multiple vendors, exorbitant subscription fees, and complex management systems. In fact, it is generally easier and safer for a business to do so.
ZTNA and SASE
Because so many companies have added zero trust to their cloud-based solutions, there is a lot of confusion about how they relate. Zero trust plays a vital role in cloud security because when users work from anywhere in a hybrid working environment, the SASE framework can act as a firewall in the cloud. The remote user gets the experience and protection of being behind a firewall, even in the cloud.
But SASE and ZTNA are different things. While SASE provides the firewall connectivity and security service, ZTNA controls access to applications. It’s about having the right policies in place no matter where the user is, giving them access to specific apps and a secure tunnel to that app, hiding it from malicious strangers. The SASE and ZTNA technologies are complementary as they both deal with the safety of teleworkers. But when you have integrated SASE and ZTNA, with everything operating under a unified policy, you can provide anytime access to network resources, including critical applications, for any user or device.
Protect and stop violations
Combining SASE and ZTNA into a unified solution that can provide consistent security and networking and a unified management platform is only possible through a handful of vendors. This requires real expertise in network, security and cloud. And because cybersecurity evolves so quickly, an effective platform must include multiple integrated products that have been independently tested and validated, to effectively protect connections and stop breaches.
It gets even more complicated as organizations migrate to hybrid work environments, including multi-cloud. A hybrid approach to security, where each segment (cloud, endpoint, data center, branch office, and remote worker) has its own security strategy simply creates the same challenge of too many vendors and not enough visibility or control. This is where setting up a solid security strategy, built around a single platform capable of being deployed in any environment, with integrated products that work together and provide automated actions. , becomes particularly critical. Network segments, like users and devices, do not exist in a vacuum. Any strategy that includes SASE and ZTNA must also have a unified ZTA strategy that can seamlessly weave physical and virtual systems into one integrated, end-to-end solution.
Learn more about Fortinet Zero Trust solutions that allow organizations to see and control all devices, users and applications across the network.
Copyright © 2021 IDG Communications, Inc.