ZTNA: Zero Trust Network Access

Secure the Remote Workforce: Deploying Zero Trust Access

Deploying Zero Trust Access

The global pandemic has forced knowledge workers to move out of their offices en masse to the isolated environment of their homes. Most will return to the office at some point, even if only part-time, as companies adjust to social distancing measures meant to keep employees safe. Global Workplace Analytics estimates that 25-30% of the workforce will be working from home multiple days a week by the end of 2021. Others may never return to an official office, opting to remain a work-from-home (WFH) employee for good.

The suddenness of having to turn so many people into remote workers has put a real strain on network security. There was little, if any, time to develop and execute a secure remote access strategy that provides the same level of security protections that workers have in the office. This has introduced a range of cybersecurity risks and challenges, and a need for real Zero Trust Access solutions regardless of where people work.

 

VPNs Are Giving Way to Zero Trust Security

The tech industry is moving toward a much more secure user access model known as Zero Trust Network Access (ZTNA), also called the software-defined perimeter (SDP). How ZTNA works is simple: deny everyone and everything access to a resource unless it is explicitly allowed. This approach enables tighter overall network security and micro-segmentation that can limit lateral movement in the event a breach occurs. This is the basic tenant underlying ZTNA architectures.

Gartner’s Market Guide for Zero Trust Network Access (ZTNA) projected that by 2023, 60% of enterprises will phase out VPN and use ZTNA instead. The main advantage of ZTNA is its granular control over who gains and maintains network access, to which specific resources, and from which end user device. Access is granted on a least-privilege basis according to security policies.

This granular-level control is also why Zero Trust Network Access complements the identity-driven approach to network access that SASE (Secure Access Service Edge) demands. With ZTNA built-in to a cloud-native network platform, SASE is capable of connecting the resources of the modern enterprises — sites, cloud applications, cloud datacenters, and yes, mobile and remote users — with just the right degree of access.

Security Integration Is Key to Effectively Enforcing Zero Trust Security Policies

Like VPNs, firewalls, and Intrusion Prevention solutions, there are point solutions for ZTNA on the market. In fact, many networks today are configured with an array of standalone security and remote access solutions. This lack of product integration is a real drawback for a number of reasons. First, it increases the probability of misconfigurations and inconsistent security policies. Second, it increases network latency as traffic must be inspected separately by each device. And finally, the lack of integration makes holistic threat detection all but impossible, as each appliance has its own data in its own format. Even if that data is aggregated by a SIEM, there is considerable work to normalize data and correlate events in time to stop threats before they can do their damage.

In addition, Zero Trust is only one part of a remote access solution. There are performance and ongoing security issues that aren’t addressed by ZTNA standalone offerings. This is where having ZTNA fully integrated into a SASE solution is most beneficial.

SASE converges Zero Trust Network Access, NGFW, and other security services along with network services such as SD-WAN, WAN optimization, and bandwidth aggregation into a cloud-native platform. This means that enterprises that leverage SASE architecture receive the benefits of Zero Trust Network Access, plus a full suite of converged network and security solutions that is both simple to manage and highly-scalable. The Cato SASE solution provides all this in a cloud-native platform.

Cato’s SASE Platform Simplifies Secure Remote Access for WFH

What does this mean for the remote access worker? The Cato SASE platform makes it very quick and easy to give highly secure access to any and all remote workers.

Cato provides the flexibility to choose how remote and mobile users securely connect to resources and applications. Cato Client is a lightweight application that can be set up in minutes and which automatically connects the remote user to the Cato Cloud. Clientless access allows optimized and secure access to select applications through a browser. Users simply navigate to an Application Portal – which is globally available from all of Cato’s 57 PoPs – authenticate with the configured SSO and are instantly presented with their approved applications. Both approaches use integrated ZTNA to secure access to specific network resources.

A Zero Trust approach is essential for a secure remote workforce, and Cato’s solution allows an easy and effective implementation of ZTNA.

For more information on how to support your remote workforce, get the free Cato eBook Work From Anywhere for Everyone.