How does Zero Trust Network reduce the business risk of working remotely?

The ability to work from anywhere means that IT must prioritise user-experience. Access to private applications should not require VPN or waiting for traffic to be backhauled to a datacentre just to go out to public cloud. Gartner predicts that in the aftermath of COVID-19, 74% of companies will move some employees to remote working permanently. Are your security and mobility teams prepared for working remotely anywhere?

Gartner estimates that by 2022, 80% of new business applications open to a partner ecosystem will be accessible via a zero-trust solution. And by 2023, 60% of companies will have replaced their remote VPN access with zero-trust remote access. Zero Trust Network Access (ZTNA) is emerging as one of the key issues for IT managers and CISOs (Chief Information Security Officer) in the coming years.

What is Zero Trust?

The concept of zero-trust security was first discussed in 2004 during the Jericho Forum, an international IT security thought-leadership group, to tackle the expansion of the secure perimeter and past the firewall. ‘Zero Trust’ assumes no traffic within an enterprise’s network is any more trustworthy by default than traffic coming in from the outside.

The concept of Zero Trust is relatively new and although the subject is being addressed by more and more organisations, this model is not yet as popular as the VPN (Virtual Private Networks). By putting the Zero Trust concept into practice, this massive data breach could probably have been prevented or had its impact largely minimised.

What are the core reasons to move forward of VPN?

VPNs have been the de-facto solution for enabling secure user access to enterprise applications for 20+ years. During this time, the core VPN security model has not fundamentally changed; a VPN is used to connect remote assets – users, databases, or whole offices – to an organisation’s secured network.

But VPNs have several shortcomings, inherent problems, and management complexities. For example, if your enterprise applications are deployed in different locations, you may need to deploy VPN gateways in each location. In this case, you need to ensure that all policies are applied consistently to all gateways.

Using a VPN is often a poor experience. While not a security issue, any aspect of a solution that reduces user productivity is something that security teams should be aware of. Most VPNs require a client to be installed on the endpoint, which is a challenge for both the administrator and the user.

Why does Zero Trust Network Access offer a better experience than VPN?

This new model uses a trust broker to mediate connections between a specific private application and an authorised user. It allows teams to begin with zero trust, but then provide connectivity based on context (identity, device etc.). Unlike VPNs, ZTNA technologies deliver a means of application access without network access, and the ability to mask applications from the open internet. Enterprises must now look to bake ZTNA into their security plans. This market guide offers considerations and recommendations for how and where to get started ZTNA.

An important element of the Zero Trust model is the Multi-Factor Authentication (MFA), which makes malicious access more complex by requiring multiple proofs of identity from the user wishing to access the information system. Currently, simple authentication is done using a login or password couple, and authentication element that can be easily usurped, particularly via social engineering.

To sum up, the Zero Trust can thus be adapted to many use cases, particularly for teleworking or BYOD (Bring Your Own Device), a practice that is not considered to be very secure by IT Departments.

Several solutions allow organisations to comply with the key principles of Zero Trust, so if you are interested in deploying Zero Trust within your organisation, contact us and we will discuss how you can bring your business up to speed.