Should You Adopt a Zero Trust Network Architecture?
From what it is to how it works, we look at Zero Trust Network Access and whether it’s time for your enterprise to adopt a zero trust architecture.
As organizations move toward processes and models that support a remote workforce, security should be top of mind. Enter the “zero trust” approach – treating every user as a potential threat until securely proven otherwise. Zero Trust Network Access (ZTNA) is the functionality at the core of this trend.
According to Gartner®, “by the end of 2024, 10 percent of enterprises will replace Network Access Control (NAC) and/or embedded switching security features with ZTNA on corporate-owned campus LANs – up from near zero percent in 2021”.1
Zero trust has quickly become a major talking point in the cloud industry. If you need to get up to speed with ZTNA, here’s how it works – and whether you should consider adopting a zero trust architecture.
What is ZTNA?
Zero Trust Network Access is a product or service that creates an identity- and context-based, logical access boundary around an enterprise’s applications. Put simply, it’s a network setup that treats all endpoints as hostile. This setup protects applications from being discovered and restricts access to a limited set of permitted entities – usually remote employees of an organization.
A trust broker controls these restrictions and verifies the identity, context, and policy adherence of each entity before access is granted. Additionally, these entities are prohibited from moving out of the permitted application to elsewhere in the network during that session, to minimize network exposure to cyber threats.
To achieve ZTNA, an enterprise network team orchestrates their enterprise network without embedded security functionalities such as filtering, profiling, and end-to-end segmentation found in most network switching or management feature sets. Instead, these features are replaced by cloud services that send application authentication and authorization requests to public cloud Points of Presence (PoPs). In short, security management processes are moved to the cloud. Local gateways will be at work to mitigate potential decreases in app availability, bandwidth, and performance that can result from the increased load a ZTNA can place on a network.
Taking a ZTNA approach to your network contributes to what is known as an adaptive trust model, simply meaning trust is granted on a case-by-case basis rather than conditionally assigned. This approach significantly reduces the chance of cyberattacks, especially for workplaces with hybrid or remote working models.
Should you adopt ZTNA?
With cyberattack techniques constantly advancing, bolstering cybersecurity is always a good idea. In particular, if your company has or is moving toward a hybrid workforce, you should consider a zero trust strategy to reduce the risk of malware propagating across your network.
When compared with other Network Access Control (NAC) solutions, segmenting your user-to-application security processes comes with the promise of simpler, stronger security, and the bonus benefit of reduced costs when compared with many other NAC solutions.
ZTNA can also be easier and more affordable to deploy than many existing security solutions due to its virtual nature – plus, it provides a consistent connection experience regardless of where, or which network, you connect from.
But something important to keep in mind, should your organization consider ZTNA, is that adopting an adaptive trust business model will require a shift in how you view your enterprise network; it can take time to introduce processes company-wide which treat all network entrants as hostile until explicitly proven otherwise.
How can you get started with ZTNA?
Gartner recommends to “enable flexibility to address changing needs, and a dynamic vendor landscape, by making shorter-term one- to three-year investments for ZTNA as well as SASE and other cloud networking offerings”.1
To get started with ZTNA, the best place to start is by replacing any traditional VPNs your enterprise uses, followed by looking at how you could extend your network fabric to your entire campus or corporate LAN.
While ZTNA is offered by a variety of vendors, there is no one size fits all solution.
When choosing a vendor, look for one that offers paths to remote and on-premises controls for your extended workforce, from employees to contractors and suppliers. During the evaluation process, it’s also important to collaborate with endpoint administrators to move internal IT management systems to the cloud.
Optimize your ZTNA investment by favoring lightweight, “cloud aware” products with robust and well-documented APIs, which are offered via consumption-based pricing rather than contracts. In 2022, having this agility is more important than investing in long-lasting physical infrastructure.
ZTNA and Megaport
To offset the potential latency that can be experienced with local application access, adopters of ZTNA should look to leverage a low latency, scalable, and on-demand private connectivity platform. Deploying a Software Defined Network (SDN) to underpin the orchestration of your zero trust network will give you far better efficiency and control over your ZTNA, as well as the flexibility and scalability you’ll need for long-term success.
By underpinning your cloud network with Megaport’s private SDN, you can provision and manage your connections in the Megaport portal – simply point, click, and connect. Our scalable network gives you the agility to revise and grow your zero trust network on demand.
You can also save time and effort by automating the provisioning and management of your network connections with Megaport APIs. And with ISO/IEC27001 security certification, Megaport can be trusted to follow internationally recognized standards for information security and management.
In short, ZTNA shouldn’t be overlooked when it comes to protecting your network. Adopt it soon to be on the forefront – but be sure to adequately prepare your enterprise before making the shift to ensure your zero trust network is agile, scalable, and sustainable.
1 Gartner®, Predicts 2022: Connecting the Digital Enterprise, By Andrew Lerner, John Watts, Joe Skorupa, 2 December 2021.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.