ZTNA - What is it and why do you want it?
The abbreviation ZTNA stands for Zero Trust Network Access. This is also called a software-defined perimeter or SDP. It ensures that you give secure access to private applications without giving the user access to the enterprise network.
Why do enterprises want a ZTNA?
Everything is being moved to the cloud and more and more sensitive data is being stored in this cloud. In the past, it was possible to secure a network by securing the connection to the internet with a firewall. Nowadays users work from home or on the road and the data itself can be in the office or stored in a cloud application. As a result, a simple firewall as a digital guardian no longer suffices.
External attacks and internal threats are increasing every day. These attacks and threats have increased security awareness in all industries and security investments are growing. However, the security effect is not so satisfactory, one security incident after another is coming to light. ZTNA is a must if an organisation as a whole is to be properly protected, wherever the users and the data are.
The zero-trust network architecture has set up a dynamic, digital identity-based perimeter with four important properties:
- Access based on identity
- Secure access to files and applications
- Continuous evaluation of the user and his access throughout the day
- Strong access control
Trust is the problem
The main cause of the failure of traditional security architecture is trust. The fundamental basis of security is dealing with risks, these risks are closely linked to "loopholes". The traditional perimeter-based network security architecture assumes that the people and devices in the internal network are trustworthy, which is why the security strategy focuses on building the company's digital walls. But there are a number of assumptions that you always have to make:
- There are always undiscovered weaknesses in network systems
- There are always discovered but unpatched loopholes in the system
- A hacker may always have actively taken over the organisation and systems
- Insiders are always unreliable
These four assumptions cancel out the technical methods of traditional network security by segmenting the network and building the walls. They also cancel out the abuse of trust under the perimeter-based security architecture. In addition, perimeter-based security architecture and solutions are difficult to deal with in today's network threats.
Creation of a zero-trust architecture
A new network security architecture is needed to cope with the modern and complex enterprise network infrastructure. And also to be able to deal with the increasingly severe threats in the network. Zero trust architecture arises in this context and is an inevitable evolution of security thinking and security architecture.
In the book 'Zero trust networks: Building secure systems in untrusted networks', Evan Gilman and Doug Barth define zero-trust as being built around five fundamental statements:
- The network is always supposed to be hostile
- External and internal threats always exist on the network
- The location of the network is not sufficient to determine trust in a network
- Every device, every user and every network flow is authenticated and authorised
- The policy must be dynamic and calculated on the basis of as many data sources as possible
No person/device/application in the enterprise network should be trusted by default. The fundamental basis of trust must be based on renewed access control using proper authentication and authorisation. The zero trust architecture has changed the traditional access control mechanism, and its essence is an adaptive trusted access control based on identity.
ZTNA partner of Nomios
We have partnerships with various suppliers who provide Zero Trust Network Access with various techniques such as IoT endpoint protection, device protection, identity & access management and next-generation firewalls.
Download whitepaperUnderstanding the basics of cybersecurity
Get your copy of this 70+ pages whitepaper, to learn more about cybersecurity and to feel comfortable in a security conversation. Or get in touch with us directly if you find this topic of interest.
Related news & blogs
NAC Mist AI
Juniper Networks enhances user experience with cloud-based NAC and Mist AI-ChatGPT integration
Discover Juniper Networks' cloud-based NAC solution driven by Mist AI and the integration of ChatGPT, enhancing user support and AI-driven networking strategy.
NAC Mist AI
NAC is back and better than ever!
Juniper has expanded its Mist AI-driven enterprise portfolio, with Juniper Mist Access Assurance. It's a cloud-based NAC service that enables enterprises to easily enforce a Zero Trust security model without the challenges associated with on-premises NAC.
Jeff Aaron from Juniper Networks
Palo Alto Networks
What are the top 5 benefits of Palo Alto Cortex?
Palo Alto Networks Cortex is a comprehensive security product and service suite with advanced threat detection, investigation, and response capabilities.