This blog was jointly written with Kumar Ramachandran, Senior Vice President, Palo Alto Networks
Most people can recall a time when computers were pieces of equipment that remained in a fixed location. Because of this, security was less of an issue outside of an organization's own walls.
That all changed when laptop computers and mobile devices ushered in the era of the mobile workforce. By the early 2000s, more companies started relying on remote access technology to enable users to work while traveling or from home. Employees or contractors could connect with applications hosted at the data center, and communications were encrypted to prevent man-in-the-middle attacks.
Over time, applications started migrating out of the data center and into the cloud. Businesses began to recognize the benefits of offering a “work from anywhere” model and the potential cost savings of supporting a “bring your own device” (BYOD) program. These trends highlighted the limitations of legacy remote access infrastructure from both a user experience, as well as a security standpoint. It was never designed to support so many concurrent users, so the increased load led to considerable latency. Once connected to the network, users had access to an entire network segment, typically far more than needed to complete job duties. Premises-based security, such as firewalls, could be bypassed by working off-network.
Zero Trust network access (ZTNA) was designed to overcome these shortcomings by enabling administrators to grant consistent, high-performance access to specific applications by role or by user. Cloud-destined traffic would no longer have to be hair-pinned to the data center. The technology follows the user, wherever they conduct business, regardless of whether they connect to the network. While this is surely an improvement over legacy remote access technology, more is needed to truly align it with the core principles of the Zero Trust framework.
Introducing ZTNA 2.0: Security designed for today’s highly-distributed business environment
According to a 2022 AT&T Cybersecurity Insights Report, 94% of survey respondents say they are currently on a Zero Trust journey, which includes research, implementation and completion. The ultimate goal of ZTNA 2.0 is to enforce an access control policy that eliminates implicit trust and continuously validates every stage of a digital interaction with all network connections, whether hosted on-premises or in the cloud.
When evaluating ZTNA solutions, businesses should ask the following questions to ensure that they are obtaining a solution that offers superior user experience and protection:
- Does this technology truly enforce the principle of least privilege access? ZTNA 2.0 moves beyond validating users based on network constructs
,such as IP address, fully qualified domain name, or port number. It instead identifies applications at layer 7, the layer where users communicate with other computers and networks, enabling precise access control at the application and sub-application levels.
- Is trust continuously verified? Many ZTNA solutions validate that a user has permission to access an application, connect them, and stop there. Unfortunately, insider threats represent a significant risk to organizations. Furthermore, if a device is lost, stolen or being used by a family member, unauthorized users may gain access to sensitive information. With ZTNA 2.0, trust is continuously verified based on changes in device posture, user behavior and application behavior.
- Is traffic continuously inspected for threats? ZTNA was originally designed as solely an access control mechanism, with no ability to detect or prevent malware, which can be encountered while interacting with email, websites or collaboration applications after gaining access to the network. ZTNA 2.0 provides deep and ongoing inspection of all traffic, even for allowed connections, to prevent all threats including those previously unknown (zero-day).
- Do I gain visibility into where my data is stored? If you don’t know where your data is being stored, there is no possibility of defending it against unauthorized access or loss. In a ZTNA 2.0 environment, organizations gain consistent control of data across all applications used in the enterprise, including private applications and SaaS, through a single data-loss prevention policy.
- Are all of my applications secured? Some ZTNA solutions only address a subset of private applications that use static ports, which creates vulnerabilities for cloud-native/SaaS applications and those that use dynamic ports like voice and video applications. ZTNA 2.0 safeguards all applications used across the enterprise, including modern cloud-native applications, legacy-private applications and SaaS applications.
Zero Trust with AT&T — for a better today and tomorrow
In the years ahead, security will become even more important as more Internet of Things (IoT) devices come online, and hybrid or remote workforces become entrenched in corporate cultures. Both cloud and IoT networks are more dynamic than other networks and often have shared tenancy. This is where ZTNA 2.0 becomes imperative. Standard, legacy security measures are not compatible with today’s fast-changing networking environment. ZTNA 2.0 brings network security in line with current technology trends.
Zero Trust with AT&T and Palo Alto Networks helps protect organizations of all sizes while allowing for more streamlined connectivity and productivity in today’s distributed work environment. Adopting best-in-class security and protecting against threats reduces the risk of data breaches and enhances user productivity, with an optimal work-from-anywhere experience.
By adopting ZTNA 2.0, organizations are also helping position themselves for whatever comes next.