This post originally appeared on LinkedIn, May 27, 2020.
You’re an IT administrator. You thought everybody working from home would be a dream come true: None of the desktop deployments, support tickets, or hand-holding that takes up a big chunk of your time. Finally, you could get some “real” work done! Turns out that employees working from home (WFH) is more like your worst nightmare. How secure is their home internet connection? Their network? Is their device security up-to-date? Do you trust their security habits in the wild?
And those newly-remote workers have a lot of questions for you. “How do I use the VPN?” “How do I get admin rights on my machine?” “Should I open this email?” “What’s a virus?” With WFH, you’re still buried in support requests, they’re just of a different flavor. On top of that, to accommodate the added remote-access traffic, you have to increase the capacity of a legacy VPN architecture that wasn’t designed for this scenario.
If only the process of transitioning employees to WFH was simpler!
Zero trust network access (ZTNA) makes it simpler. And a ZTNA solution that leverages a cloud-based architecture can decouple security from network access, ensuring secure application access regardless of the device, the network, or the application.
The near-universal switch to WFH means employees now work outside the corporate security “moat.” Cybercriminals view this environment as a vast, ripe, untapped field of opportunity.
Companies that have embraced cloud-delivered security solutions combining security, simplicity, and speed have quickly adapted to WFH needs. But if you aren’t there yet, now is the time to start! Pivoting from legacy technologies to forward-looking ZTNA solutions offers benefits that can help you adapt to change and build in resilience for the future.
Delivering a secure, productive, work-from-home experience with ZTNA offers six tangible benefits:
Let’s break these points down.
1. Direct access
With a fully-remote workforce, you need to ensure direct, secure access capable of connecting any user to any application, regardless of where the users or applications sit. The downfall of legacy security architectures is their dependence on a security perimeter. This forces user traffic to flow through the perimeter defenses, no matter where the target application lives: in the data center, a private cloud, a hybrid cloud, or public cloud.
ZTNA solutions establish connections between users and the applications, and cloud-enabled ZTNA lets traffic flow along the shortest secure path between them. This eliminates the hair-pinning caused by backhauling traffic from a single ingress point to other locations, reduces data center traffic, and improves the user experience by reducing latency.
Legacy castle-and-moat network security allows anything that gets through perimeter security to gain access to the whole network and any systems attached to it. Why should employees be granted access to all applications, data, and resources? Threat actors who breach the perimeter enjoy that same privilege of “east/west” lateral movement.
It makes more sense to limit user access to only what users need. Zero Trust security allows you to tag users and applications so that authorized users only see what applications you want them to see. (There’s a security benefit, too; those threat actors can’t attack what they can’t see.) Context-aware access delivers benefits beyond just work-from-home security: mergers and acquisitions (M&A), cloud migration, third-party access, and more. ZTNA solutions address all of these scenarios with simple policies that are user-centric, rather than network-centric.
3. Flexible deployment
One reason IT teams resist change is scope: they don’t want to change all of the network to protect some of the network. This is why zero trust is catching on now. When zero trust was introduced ten years ago, implementing it with network-centric security tools was a monolithic task—you had to convert almost all of your network in order to protect any of it! Now, with cloud-enabled ZTNA solutions, you can tackle this challenge one use case at a time. For example, you can enable zero trust access for an existing group of VPN users without a rip-and-replace process. Once the zero trust access is fully operational, decommission VPN access for that group. Then iterate as necessary.
4. User experience
As VPN use scales, so do problems. You’re backhauling tons of external traffic that must traverse the security stack. On top of that, latency increases drastically with hundreds (if not thousands) of remote workers fighting to pass through VPN concentrators. One solution is bigger, more expensive security devices at both HQ and branch offices, but it’s a complicated and expensive one. Zero trust connections allow users to directly access applications, no matter where either sit. Direct access via internet breakouts means lower latency and a better user experience.
5. Better visibility
In a legacy environment, you can’t protect what you don’t know is there. One huge disadvantage of legacy solutions is that all the appliances across the enterprise network generate an enormous amount of uncentralized data. Bad actors love to hide in that data, hoping to be overlooked. Any security solution must provide full visibility into user traffic. ZTNA solutions allow you to examine who is accessing what, and where, anywhere in the network.
6. Tighter security
With users, applications, and data distributed across the internet (and more to come), securing access to your most sensitive resources is a massive challenge. Distributed resources means a larger attack surface; more people working from home over VPNs means more ways for bad actors to breach your perimeter.
Now is the time for zero trust. A context-based zero trust approach secures the connection between the user and application without regard for networks or locations. Policies are created and enforced that only let specific users access specified applications. Users can access the applications they need, from any device, without exposing the network to bad actors or increasing the network attack surface.
Cloud-delivered ZTNA transitions your security from network-centric controls and remote network connectivity to application-centric security and least-privilege access. This means more-secure connectivity that easily and cost-effectively adapts to enterprise digital transformation efforts.
Zero trust security architectures ensure full protection for users and applications alike. ZTNA solutions enable secure, productive work-from-home and work-from-anywhere environments (including the office). You can protect your employees, partners, and customers while continuing to survive, thrive, and adapt to new challenges.
Lisa Lorenzin is Director of Transformation Strategy at Zscaler