The 3-phased approach to adopting ZTNA technologies
Is the concept of zero trust on its way to becoming the next “big thing?"
Well, Gartner says that zero trust network access (ZTNA) is the technology that will make zero trust real and replace the “beloved” VPN—stating, “By 2023, 60% of enterprises will phase out most of their remote access VPNs in favor of ZTNA.”
While Gartner is confident that the future of zero trust and secure remote access lies with ZTNA technologies, companies unfamiliar with the term often ask, “What is ZTNA, why now, and how do I choose?” As these questions are answered, the next question that generally follows is, “Where do I begin with ZTNA?” While adopting anything new can be intimidating, ZTNA is a modern remote access technology that can be consumed at your pace and in a simple three-phased approach.
It’s good to start small before going big, especially when it comes to rolling out new technology. When looking to implement ZTNA, Gartner suggests starting with targeted areas that provide “immediate value in improving the overall security posture of the organization.” Partner access and web-based apps are a great starting point for a zero trust model as they bring instant benefits, and even more so when paired.
Partners introduce significant risk to the business by having direct access to the entire corporate network. Moreover, partners often use their own devices, many of which can’t or won’t allow vendor clients to be deployed on the endpoint. And, seeing that some ZTNA technologies can be deployed with browser access capabilities, beginning with web-based apps, makes logical sense as the deployment of a client is not required. This, essentially, helps you kill two birds with one stone: (1) zero trust access is enabled for partners, while (2) users access web-based apps leveraging a simple browser rather than downloading a client. Some additional benefits you’ll see as a result of ZTNA include:
Less risk to manage – ZTNA makes apps invisible to all unauthorized users. While granular business policies enforce access based on user identity, the actual connectivity paths are created on demand, ensuring access to individual apps and not the underlying network. This eliminates the risk of lateral movement and creates least-privileged access.
Quick deployment – Securing partners first allows you to work with a smaller sample size of users and a smaller subset of applications. This enables an agile deployment, while admins can spend the time need to configure granular access policies as they learn their way around the new ZTNA technology.
Better partner experience – Partners gain a more seamless experience as they no longer have to fire up a VPN client (or even have it deployed) to access an application. Simply open a browser, insert a URL, and enjoy seamless access to the web-based application regardless of location or device.
As with any new technology, ZTNA's offerings are not all the same. Organizations exploring ZTNA options should look for the following:
- Browser access/clientless capabilities – Gartner recommends considering a ZTNA technology that doesn’t require an agent installation and also can support more than web-based applications.
- Support of multiple IDP (MIDP) providers – ZTNA is based on identity- and context-based access, so ensuring the support of multiple IDP providers simultaneously is of value when looking to provide access for various partners or third-party entities. Learn more about the usefulness of MIDP in this 20-minute webinar.
Once you’ve successfully eliminated third-party risk from your corporate network, it’s time to bring zero trust to your employees. At this point, you have a greater understanding and expertise of ZTNA technology and already have some deployment and configuration requirements set up. And you'll see the benefits of ZTNA become more prominent as you increase adoption, allowing end-users and IT teams to reap advantages in the following ways:
Fewer complaints, more user productivity – ZTNA provides near-invisible security for the end-user. Connectivity is seamless and uninterrupted as users—both on- and off-net—attempt to access internal apps. Users no longer need to log in and out of the VPN, nor do they need to know the location of an app. Connectivity just works.
Effortless scalability – Is your organization growing? Do you need to support more employees? With ZTNA hosted as a cloud service, you never have to worry about scaling infrastructure. The ZTNA service handles all infrastructure needs, while the enterprise simply scales by adding more user licenses to meet business demand.
Organizations in Phase 2 should look for ZTNA solutions with the following functionalities:
- Silent deployment – While having browser access capabilities to access web apps is important, a ZTNA solution should also have client functionality to support any legacy apps. With “silent deployment,” IT can force push the ZTNA client onto all managed devices leveraging your MDM provider. Once clients are on user devices, deployment becomes infinitely easier, while enhancing visibility into device posture.
- App discovery – Some ZTNA technologies have the ability for IT to see exactly which employees are accessing which applications via dynamic discovery. When someone attempts to access an application, that application is classified as a “discovered” app and granular access policies can then be applied.
- Real-time analytics – After deployment, real-time health monitoring and Security Information and Event Management (SIEM) integration allow admins to quickly diagnose the source of any application access issue. This allows IT to rapidly discover if a connectivity issue is caused by an unhealthy server, an unhealthy connector, or an unhealthy device posture.
Gartner says that “By 2023, 40% of enterprises will have adopted ZTNA for other use cases described in this research.” Leveraging ZTNA as a VPN alternative is a great place to start using this modern technology. However, ZTNA can provide business value for other projects you may be driving. Consider these additional use cases in which ZTNA can help as you look toward the future of your organization.
Adopting a multi-cloud strategy?
Whether you’re leveraging one or multiple clouds, ZTNA puts an end to fragmented security and enables standardized security across all environments with a single solution. No additional infrastructure is required, unlike site-to-site VPNs.
Undergoing a merger, acquisition, or divestiture?
While M&A activity can be great for the business, IT integration can become a multiyear process due to the complexity of converging multiple networks and having to deal with network address translation (NAT) and overlapping IPs. ZTNA enables users to access apps while eliminating the need to converge networks. At the same time, security standards are unified across all entities.
Why adopt ZTNA now?
While Gartner recommends that enterprises embrace ZTNA as a modern approach to securing remote access, the beauty is that ZTNA doesn’t need to be implemented all at once for you to start receiving security benefits. Better yet, ZTNA can be deployed in tandem with the VPN, meaning no downtime as you reduce your reliance on legacy VPN appliances.
However, it’s one thing to talk about ZTNA. It’s another to implement a zero trust network yourself. Wouldn’t it be great if you could experience ZTNA technology in action before a full implementation? Well, you can. Get to know the zero trust model a little better with our 100 percent free, no-strings-attached, 7-day hosted ZTNA demo.
See what Gartner is talking about, and learn how Zscaler can help you transform your organization's security with ZTNA technology.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Camilla Ahlquist is a product marketing specialist for Zscaler Private Access