Ready to find out more, or see Zscaler Private Access in action? Request a custom demo now.
Zero trust security is a big buzzword these days. While many organizations have shifted their priorities to adopt zero trust, zero trust network access (ZTNA) is the strategy behind achieving an effective zero trust model.
The path to zero trust as an ideology is vague, so ZTNA provides a clear, defined framework for organizations to follow. It's also a component of the secure access service edge (SASE) security model, which, in addition to ZTNA, comprises next-gen firewall (NGFW), SD-WAN, and other services in a cloud native platform.
While the need to secure a remote workforce has become critical, network-centric solutions such as virtual private networks (VPNs) and firewalls create an attack surface that can be exploited. ZTNA takes a fundamentally different approach to providing secure remote access to internal applications based on four core principles:
Gartner, Market Guide on Zero Trust Network Access, April 2019
From an architectural perspective, ZTNA works fundamentally differently from network-centric solutions. It runs on a software-defined perimeter, or SDP, which distributes access to internal applications based on a user’s identity. This eliminates the overhead of managing appliances. ZTNA also helps organizations simplify inbound stacks as they no longer require their VPN and VPN concentrators, DDoS protection, global load balancing, and firewall appliances.
There are two key ZTNA architecture models. This article highlights the service-initiated ZTNA architecture.
Read the Gartner Market Guide to Zero Trust Network Access for more details.
Among the most popular legacy security solutions in use today, VPNs are meant to simplify access management by allowing end users to securely access a network, and therefore corporate resources, by way of a designated tunnel, usually through single sign-on (SSO).
For many years, VPNs worked well for users who needed to work remotely for a day or two. As the world saw more and more long-term remote workers, though, lack of scalability alongside high costs and maintenance requirements made VPNs ineffective. What’s more, rapid adoption of the public cloud meant that it not only became more difficult to apply security policies to these remote workers, but also hurt the user experience.
The main problem with VPNs, however, is the attack surface they create. Any user or entity with the right SSO credentials can log on to a VPN and move laterally throughout the network, giving them access to all the resources and data the VPN was meant to protect.
ZTNA secures user access by granting it on the principle of least privilege. Rather than trusting on the basis of correct credentials, zero trust authenticates only under the correct context—that is, when the user, identity, device, and location all match up.
Furthermore, ZTNA provides granular access rather than network access. Users are connected directly and securely to the applications and data they need, which prevents the possibility of lateral movement by malicious users. Plus, because user connections are direct, experiences are vastly improved when leveraging a ZTNA framework.
Now more than ever, organizations are discovering the benefits a ZTNA model can provide. Here are some of the most prominent reasons why companies are making the switch.
ZTNA doesn’t just help businesses become more flexible—it greatly improves their overall security postures, too. It does so by delivering:
ZTNA has many cloud security use cases. Most organizations choose to start with one of these four.
VPNs are inconvenient and slow for users, offer poor security, and are difficult to manage, so organizations want to reduce or eliminate their reliance on them. Gartner predicts: “By 2023, 60% of enterprises will phase out most of their remote access VPNs in favor of ZTNA.”
Securing hybrid and multicloud access is the most popular place for organizations to start their ZTNA journey. With more companies adopting cloud applications and services, 37% of them are turning to ZTNA for security and access control for their multicloud strategies.
Most third-party users receive overprivileged access, and they largely access applications using unmanaged devices, both of which introduce risks. ZTNA significantly reduces third-party risk by ensuring external users never gain access to the network and that only authorized users can access allowed applications.
With typical M&As, integration can span multiple years as organizations converge networks and deal with overlapping IPs. ZTNA reduces and simplifies the time and management needed to ensure a successful M&A and provides immediate value to the business.
ZTNA is flexible in that it can scale to protect all the important facets of your business. Let’s look at these different ZTNA models up close.
Zero trust transformation takes time, but it’s a necessity for today’s hybrid organizations. Let’s take a look at three core elements of zero trust implementation.
In the Gartner Market Guide for Zero Trust Network Access, Steve Riley, Neil MacDonald, and Lawrence Orans outline several things organizations should consider when choosing a ZTNA solution:
These are all important considerations for your enterprise as you look for the ZTNA vendor that complements your present and forward-looking goals and vision. To learn more about ZTNA, check out our leading ZTNA service, Zscaler Private Access.
We’re proud to offer Zscaler Private Access™, the world’s most deployed ZTNA platform, built on the unique Zscaler zero trust architecture. ZPA applies the principles of least privilege to give users secure, direct connections to private applications while eliminating unauthorized access and lateral movement. As a cloud native service, ZPA can be deployed in hours to replace legacy VPNs and remote access tools with a holistic zero trust platform.
Zscaler Private Access delivers:
Ready to find out more, or see Zscaler Private Access in action? Request a custom demo now.
Gartner Market Guide for Zero Trust Network Access
Get the full reportThe Network Architect’s Guide to Adopting ZTNA
Read the guideZscaler Security Service Edge (SSE) Infographic
Take a lookWhy IT leaders should consider a zero trust network access (ZTNA) strategy
Read our white paperCybersecurity Insiders 2019 Zero Trust Adoption Report
Read the full reportSecuring Cloud Transformation with a Zero Trust Approach
Read the white paper