In a World Where Security and Network Have Converged, ZTNA Is Key

Align ZTNA with SD-WAN to give maximum level of secure access but still offer optimized experience.

Jon Bove, VP, Americas Channels

August 15, 2022

5 Min Read
Zero Trust
Shutterstock

Bove-Jon_Fortinet-2020-150x150.jpg

Jon Bove

The transition to hybrid work that’s occurred over the past two years has brought the potential for a multitude of new holes where threat actors can plant their roots. This has underscored the need for increased security measures that can span all aspects of a network and quickly identify tension points.

Secure access is more important than ever as the number of Internet of Things (IoT) devices grows, the network perimeter fragments and the new norm of working from anywhere persists. Security solutions that can cover all locations are required as work and resource systems evolve — and zero trust is paramount. Channel partners have an opportunity to help their clients achieve this crucial capability.

To protect all their systems, networks, applications and data, companies must adopt a zero-trust approach with thorough authentication capabilities, network access control measures and application access controls for both on-premises and cloud-based assets.

Users and devices using zero-trust network access (ZTNA) are unable to access an application unless they supply the required authentication credentials. ZTNA hides apps behind a proxy point, allowing for a safe, encrypted connection. Traditional VPN technologies for application access are replaced by ZTNA, which removes the excessive trust that older VPNs require for employees or partners to connect and cooperate.

In addition to ZTNA models, organizations must implement multilayered security measures to catch and block threats and malware, in addition to training employees on best security practices. The rate of exploit is increasing, and attacks are occurring at a faster pace; there is just too much data for staff in a security operations center to sort through. That’s why it’s critical to use AI and machine learning to detect and prevent unforeseen dangers.

ZTNA Models Help Secure Exponentially Expanding Networks

Hybrid working strategies have vastly expanded the plane that malware can exploit. It involves more than an increase in devices used to access an organization’s network. Because home (or, say, a coffee shop) networks are frequently insecure, corporate networks face greater risks. Connected resources are exposed to potentially dangerous content because the same devices that remotely access the business network are also used to access the internet without the protections of the corporate firewall.

Zero-trust network access achieves flexible connectivity of a hybrid workforce by removing the assumption that if a user is within network, they can be trusted to access all applications — that’s implicit trust.

ZTNA solutions adhere to several principles to make this possible:

  • Never take someone’s word for it: Until a person, device or application session has been properly validated, it is untrustworthy.

  • Users must be identified, and devices must be validated: The identity of each user, the context of the access request and the posture of each device are all evaluated before any access is granted.

  • Practice least-privilege access: Users only get the access they need to perform their job role; there is no broad network access such as with a traditional VPN.

  • Ongoing posture re-evaluation: The user’s and device’s postures are constantly assessed; if they change, so does access.

  • Treating the inside like the outside: ZTNA runs in the same way regardless of where the user connects from.

When networks are configured as an open, flat environment with no security assessment beyond the perimeter, hackers who penetrate the network perimeter can …

… easily travel laterally to sow malware, seek important resources and disrupt business. When ZTNA’s zero-trust paradigm replaces perimeter-based VPNs, every person or device requesting access to a resource is verified before access is granted only to that resource.

Securing Expansive Network Growth

To ensure a network is properly secure onsite and for remote users, multiple layers of security are necessary to protect vital applications and their data. While SD-WAN provides an optimal pathway to applications, its sole purpose is to enhance the user experience. By aligning ZTNA with SD-WAN, the end-user gains the maximum level of secure access to those applications, while still benefiting from an optimized experience. MSSPs and partners can layer on services and even consolidate and simplify their architecture by combining ZTNA with SD-WAN, providing even more value and cost savings to their customers.

Converging network and security is essential to negate emerging threats and protect data, people and devices across the entire network. With every employee likely having two or three devices that are linked to the network at any given time accessing applications, exposure to threat actors is at an all-time high.

The success of networks has, in a way, made them more vulnerable. Because of the distributed nature and the expansion of networks, more individuals and gadgets are increasingly vulnerable to cybercriminals. We can’t maintain the security perspective we had even a few years ago, due to the rapid growth of network edges and new settings, endpoints and varieties of clouds. To proactively defend, we now require real-time security.

Partners in Security

COVID has come in waves, but telework is a tsunami. The work-from-anywhere paradigm has created massive opportunity — both for companies and their employees and for malicious actors. In this expanding threat landscape, it is essential to adopt a proactively defensive stance with converged networking and security using multiple layers of security.

ZTNA models are essential for networks with a growing remote workforce and the proliferation of IoT-connected devices across networks. Combining ZTNA and SD-WAN is a dynamic solution that not only helps improve the user experience, but strengthens an organization’s security posture. Partners who can provide these capabilities have a golden opportunity to better serve their clients and distinguish themselves from the competition.

Jon Bove is the vice president of channel sales at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the United States. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.

Read more about:

MSPsVARs/SIs

About the Author

Jon Bove

VP, Americas Channels, Fortinet

Jon Bove is the vice president of channel sales at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the U.S. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like