Leveraging Partner Expertise to Build a Zero-Trust Strategy

Written by Jon Bove
June 9, 2021

Keep building partner trust, but apply the principle of least privilege to networks for security.

… the knowledge and resources necessary to help their clients build out both zero trust access (ZTA) and zero trust network access (ZTNA) policies.

Establishing the Foundation of Zero Trust

The foundation of any zero trust strategy is knowing and controlling who and what is on the network. This starts with role-based access controls (RBAC) and granting authenticated users an appropriate level of access, a practice in which many organizations already engage, to some degree. Aligning RBAC with a zero trust model requires that organizations establish a least-access policy that restricts users to the minimum level of network access required for their role, removing any ability to access or even see other parts of the network.

Beyond this, ZTA also involves managing the devices that are used to connect to the network, such as laptops, tablets and smart devices. However, organizations are now adding nonuser Internet of Things (IoT) devices to their networks, including printers, heating and ventilation systems, secure doorways, inventory control systems, point of sale (POS) devices or industrial IoT (IIoT). Unlike traditional devices, many of these new technologies lack usernames and passwords that identify them. Therefore, these “headless” devices require a network access control (NAC) solution designed to discover, authenticate and control their access to network resources. NAC policies can apply the zero-trust principle of least access to devices, ensuring that they have only the network access they need to perform their role and nothing more.

Partners engaged in mapping their clients’ networks can help establish ZTA. They are often the ones who have the greatest knowledge of the network, user and devices. Ultimately, this makes them a trusted reseller because they are already the most trusted adviser.

Zero Trust Network Access: Securing the Applications

Today’s businesses increasingly run on applications, demonstrating a need for ZTNA, which controls application access no matter where the user or the application resides. The user may be on a corporate network, home office or somewhere else, and the application may live in a corporate data center, private cloud or on the public internet.

With the dynamic nature of today’s networks, zero trust network access offers the security, granular control and user experience necessary to securely connect a remote workforce. Cybercriminals can exploit VPNs by compromising the endpoint device because the underlying assumption is that the VPN connection comes with trust. That trust extends to the part of the network to which it connects, explaining why threat actors redirected their efforts to exploit vulnerable home networks.

ZTNA takes the approach that no user or device can be trusted to access anything, including applications, until proven trustworthy. This extends the zero trust model beyond access to the network, ultimately reducing the attack surface by hiding applications from the public internet.

For partners, ZTNA poses an opportunity. Having been deeply involved with their customers’ network mapping and policy, they know the application access points. By creating a punch list of new projects, they can use their position as a trusted adviser to help deliver a zero-trust security approach.

Trust No One When Building a Security Framework

Most security measures organizations have in place primarily apply to traditional networks. However, expanding network edges, ubiquitous IoT devices, converged environments and mobile users change the meaning of trust. Zero trust enables organizations to consistently implement security across distributed and dynamic environments because it verifies every user and device before granting limited access. ZTA and ZTNA focus on understanding who and what access networks and applications, regardless of where the users, devices, data and applications are located.

At the end of the day, the only trust that still exists is between partners and their clients. Partners’ deep knowledge of client networks and policies makes them uniquely situated to establish ZTA and ZTNA for enhanced security.

Jon Bove is the vice president of channel sales at Fortinet. He and his team are responsible for strategizing, promoting and driving the channel sales strategy for partners in the United States. A 17-year veteran of the technology industry, Bove has held progressively responsible sales, sales leadership and channel leadership positions. Follow @Fortinet on Twitter or Bove on LinkedIn.