Cyber Security Month

Let’s Talk Zero Trust Network Access (ZTNA)

Cyber security is the protection of networks, devices, and data from unauthorised access or criminal use; as well as the practice of ensuring confidentiality, integrity, non-repudiation, and availability of information.

SD-WAN has taken over from VPNs as the benchmark to enable scalable, redundant and highly secure network connections between on-premises, remote, edge and/or cloud environments. Echo has built our software-defined network solution using Fortinet’s FortiGate technology, which means we didn’t add security appliances to our network, we built our SuperWAN on security infrastructure. Now we are taking our offering to the next level by adding Zero Trust Network Access (ZTNA).

ZTNA is an IT security solution that provides secure remote access to an organisation’s applications, data, and services based on clearly defined access control policies. Where VPNs grant access to an entire network, ZTNA grants access only to specific services or applications. ZTNA can also be referred to as the software-defined perimeter (SDP), and is a set of technologies that operates on an adaptive trust model, where access is granted based on several configurable security posture checks regardless of the end user’s location.

ZTNA gives users seamless and secure connectivity to private applications without ever placing them on the network or exposing apps to the internet. As an increasing number of users access resources from home or elsewhere, ZTNA solutions can help eliminate gaps in other secure remote access technologies and methods.

How does ZTNA work?

ZTNA takes a fundamentally different approach from network-centric solutions, by securing access to internal applications based on four core principles:

  1. Isolating the act of providing application access from network access, which reduces risks to the network such as infection by compromised devices, and only grants application access to authorised users.
  2. Making outbound-only connections ensuring both network and application infrastructure are made invisible to unauthorised users. IPs are never exposed to the internet, making the network impossible to find.
  3. Utilising native app segmentation to ensure that once users are authorised, application access is granted on a one-to-one basis. Authorised users have access only to specific applications rather than full access to the network.
  4. Taking a user-to-application approach rather than a network-centric approach to security. The internet becomes the new corporate network, leveraging end-to-end encrypted TLS micro-tunnels instead of MPLS.

What business challenges can ZTNA solve?

  1. Excellent alternative to outdated VPN technology.
  2. Enablement of secure multi-cloud access.
  3. Reduction of third-party risk, by ensuring external users never gain access to the network and that only authorised users gain access to permitted applications.