Zero Trust Network Access (ZTNA) - Cybersecurity Concept for Local and Virtual Networks
January 2023 by
A cybersecurity study conducted by macmon secure and techconsult end of 2022 figured out, that 26 percent of the companies surveyed said they would implement Zero Trust in the next 12 months, another 20 percent will do so in the next two years, and another 15 percent plan to do so in the long term. Overall, it can be stated that Zero Trust will become established in the next few years.
Where does this development come from
External network access to corporate resources is the norm these days. Devices access cloud services, email applications and other potentially confidential corporate resources directly - anywhere, anytime. Criminals can therefore strike at different points to steal data and damage companies.
The Zero Trust security concept puts a stop to this. It is based on the philosophy that neither a device nor a user should be trusted before secure authentication has taken place. The focus of ZTNA is on resources - and not on classic perimeter security at the transition between a private, corporate and a public network, such as the Internet. The "new workers" need to access software tools and company data with all devices and apps. Cloud services outside the firewall are elements of this flexible environment. With ZTNA, it is possible to ensure sustainable data security and to meet modern network security requirements.
Security for IT- and OT -Networks
The ZTNA approach is based on restriction and monitoring: Network Access Control (NAC) solutions allows only defined devices to access the network, whether they are iPads, laptops, or medical devices. IT administrators always know which devices are logged on to the local network and can permanently identify and monitor them thanks to the complete network overview. Any device that has no business being on the respective network is denied access right from the start. With the increasing integration of production systems, which in some cases extends into the office world, the complexity and vulnerability of networks is increasing. With ZTNA unauthorized usage of systems in administration and production is virtually impossible.
Security in the cloud
Security provider macmon secure is also transferring the ZTNA concept to all cloud services and is pursuing an identity-based approach that enables granular access control. To verify the identity of a user, his device, and its security state, a so-called Secure Defined Perimeter (SDP) agent takes over authentication against one SDP controller. After successful authentication, the user accesses all required resources - either via single sign-on for cloud applications, via the SDP Cloud Gateway for cloud data centers, or via local SDP gateways to internal enterprise resources.
Authentication in seconds
In contrast to classic VPNs, both the user and the agent authenticate themselves at the controller with macmon SDP. Only when both are recognized as valid, access to the network is granted. Thanks to precise segmentation, the system decides who is permitted to access which internal resources with which device and takes over intelligent control of the communication routes. Bandwidth bottlenecks are avoided, and the lowest possible latencies are achieved. Every single access to corporate resources - whether local or in the cloud - is checked - there is no such thing as an automatic trust. Corporate networks today are usually multi-layered, but ultimately, it’s always about an identity that needs access.