Zero Trust Security had begun to replace the use of Virtual private networks (VPNs) in controlling users and devices access to network. Ideally, with VPN, being based on the traditional IT network security or often known as the castle-and-moat model, the shift to Zero Trust Security is essential. The shift results in better security where the implementation of Zero Trust security establishes layers of protection across the networks (outside and within) instead of providing a solid protection wall before access. Zero Trust Security, as mentioned in our previous post, refers to an IT security model that involves strict identity verification practice on every individual or device, attempting access to resources on a private network from either outside or within the network parameters. In order to bring the implementation of Zero Trust Security into realisation, it needs a technology called Zero Trust Network Access or in short ZTNA.
What is Zero Trust Network Access (ZTNA)?
Zero Trust Network Access (ZTNA), according to Gartner, is a technology (product or service) that creates an identity- and context-based, logical access boundary around an application or set of applications. Similar to the software-defined perimeter (SDP) approach, ZTNA allows the implementation of Zero Trust security to be made possible by access control. Simply put, ZTNA lets the devices to only aware of the resources that they are connected with and additionally with the need to re-verified and re-created periodically for continuous connections.
How does ZTNA work?
While the configuration of Zero Trust Network Access (ZTNA) is different depending on organisation or vendor, it is based on certain fundamental principles.
1. Separate applications access and network access. ZTNA only grant access to users that have been authenticated to network and authorised to specific applications.
2. Completely hidden IP addresses. ZTNA makes outbound-only connections thus ensuring that the network and applications will remain hidden to the connected devices.
3. Segmentation. ZTNA ensures authorised users to only have access to specific applications instead of having a complete access to the whole network.
4. Encrypted Connections (No MPLS). ZTNA applies user-to-application approach where TLS encryption micro-tunnels is utilised instead of MPLS which is based on traditional network security approach.
Many organisations had realised the importance of adopting Zero Trust as it is proven effective in improving their cybersecurity strategy.
E-SPIN being active in helping enterprise customers to implement enterprise digital transformation technology to achieve scale, scope and speed. E-SPIN since 2005, already in the business of supply, consultancy, integration, training and maintenance of various supplies for enterprise customers and government agencies. Feel free to contact E-SPIN for your cyber exposure (risk, asset, vulnerability and threat management).
Read our post on Zero Trust Security below for more information: