The hybrid workplace continues to enjoy consistent adoption, particularly amongst those industries that do not require their workforce to be at the office every day. The benefits are well-published and tangible, however, it has also brought with it smorgasbord of security challenges.
By Carl Stoop, business development manager: Check Point at Drive Control Corporation (DCC)
Traditionally, organisations have relied on VPNs and premises-based security to fortify remote access. However, if there’s one thing that we’ve learnt from the pandemic is that these steps are simply not enough.
Enter Zero Trust Network Access (ZTNA), an evolutionary solution to organisations’ hybrid work policies and subsequent environments.
Analyst firm, Gartner defines ZTNA as: “products and services that create an identity- and context-based, logical-access boundary that encompasses an enterprise user and an internally hosted application or set of applications.
“The applications are hidden from discovery, and access is restricted via a trust broker to a collection of named entities. The broker verifies the identity, context, and policy adherence of the specified participants before allowing access and minimises lateral movement elsewhere in the network.”
Considering the above, what does an implemented ZTNA solution offer in layman’s terms:
* Limits access on an application-by-application basis.
* Authenticates every device and user, no matter where they are located.
* Acknowledges today’s complex networks and makes zero assumptions.
Choosing the right ZTNA
Demystifying ZTNA is the first step, the next, ensuring that you choose the right ZTNA option that provide the abovementioned benefits and features.
* Ensure support for all users – The solution must secure access for everyone–employees with managed devices, BYOD devices, mobile devices, third-party partners, engineering teams, and DevOps users. Look for client-based access and clientless architecture for secure access to web applications, databases, remote desktops, and secure shell (SSH) servers. Be sure to also consider basic PAM (Privileged Access Management) requirements for teams who need access to multi-cloud environments and single sign-on (SSO) into private resources.
* Ensure support for all target resources – Ensure the ZTNA solution supports all high-priority private applications and resources, not just web apps.
* Ensure easy operation – Look for a ZTNA solution offering maximum value with minimum maintenance. Cloud-based solutions with a unified console are easy to use and provide visibility across all ZTNA use cases.
* Ensure high performance and service availability – A ZTNA service must deliver close to 99.999% uptime and high performance backed by Service Level Agreements (SLAs).
* Ensure zero trust security soundness – Look for ZTNA solutions that separate the control and data planes to enable true least-privilege access to applications and other resources.
* Part of a future-ready security service edge – Consider how the ZTNA solution can be extended to secure other use cases–branch access [Firewall as a Service (FWaaS)], Internet access [Secure Web Gateway (SWG)], and SaaS access–through a Security Service Edge (SSE).
Check Point’s Harmony Connect Remote Access secures access to any internal corporate application residing in the data centre, IaaS, public or private clouds. The solution is also easy to deploy, taking less than 15 minutes to install.