Zero trust is the best security solution for meeting today's changing network requirements: remote work, hybrid networks, and in-office security. But identifying the right ZTNA (Zero Trust Network Access) provider is not always easy. Let’s look at how business demands have evolved in the past two years, and six discussion points to spark the conversation with potential zero trust suppliers.
The months since COVID-19 emerged have revolutionized the way we work, turning remote work into the new normal. From a security perspective, this meant the collapse of the perimeter - in a matter of days. Employees needed access to the organizational network from home devices, insecure WiFi networks and new IP addresses, and they needed it immediately.
CISOs, security teams and IT managers were forced to find security solutions that would protect the network’s assets, environments, applications and assets, without hampering business continuity or employees’ ability to connect. Often, this had to be done within the boundaries of tighter budgets and sometimes with personnel dealing with such an access crisis for the first time.
The go-to VPN model proved to be insufficient, as it was not agile, secure, scalable or robust enough to support an entire workforce working remotely, all at once. In addition, Covid-19 sparked a growing number of more sophisticated cybersecurity attacks, which required stronger defense.
All these factors - remote work, sliced budgets, the collapse of the VPN model, and more dangerous cyberattacks - demand a shift in thinking and the adoption of a new cybersecurity paradigm.
Zero trust is a novel security model that protects the network both externally and internally. Externally, zero trust authenticates users through multi-factor authentication (MFA), biometric authentication and additional advanced capabilities. But even if an attacker managed to overcome these gatekeepers, they still will not have access to the crown jewels. Authentication and authorization are required continuously inside the network, each and every time a user attempts to access any network element.
This micro-segmentation protects the organization’s information and valuable data from being handed over to perpetrators who gained network access, or were tunneled in by a VPN. In fact, users (and attackers) cannot even see the network they do not have access to, making breach attempts even more difficult for adversaries.
Let’s drill a bit deeper, and see how to start implementing a zero trust solution.
A zero trust architecture is easy to set up, but sometimes getting started is the hardest part. Here are six parameters to discuss with your ZTNA provider, to help you tailor the solution to your business needs.
Zero trust abides by the phrase ”identity is the new perimeter.” After all, identities are the parameters that are being authenticated and authorized when accessing each micro-segment. Ask your ZTNA provider how they authenticate identities, and ensure they implement a strong identity verification mechanism, of minimum three factors.
Devices are the means for users to access the network and its components. Therefore, it is crucial to have visibility into which devices are connected and which assets they’re accessing. Ask your ZTNA provider about audit logs, recording and real-time visibility into devices that are in your network.
Applications are one of the network components that needs authorization before providing access. Make sure your ZTNA provider also ensures application security, in addition to network security. In addition, review how policies are set up and how access is granted to applications. Make sure the process is frictionless and easy for IT teams and users alike.
We recommend encrypting your data to add another layer of security and protection. However, encryption can negatively affect performance. In addition, if your ZTNA provider is decrypting your data to implement user policies, then your data could be compromised if your ZTNA provider is attacked. Ask your ZTNA provider if they have a ZT model that doesn’t require them to decrypt the data, by keeping it in your network, not theirs.
When choosing a ZTNA provider, you have to trust no one...except for them. Ask your provider about their infrastructure. Are their servers located in the cloud or in a data center? Who has access?
In addition, make sure your provider can integrate with your infrastructure, and especially if you have homegrown solutions or any special IT needs.
“Network security” has taken on a whole new meaning in the era of zero trust. Policies and practices now need to apply to traffic coming from the entire public network, and not only from a well-defined perimeter. Ask your ZTNA provider about how easy it will be for employees to access the company network, from any other network. To ensure business continuity, the user experience must be impeccable.
Choosing the right ZTNA provider requires a bit of research and understanding the different solutions provided. We recommend conducting online research, consulting with fellow CISOs and security team members, and looking at different provider demos. We hope the list above can help you ask the right questions and improve your security posture.
Cyolo is a Zero Trust Security solution that keeps remote users securely connected from everywhere. Cyolo provides:
User and device ID, MFA and biometric authentication to verify access to apps, resources, workstations, servers & files
Continuous identity validation in the network
Nework, application, and asset security
Audit logs, recording and real-time access control and visibility
No data decryption, only encryption
No access to your data - your information stays with you
Compatibility with any network topology and identity infrastructure
A user-friendly and simple user experience
Quick implementation
Author
Almog Apirion is CEO and co-founder of Cyolo. He is an experienced technology executive, a "recovering CISO," and the founder of the Israeli Navy Cyber Unit. Almog has a long history of leading the cybersecurity and IT technologies domain, with a background that includes building and securing critical infrastructures at large organizations, and leading teams to success.