Menu
Zero trust planning: Key factors for IT pros to consider

Zero trust planning: Key factors for IT pros to consider

Rolling out effective zero-trust network access calls for coordinating IT and security teams, data discovery, network segmentation

Credit: Dreamstime

Moving away from VPNs as a means to protect corporate networks at the perimeter and moving toward zero-trust network access requires careful enterprise planning and may require implementing technologies that are new to individual organisations.

ZTNA employs identity-based authentication to establish trust with entities trying to access the network and grants each authorised entity access only to the data and applications they require to accomplish their tasks. It also provides new tools for IT to control access to sensitive data by those entities that are deemed trusted.

It can take many different forms—software, hardware and as a service—and can be provided by a large number of networking and security vendors.

Zero trust and SASE

ZTNA is compatible with the broader secure access service edge (SASE) architecture for the convergence of security and network features into a unified cloud service. SASE is in line with ZTNA assumptions that any user, device or application could be compromised, so ZTNA can be thought of as technology to help migrate towards a SASE architecture. But implementing ZTNA is not a simple task.

Rolling out ZTNA

Adopting it requires significant, coordinated work by enterprise IT and security teams, which is always a potential source of delay, so teams should focus on their business goals, streamlining access while securing sensitive data and maintaining compliance.

The first steps are to discover what data needs to be protected and to identify current access and data flows across the network. This is necessary to reveal possible weaknesses in security and to create policies that defend against them.

One method to limit damage caused by successful breaches is network segmentation, which limits the resources that each authorised entity has access to. That way if a breach is successful, the attacker has access only to the network segment that has been compromised.

This implements one of ZTNA’s basic principles: enforcing least privilege, which grants users access to only the applications and data that they require.

ZTNA authorises access based on identity (who you are) rather than your location. It minimises risk by applying granular access polices to data via a dynamic policy engine that assesses multiple factors including device, location, network, behaviour, and the data being requested in order to confirm an authentic identity or to request re-authentication.

For example, ZTNA may deny access to a user requesting sensitive data from an unfamiliar location, in the middle of the night from an unknown device.

As part of ZTNA, enterprises need to monitor access so they can better enforce their specific access policies. And they should also implement automation and orchestration to reduce complex, time-consuming manual changes that would otherwise be needed to create and enforce policies.

Benefits

ZTNA is compelling in the current distributed environment of cloud-applications, remote users with BYOD and a multitude of IoT devices.

It is based on an architecture that virtualises software and hardware layers and establishes segmentation that isolates critical data. Further, it provides a consistent method for authenticating and authorising access to both private and public clouds, including SaaS applications.

Its centralised management provides IT and security teams the flexibility to custom design appropriate access for users given time of day, device type and location. And ZTNA can unify the IT and OT security divide by providing secure access for IoT devices, which can be numerous.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Zero Trustsecurity

Featured

Slideshows

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments