Zero Trust Network Access Models
A New Year often brings in new expectations, innovations, and new challenges. 2020 is no different. The Latin proverb “Tempora mutantur”- Times have changed, and we have changed with it; it is apt to describe the constant state of flux that the IT industry is in. Information Technology transformation is the only constant. We are witnessing a rapid broadening of the “edge of the network”. The new decade will bring in greater scope for connectivity, foremost among them being the Internet of Things. With the expanding horizons of cloud connectivity, we can certainly hope to achieve new peaks of success in digital mobility, remote access, and data protection. This is bound to cause unprecedented transformations in the way we connect, and more importantly, the way we work. With it, we also bring in disruptive innovations in cybersecurity, and Zero Trust Security stands out amongst them.
Our Predictions for the next 10 years:
That said, it is our prediction that the massive shift to a complete cloud generation will carry with it significant challenges in securely connecting to resources in the cloud. This also applies to extending secure access to users across the globe. In this scenario, the next ten years are bound to lay down a red carpet for the large scale introduction of solutions based on Zero Trust Network Access.
With the advent of the cloud generation, access on the go has become paramount for the effective operation of an organization. This creates multiple complexities. It also exposes the vulnerabilities that can be easily be exploited in traditional technologies like Virtual Private Networks. Legacy based applications like VPNs tend to extend network-level access to anyone in an internal network, exposing the scope for lateral movement attacks and exploitation. Existing solutions tend to be expensive, and unscalable in terms of adapting to cloud environments. They also hamper user experience.
The Zero Trust Idea:
Zero Trust Access is an evolved response to changing enterprise security trends. This includes those trends relating to cloud-based assets, that are not present within enterprise owned network realms. Traditional perimeters are dissolving in the light of new and unprecedented expansionary trends. Zero Trust concepts shift the focus from the protection of network segments to the protection of resources. A network location is not considered to be the primary component of the security posture of the enterprise anymore.
Zero Trust Network Access Models draw upon the following ground assertions:
- Distinctions between “inside” and “outside” the network perimeters no longer stand true. Network locality can’t be the lone factor in determining trust.
- Threats exist on the network at all times and may be internal or external
- Every user, device, network, and data, is to be validated and authenticated before granting access
- Zero Trust Policies are to be dynamic in nature, taking into account multiple sources of data. Continuous monitoring of data is to be done for garnering new insights regarding any new vulnerabilities that may crop up.
The VPN is dead. In Zero Trust we Trust:
Zero Trust Models are different from legacy-based applications, the same way that an airport is different from a railway station. In an airport, you have to pass through multiple steps of authentication. All the while, each level of authentication further narrows down your level of access. This happens till you finally get through the boarding gate that takes you to the plane. This is quite similar to the functioning of Zero Trust models.
In contrast, legacy-based applications like VPNs function like railway stations. Once you pass through a nonchalant security check, you are free to access any resource. ZTNA cannot be divined to be just a single network architecture but is rather a set of guiding principles in terms of both network design and network operation, which dramatically revamps the security infrastructure of an organization, while at the same time, increasing visibility and the scope for analytics across the network.
Gartner predicts that the increasing obsolescence of VPNs will result in more than 60% of organizations replacing VPNs with Zero trust systems like SDPs in the next 3 years itself. This means that the next 10 years are predicted to witness the overthrow of VPNs from enterprise security architecture. More importantly, it will witness the introduction of new technologies like SDPs. These technologies will speed up the digital transformation experience of enterprise by adapting to disruptive innovations. Of course, it remains to be seen how rapidly this new opportunity of zero security is capitalized by enterprises to make their enterprises secure.