The remote workforce is here to stay. Statistics show that this new way of working greatly benefits both employers and employees. But the reality is that most organizations weren’t ready to enable and support a mostly-remote work force when the forced quarantines went into effect. Businesses have done what they can to quickly pivot and survive, but many are finding that supporting remote workers using existing on-premise tools and solutions is far from ideal.
Enabling a distributed, remote workforce to be productive 24/7 requires systems, services, application programming interfaces, data, and processes to be accessible through multiple mechanisms anywhere, anytime, from any user device over the internet. While this approach has enabled organizations to maintain business continuity during the pandemic, it has also expanded the surface area for attackers to target. Since the onset of COVID-19, the FBI has seen a 300% spike in reported cybercrimes. Threats are becoming increasingly sophisticated and the architecture of traditional tools is inadequate to sufficiently protect businesses.
Corporate VPNs can be a liability to the modern enterprise
As more applications move up to the cloud, network-centric solutions like remote access VPNs are no longer effective in securing sensitive data. According to IDC, VPN was being used in 68% of major incidents involving remote access tools. Analysts anticipate that the risk will only continue to grow, with Gartner expecting that by 2025, laggard organizations will be their own worst enemy, with more than 85% of successful attacks against modern enterprise user endpoints exploiting configuration and user errors, rather than making use of advanced malware.
The issue is that remote access VPNs extend network access to each remote user, which broadens the attack surface and increases security risks. Additionally, a full VPN gateway appliance stack:
- Negatively impacts remote worker productivity due to latency and constant login requirements – creating a frustrating user experience
- Requires significant resources to manage – making scalability difficult
- Is expensive
ZTNA is built for digital business
Zero Trust Network Access (ZTNA) is a security method that requires verification from anyone accessing resources on a given network. Trust is never implied inside or outside the network, and access is defined by granular policies. ZTNA is designed to give users secure seamless access to private applications without exposing apps to the internet or expanding the network’s attack surface.
While a corporate VPN is a network-centric solution that comes with several limitations, ZTNA is a cloud-centric solution that secures access to applications with a fundamentally different approach:
- Network access and application access are two completely separate things, reducing risks reaching the network and ensuring that only authorized users are granted access.
- ZTNA only makes outbound connections, making networks and applications invisible to unauthorized users. This means that IP addresses are never exposed to the internet and the network is less likely to suffer from a security breach.
- ZTNA uses native app segmentation to grant authorized users access to applications on a one-to-one basis, limiting users’ access to specific applications instead of the full network.
- ZTNA shifts the emphasis from the network to the internet, making the internet the new corporate network and leveraging end-to-end encrypted TLS micro-tunnels rather than MPLS.
Benefits of ZTNA
Unlike the appliance architecture, cloud-based ZTNA solutions can support and keep pace with digital business by:
- Scaling with the increasing demand from workers for connectivity. This is critical, since Gartner’s CFO Survey reveals that 74% of CFO’s expect to shift some employees to remote work permanently.
- Supporting a perimeter-less security strategy and the protection of cloud resources
- Combating increasingly sophisticated threats to protect the business
These benefits, along with the reality that organizations must continue to rapidly evolve to support new technologies and meet ever-changing business, market and customer demands, mean adoption of ZTNA will continue to grow. Gartner predicts that by 2023, 60% of organizations will phase out most of their remote access virtual private networks in favor of ZTNA. And the analyst firm believes by 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero-trust network access (ZTNA).
Empowering organizations with Secure Private Access
Secure Private Access is a cloud service that uses a distributed architecture to provide fast and secure access to private applications running on-premises or in the public cloud. Organizations can easily and securely access business applications from any device, anywhere, anytime. The service provides access based on four key principles:
- The internet has become the enterprise’s new transport network
- Application access is based on user permissions and will not require inside-the-network access
- Inside-out connections are used to make the network and applications invisible to hackers
- Application segmentation should connect users to a specific app and limit lateral movement
To learn more about ZTNA and Secure Private Access, visit our dedicated page.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/what-is-zero-trust-network-access-avast