Typically traditional networks granted access to trusted users and then verified them once they are ‘in’ the organisation’s perimeter. Sounds sufficient doesn’t it? However, consider an internal threat, or a malicious actor with stolen credentials, they then have access to the network and organisation’s assets. Organisations are now recognising that they need to significantly improve their security posture to keep ‘risks’ out of their network’s extended perimeter. The best way to do this is by implementing a ZTNA approach (Zero Trust Network Access), where all requests to access both the network and its INDIVIDUAL assets are vetted and validated, each time per session, BEFORE access is granted.
What is Zero Trust Network Access (ZTNA)?
Gartner, the leading tech research firm, describes Zero Trust Networks as “creating an identity and context-based access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a ‘trust broker’ to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface area for attack.”
In a nutshell: Organisations need full visibility into and control over what’s connected to their network. A Zero Trust approach provides this. It requires that all users/devices, including IoT devices and endpoints, both in and outside the network, must be checked and authorised, every time, before they are granted access to data, applications and systems.
Implementing a Zero Trust Network Access Approach (ZTNA)
Whilst this makes perfect sense, a significant amount of leg work is required to be able to define, implement and manage a ZTNA approach.
Organisations must firstly scope a zero trust network policy:
- Identify all users and devices and assets
- Defining how users/devices connect and what assets they need access to
- Set privileges and rights for users/devices per asset based on the risk and attributes of each
- Create a policy of only allowing access to assets based on those privileges
- Always monitor and check each time that a user/device has the correct privileges for the asset they wish to gain access to. A one time check is not sufficient as attributes can change and cyber attackers can gain access to a device.
- Enforce the policy of no access if a user/device does not have the right privileges/attributes
Alongside a comprehensive application access policy, organisations also require strong authentication capabilities and powerful network access control tools.
Specialist Expertise Is Available for Implementing ZTNA
Depending on existing resources and policies in place, it might seem daunting to some organisations to shift to a zero trust access approach. So it’s not surprising that organisations require specialist consultancy to assist in configuring and implementing ZTNA policies and tools, and in some cases analyst support to manage on an ongoing basis.
As established cyber security specialists, Infosec Partners have strong relationships with market leading solution providers, ensuring our clients benefit from the right technology for their needs. Fortinet is a global leader in cybersecurity solutions, and as a Fortinet expert level partner we leverage their advanced security solutions, such as FortiNac (network access control) to drive customer success.
In addition our highly trained security consultants are recognised by Fortinet as having specific expertise in designing, implementing and managing Zero Trust Network Access solutions.
Put simply we have the full mix of resources and expertise available should an organisation need support in strengthening their security posture by limiting access to their network. Please get in touch with the team if you would like to know more.