What Is ZTNA and How Will it Affect Your Cloud?

What is Zero Trust Network Access (ZTNA)?

In a zero-trust security model, all user connections are authenticated, and users only receive the access and privileges they need to fulfill their role. This is very different from traditional security solutions like VPN, which offered users full access to the target network, implicitly trusting a user after they successfully authenticated.

Zero trust network access (ZTNA) solutions are designed to implement and enforce an organization’s zero trust strategy. Users who want to connect to your organization’s applications can connect only if they really need access, and if there is nothing unusual or anomalous about their access request. This significantly reduces the cyber risks and threats facing organizations.

To illustrate the impact of zero trust solutions on cybersecurity, in its 2021 Cost of Data Breach Report, IBM noted that organizations with a proven approach to zero trust had an average cost of a breach $1.76 million lower than organizations without zero trust—only $3.3 million for an organization with zero trust vs. $5.4 million without it. With most organizations moving workloads to the cloud, this is an important consideration for cloud cost management.

Removing Cybercrime

At the same time, according to the report, only 35% of organizations have partially or fully adopted zero trust, and 22% more plan to adopt it in the future. Of the organizations adopting zero trust, only 48% describe their zero trust implementation as mature. In total, only 17% of surveyed organizations have a mature zero trust implementation.

How Does ZTNA Work?

ZTNA solutions create a virtual perimeter around physical devices (on-premises) and logical resources (in the cloud). ZTNA is not a single technology. It incorporates several techniques for authenticating and providing access to requesting users or devices.

Most ZTNA techniques have the same focus: they ensure applications are hidden from view of a user until access is confirmed by a trusted broker. The broker uses the following process to check if access should be allowed:

  1. Users are initially authenticated when they log in
  2. The device connecting to the network is also checked to ensure it is known, trusted, and has the latest patches and security updates.
  3. Even if the user and device are trusted, access is only granted according to the principle of least privilege (POLP). The user or device is exactly the permissions they need depending on their role.

Requirements for ZTNA in the Cloud

1. Cloud Integrated Access

Access to cloud resources must be tightly connected to services in the cloud. Securing access to cloud resources requires integration with existing cloud access services, specifically identity and access management (IAM) and key management systems (KMS).

Integrating with cloud services enables a ZTNA solution to perform real-time monitoring and application access enforcement. This can reduce complex permission management, ensure identity protection for cloud-based applications, and centralize key management.

2. Identity Brokerage

Identity-based access is central to a zero trust strategy. However, identities distributed across networks, applications, and the cloud often create security weaknesses. A ZTNA solution must track and control identities for cloud access across networks, applications and cloud environments.

It is important to continuously monitor identities, to determine if an identity used to access your cloud is a shared account or has possible spoofing activity. When using shared accounts, it is important to track activity and attribute it to specific users.

3. Data and Context Awareness

Secure access cannot be achieved without monitoring the context in which a user is accessing applications and data. Modern ZTNA solutions make this context an inseparable part of the access policies and authorization process. This is a highly effective way to prevent account takeover and data theft in the cloud.

Another aspect of ZTNA is the ability to detect personally identifiable information (PII) and other types of sensitive data. This can allow ZTNA to perform data loss protection, ensuring data security and compliance.

4. Adapt to Dynamic Environments

ZTNA can analyze permissions, resource usage, and integrate KMS as part of authentication. It adjusts application permissions based on network policies and automatically creates policies as new resources become available. It also applies analytics to optimize access control rights based on runtime analysis of cloud and on-premise environments.

How to Choose a Zero Trust Solution for Your Cloud?

Here are some important considerations for evaluating zero trust solutions:

  • Does the solution require endpoint proxies, and if so, which platform does it support?
  • Does the solution require installing and managing a ZTNA proxy, and is it available both as cloud service and deployable agent?
  • Does the solution require a Unified Endpoint Management (UEM) tool to assess device security posture, such as password level, encryption, and security patches?
  • What options does the solution provide for controlling access via unmanaged devices, which are increasingly common?
  • Does the ZTNA solution provide User and Entity Behavior Analysis (UEBA) for smart detection of anomalies in the environment?
  • What is the global distribution of the ZTNA vendor and how many points of presence (PoP) does it operate?
  • What types of applications does the ZTNA solution support—web applications, legacy applications, mobile applications, and APIs.
  • What is the licensing model? Is it based on price per user, price per bandwidth, or some combination?

Conclusion

In this article, I explained the basics of ZTNA and covered four key requirements for zero trust access in the cloud:

  • Cloud integrated access—ZTNA must integrate with native cloud services like IAM
  • Identity brokerage—ZTNA must consistently manage identities across on-premise networks and clouds.
  • Data and context awareness—ZTNA should take into account the current security context and the sensitivity of the data being accessed.
  • Adapt to dynamic environments—ZTNA should analyze usage patterns and dynamically adapt its policies.

I hope this will be useful as you take your next steps towards zero trust adoption in the cloud.

By Gilad David Maayan

James Corbishly
Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...
Jonathan Custance
IoT and cloud computing are on the increase High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several ...
Alex Vakulov
Ransomware Database Targeting The scourge of ransomware is undoubtedly the most severe cyber security concern for home users and organizations these days. It revolves around taking important data hostage and demanding money, usually hard-to-trace cryptocurrency ...
Yuliya Melnik
DevOps Services Outsourcing The sooner you release your unique idea to the public, the higher the chance that it will receive the lion's share of the audience's attention. Delays in development can lead competitors to ...
Dana Gardner
Just as cloud computing initially seeped into organizations under the cloak of shadow IT, application programming interface (API) adoption has often followed an organic, inexact, and unaudited path. IT leaders know they’re benefiting from APIs -- ...

INVESTMENT CLOUD

  • mint

    MINT

    Mint allows you to see your entire financial situation all on one screen; credit cards, savings, ISAs. investments, budgets, insurance, everything you can imagine. Mint updates and analyzes your information in real time, making judgements and suggestions on savings accounts and credit offers available. 

  • WeathFront

    WEALTHFRONT

    Wealthfront helps you invest for the long-term while introducing customizable features that are perfect just for you. They also present several Investment options that suit your interest. Asides from this, the Wealthfront software helps balance your portfolio and minimize taxes across your various investments.

  • MoneyBox

    MONEYBOX

    Moneybox is a very simple little app that helps you to save little by little. Bank level encryption protects your savings and information and the money you save can be invested in several different ways, through cash, global shares, or property shares.

  • Betterment

    Betterment

    Betterment is an online investment service aimed at maximizing investment returns, using a combination of smart automation to help invest excess cash and analyze your entire financial situation and an expert team of financial advisors and investors.