Zero trust is pursued as the most relevant security solution to the changing network requirements: remote work, hybrid networks and office security. But identifying the right ZTNA (Zero Trust Network Access) provider is not always easy. Let’s look at how business demands have evolved in the past two years, and six discussion points to spark the conversation with potential zero trust suppliers.
This blog post is based on the e-book “A CISOs Guide to Meeting Critical Business Demands While Securing the Organization“, which you can download here.
Rapidly Changing Business Requirements Pressure CISOs and Security Teams
2020 and 2021 have revolutionized the way we work, turning remote work into the new norm, instead of a sideshow. From a security perspective, this meant the collapse of the perimeter, in a matter of days. Employees needed access to the organizational network from home devices, insecure WiFi networks and new IP addresses, and they needed it immediately.
CISOs, security teams and IT managers were forced to find a security solution that would protect the network’s assets, environments, apps and assets, without hampering business continuity and employees’ ability to connect. Often, this had to be done within the boundaries of tighter budgets, and with personnel dealing with such an access crisis for the first time.
The go-to VPN model proved to be inefficient, as it was not agile, secure, scalable or robust enough to support an entire workforce working remotely, all at once. In addition, Covid-19 sparked a growing number of more sophisticated cyber security attacks, which required defense.
All these factors: remote work, sliced budgets, the collapse of the VPN model, and more dangerous cyber security attacks – require a shift in thinking, and adopting a new cyber security paradigm.
The Remote Work Security Solution: Zero Trust
Zero trust is a novel security model that protects the network both externally and internally. Externally, zero trust authenticates users through MFA, biometric authentication and additional capabilities. But even if an attacker managed to overcome these gatekeepers, this does not provide them with access to the crown jewels. Authentication and authorization are required continuously inside the network, each and every time a user attempts to access any network element.
This micro-segmentation protects the organization’s information and valuable data from being handed over to perpetrators who gained network access, or were tunneled in by a VPN. In fact, users (and attackers) cannot even see the network they do not have access to, making breach attempts even more difficult for adversaries.
Let’s drill a bit deeper, and see how to start implementing a zero trust solution.
Starting the Conversation with Your ZTNA Provider
A zero trust architecture is easy to set up, but sometimes getting started is the hardest part. Here are six parameters to discuss with your ZTNA provider, to help you tailor the solution to your business needs.
Zero trust abides by the phrase ”identity is the new perimeter”. After all, identities are the parameters that are being authenticated and authorized when accessing each micro-segment. Ask your ZTNA provider how they authenticate identities, and ensure they implement a strong identity verification mechanism, of minimum three factors.
Devices are the means for users to access the network and its components. Therefore, it is crucial to have visibility into which devices are connected and which assets they’re accessing. Ask your ZTNA provider about audit logs, recording and real-time visibility into devices that are in your network.
Applications are one of the network components that needs authorization before providing access. Make sure your ZTNA provider also ensures application security, in addition to network security. In addition, review how policies are set up and how access is granted to applications. Make sure the process is frictionless and easy for IT teams and users alike.
We recommend encrypting your data to add another layer of security and protection. However, encryption can negatively affect performance. In addition, if your ZTNA provider is decrypting your data to implement user policies, then your data could be compromised if your ZTNA provider is attacked. Ask your ZTNA provider if they have a ZT model that doesn’t require them to decrypt the data, by keeping it in your network, not theirs.
When choosing a ZTNA provider, you have to trust no one…except for them. Ask your provider about their infrastructure. Are their servers located in the cloud or in a data center? Who has access?
In addition, make sure your provider can integrate with your infrastructure, and especially if you have homegrown solutions or any special IT needs.
“Network security” has taken on a whole new meaning in the era of zero trust. Policies and practices now need to apply to traffic coming from the entire public network, and not only from a well-defined perimeter. Ask your ZTNA provider about how easy it will be for employees to access the company network, from any other network. To ensure business continuity, the user experience must be impeccable.
Finding the Right ZTNA Provider
Choosing the right ZTNA provider requires a bit of research and understanding the different solutions provided. We recommend reading online, consulting with fellow CISOs and security team members, and looking at different provider demos. We hope the list above can help you ask the right questions and improve your security posture. In addition, Cyolo provides you with an expert architect who can help you identify the solutions for your needs. Request a 20 minutes consultation to learn more.
Cyolo – The Secure ZTNA Provider
Cyolo is a Zero Trust Security solution that keeps remote users securely connected from everywhere. Cyolo provides:
- User and device ID, MFA and biometric authentication to verify access to apps, resources, workstations, servers & files
- Continuous identity validation in the network
- Nework, application, and asset security
- Audit logs, recording and real-time access control and visibility
- No data decryption, only encryption
- No access to your data – your information stays with you
- Compatibility with any network topology and identity infrastructure
- A user-friendly and simple user experience
- Quick implementation