Zero trust is quickly becoming the new founding principle of secure networking. In a context of increasingly sophisticated and widespread cyberattacks, companies of all sizes are looking to adopt zero trust as their new security mindset to increase resilience and protect themselves from potential attackers.
However, the concept of zero trust can be as daunting as it is smart, and many organizations don't know where to start.
The underlying principle sounds simple enough: never trust anything or anyone by default, not even internal network devices. Give users access only to the data and services they really need. However, putting this into practice is less
For example, zero trust requires a variety of different capabilities, including continuous monitoring and validation across the IT infrastructure, proactive threat hunting, an “assume a breach” mentality, and maintaining strict access controls. Many small businesses lack the resources or skills necessary to cover all of this.
Meanwhile, zero trust network access has become an important subset of zero trust. With the adoption of hybrid working and hybrid infrastructure, data and users are no longer behind secure firewalls.
In fact, they can be almost anywhere and need protection. In a Kaseya survey conducted during the pandemic, 59% of managed service providers (MSPs) said remote work had increased the number of ransomware attacks on their customers.
Similarly, the FBI reported a 300% increase in cybercrime during COVID-19, driven in part by employees working from home. For criminals looking to steal the credentials of remote users, virtual private network (VPN) connections are a welcome target.
A single set of compromised login data may be enough to give them the access they need to carry out a data breach.
This is because VPN technology was not designed for its current use: as a remote work solution. VPNs not only create performance bottlenecks, they also dramatically increase the attack surface of an organization's infrastructure by allowing intruders to access more network resources based on implicit trust.
Simply put, once an attacker is inside the network, they are automatically assumed to be a trusted user and can move laterally to compromise more resources.
ZTNA is achievable
The zero trust approach is much stricter in the way it enforces access controls. To start, it treats each user or device as inherently untrusted until their identity and security posture have been reliably verified.
This includes users trying to access resources from within the network. Continuous identification and authentication, along with the principle of “least privilege access,” are the building blocks of a zero trust strategy.
While fully implementing zero trust remains an aspirational goal for many businesses, zero trust, zero trust network access (ZTNA), the same principles that apply to an organization's network, is actually very achievable.
ZTNA has five key elements. They revolve around verifying users and their context, validating devices and their status, authorizing applications, files and data used, restricting access to cloud and SaaS resources, and enforcing an organization's security policies and controls. organization.
All of this helps ensure that only trusted entities working on secure devices can access the network, and what's more, that they only use the data and applications they have explicit permission to access.
The role of SASE
When it comes to implementing zero trust networking, Secure Access Service Edge (SASE) solutions can help deliver ZTNA by combining the necessary networking and security-as-a-service capabilities. ZTNA functionality is already an integral part of its built-in security features.
SASE's main use case so far has been to replace VPNs in remote access scenarios, but it can do much more than that. For example, while VPNs expose a wealth of information on the Internet that could be useful to attackers, with a SASE solution, networks and resources are hidden from view, greatly improving security.
A SASE solution only connects identified users and devices to specific resources, whether in the cloud or on-premises. Following the 'least privilege' philosophy, access is based on verification of the identity of the user, device or entity, combined with real-time context, such as the security posture of the device, complying with the principle of zero trust.
SASE also offers next-generation firewall protection with policy enforcement and content filtering across branch offices, remote users, and local workers, enabling organizations to implement those critical ZTNA security controls. Additionally, it enables efficient routing with traffic prioritization, eliminating data bottlenecks and latency for remote traffic.
Finally, cloud-based management of a SASE solution means fast and easy deployment, unlimited scalability, and easy maintenance. This makes the ZTNA security model very achievable even for small and medium-sized businesses (SMBs).
Two-step implementation process
For organizations looking to adopt ZTNA, the first step is to implement your chosen cybersecurity framework, ensuring it works for your needs and achieves the right objectives. Then the zero trust principle can be added as an overlay. Breaking it down into infrastructure components, the next step is to implement a ZTNA approach with the necessary policies and controls, not only for remote workers through a SASE solution, but also covering internal users and devices within the limits. of the network.
Ultimately, for SMEs, ZTNA is just as important as it is for enterprises. In fact, the consequences of an attack on an SME can be even greater. In Data 2022 Cybersecurity report for SMEsAround 70% of SMEs admitted that the impact of a ransomware attack would be “extreme” or “significant”, and almost a fifth (17%) said they would find it difficult to recover.
The same report showed that the average cost of downtime amounts to $126,000 for an SME, including lost revenue. The key is to limit the damage of any potential attack: with ZTNA, organizations benefit from greater controls, better visibility and reduced risk.
ZTNA may seem confusing at first, but it is not complicated. However, many SMBs will want to hire an MSP partner to help them implement it. The MSP can help define a least privilege access strategy with appropriate controls, take responsibility for 24/7 monitoring through a remote monitoring and management (RMM) system, and finally , supply and manage appropriate verification and identification solutions.
The market is only in the early stages of adoption and awareness is growing, so ZTNA represents a great opportunity for the channel. With the increasing number of breaches and cyber threats, companies are prioritizing security measures and ZTNA provides a modern and robust approach to network security.
However, due to the perceived complexity of zero trust, many SMEs will avoid implementing a solution themselves. With SASE, MSPs can offer scalable, easy-to-manage solutions that will deliver ZTNA and address the specific requirements and budget constraints of their different clients.
For MSPs, now is a good time to start educating yourself and your customers about zero trust and how you can make the strategy work for greater security and resilience.