Remote access is clearly a critical need for getting work done today, many are working remotely, but that is a recent development.
The primary way remote access is accomplished is through a VPN. VPN, Virtual Private Network, technology came into being in the mid-1990s. It was developed for those few occasions where employees needed to access files and applications remotely, typically while they were travelling. At this time the need was not large and access to networks were tightly controlled. Over time employees needed to get access to the company’s network and utilize the internet to get work done. This created network traffic bottle necks that slowed down the response of the systems they needed to utilize, thus slowing down their work. In the mid-2000s the cloud and SaaS came into being, which compounded this problem. Additionally, as more traffic from outside the network made it into the network many vulnerabilities were uncovered and exploited by malicious actors. The appearance of COVID-19 increased this need by many factors and increased by the same factors the opportunities for threat actors to attack.
The concept of ZTNA, Zero Trust Network Access, was originally named and outlined in 2010 by John Kindervag to address this changing landscape. The goals were to improve security and at the same time improve performance. It is a different approach to granting network access that requires a thoughtful and ground up evaluation of your cybersecurity program to properly implement. There are other articles that address what ZTNA is and how it works, which we will not be covering here. The key problem addressed is that more work is being done remotely utilizing cloud-based resources. If you have an organization where you don’t have a lot of remote work needs and are not utilizing many or any cloud resources, a VPN may perfectly fit your needs. However, if you have a lot of remote work utilizing cloud resources it is important to understand how the ZTNA and VPN solutions compare to each other.
How do ZTNA and VPN compare:
| ZTNA | VPN |
Security | · Verify continually · UN/PW + 2FA + Certificate + Device Posture Check · Access only what is allowed for a single session | · Check once · UN/PW + 2FA · Access the entire network once trusted |
Performance | · User connects directly to the application or service needed, which increases speed and reduces network traffic · Cloud based and easy to scale, adding or removing users · You are using the internet as an extension of your infrastructure | · Traffic is typically routed through a central server, which can slow with heavy user traffic · Backhauling traffic to a data center can slow down internet speeds · Your infrastructure is handling the traffic |
If you have a lot of remote workers that are utilizing cloud applications ZTNA can provide better security outcomes with better performance. To properly implement ZTNA you will need to take a holistic look at your cybersecurity program and bring it into line with ZTNA concepts and principles. You likely already have technology in use that can enforce ZTNA policies, but there will be expenses in configuring and updating your technology as needed. However, over time ZTNA will be less complex to administer and could lead to long term cost savings. In the right setting ZTNA is a better solution for remote access.
コメント