Blog

Geekheads News

What is ZTNA?

It’s estimated by 2023, 60% of businesses will phase out most of their remote access virtual private networks (VPNs) in favour of ZTNA.

Is the VPN Obsolete?

The virtual private network has been a vital enabler of remote work for decades. But the technology, invented in 1996, is getting a bit long in the tooth. A big disadvantage created by VPNs is that they actually offer users too much access. The idea of having “trusted” and “untrusted” network zones paints every user and device with a broad brush. It’s either dangerous or safe, a completely trusted friend or a dangerous enemy. When any remote user connects to the VPN, they’re almost certainly granted far more access than they actually need.

Thus, we’re brought to the fundamental flaw of relying upon VPNs to create zones of trust. Businesses that transition to a zero-trust security architecture find they have little use for their old virtual private networks.

Zero-Trust Model

Instead of placing all-or-nothing trust in devices based upon their network location, the zero-trust model begins with the assumption that nothing is trusted based solely upon its IP address and every action requires authorisation.

Indeed anyone who has studied cyber security knows about the least-privilege principle, which states users should be granted only the smallest set of permissions necessary to carry out their work. Similarly, the default-deny principle states that every action that is not explicitly allowed should be prohibited.

Identity and Access Management

Of course, that’s easier said than done. Least-privilege approaches haven’t been widely implemented because it is very difficult to do without a strong identity and access management solution. Fortunately, technology is advancing in this area, and most organisations have already moved from legacy IAM approaches to modern solutions that facilitate granular privilege management.

Multifactor authentication is also essential to the implementation of a zero-trust model. If an organisation is going to place a tremendous dependence on the identity of a user when making access decisions, we need to have tremendous confidence that users are who they claim to be.

Do you have any questions?
Call 020 3637 6095
Or email support@geekheads.co.uk

Posted by