printer friendly version

The next step in an evolving security landscape

Carl Stoop.

The hybrid workplace continues to enjoy consistent adoption, particularly amongst those industries that do not require their workforce to be at the office every day. The benefits are well-published and tangible, however, it has also brought with it a smorgasbord of security challenges.

Traditionally, organisations have relied on VPNs and premises-based security to fortify remote access.  However, if there’s one thing that we’ve learned from the pandemic is that these steps are simply not enough.

Enter Zero Trust Network Access (ZTNA), an evolutionary solution to organisations’ hybrid work policies and subsequent environments.

Analyst firm, Gartner, defines ZTNA as “products and services that create an identity- and context-based, logical-access boundary that encompasses an enterprise user and an internally hosted application, or set of applications.

“The applications are hidden from discovery, and access is restricted via a trust broker to a collection of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access, and minimises lateral movement elsewhere in the network.”

Considering the above, what does an implemented ZTNA solution offer in layman’s terms?

• Limits access on an application-by-application basis.

• Authenticates every device and user, no matter where they are located.

• Acknowledges today’s complex networks and makes zero assumptions.

Choosing the right ZTNA

Demystifying ZTNA is the first step; the next is ensuring that you choose the right ZTNA option that provides the above-mentioned benefits and features. 

• Ensure support for all users. The solution must secure access for everyone: employees with managed devices, BYOD devices, mobile devices, third-party partners, engineering teams and DevOps users. Look for client-based access and clientless architecture for secure access to web applications, databases, remote desktops and secure shell (SSH) servers. Be sure to also consider basic PAM (privileged access management) requirements for teams that need access to multi-cloud environments and single sign-on (SSO) into private resources.

• Ensure support for all target resources. Ensure the ZTNA solution supports all high-priority private applications and resources, not just web apps. Ensure easy operation. Look for a ZTNA solution offering maximum value with minimum maintenance. Cloud-based solutions with a unified console are easy to use and provide visibility across all ZTNA use-cases.

• Ensure high performance and service availability. A ZTNA service must deliver close to 99,999% uptime and high performance backed by service-level agreements (SLAs).

• Ensure zero trust security soundness. Look for ZTNA solutions that separate the control and data planes to enable true least-privilege access to applications and other resources.

• Part of a future-ready security service edge. Consider how the ZTNA solution can be extended to secure other use-cases – branch access via Firewall as a Service (FWaaS), Internet access via Secure Web Gateway (SWG), and SaaS access through a Security Service Edge (SSE).

Check Point’s Harmony Connect Remote Access secures access to any internal corporate application residing in the data centre, IaaS, public or private clouds. The solution is also easy to deploy, taking less than 15 minutes to install.

Harmony Connect Remote Access can be implemented in two ways:

• Clientless application-level access, which applies intuitive ZTNA to web applications, databases, remote desktops and SSH servers with granular in-app controls.

• Client-based network-level access: this VPN-as-a-service option is ideal for securing employee access from managed devices.

Share this article:

Further reading: