Organizations invest a lot into their IT infrastructure and security, yet threats still find ways to get through. Complex hybrid environments generate airgaps in visibility, creating larger attack surfaces that allow persistent threats a pathway in. Over the last few years, there has been a fundamental shift in the security landscape as users, devices, and applications move outside the traditional network. Businesses have contractors, third-party vendors, and remote workers using their own devices to access business resources and SaaS applications such as Salesforce or Office 365. Meanwhile, applications and other workflows communicate across the cloud infrastructure like AWS and Azure back to private data centers creating multiple traffic flows that must be monitored. This creates challenges where static security tools such as NAC, VPN, and firewalls cannot give you the dynamic control that is required. The old approach, which is trust-based solely on network location, predefined user access and where the request originated from, creates a false sense of protection since these three pillars are often exploited. The new approach, which is based on the workforce, workload, and workplace methodology offers a more contextual approach by utilizing enforce-policy based controls. This Zero Trust methodology is making its way into security architectures as a means of securing access across your applications and environment from any user, device, or location. In the Zero Trust Network Architecture (ZTNA), the “protect surface”, which is made up of your:
- Workforce – includes your users and device access
- Workloads – often your most valuable data – includes cloud applications, hybrid infrastructure, and cloud infrastructure
- Workplace – your corporate environment which includes network traffic, wireless, IoT devices and user endpoints.
- What are my applications?
- Do my applications reside on-premise or in the cloud?
- What services are needed? DNS, DHCP? Identity Services such as LDAP, Active Directory?