Zero Trust Network Access(ZTNA)

February 4, 2022adminBlog, Cyber Security

why we need a ztna architecture?

Zero Trust Network Access (ZTNA) is the technology that makes it possible to implement a Zero Trust security model. “Zero Trust” is an IT security model that assumes threats are present both inside and outside a network. Consequently, Zero Trust requires strict verification for every user and every device before authorizing them to access internal resources.

In ZTNA, connected devices are not aware of any resources (applications, servers, etc.) on the network other than what they are connected to.

How does ZTNA work?

ZTNA is configured slightly differently by each organization or vendor. However, there are several underlying principles that remain consistent across ZTNA architectures:

Application vs. network access: ZTNA treats application access separately from network access. Connecting to a network does not automatically grant a user the right to access an application.
Hidden IP addresses: ZTNA does not expose IP addresses to the network. The rest of the network remains invisible to connected devices, except for the application or service they are connected to.
Device security: ZTNA can incorporate the risk and security posture of devices as factors in access decisions. It does this by running software on the device itself (see “Agent-based ZTNA vs. service-based ZTNA” below) or by analyzing network traffic to and from the device.
Additional factors: Unlike traditional access control, which only grants access based on user identity and role, ZTNA can evaluate risks associated with additional factors like user location, timing and frequency of requests, the apps and data being requested, and more. A user could sign in to a network or application, but if their device is not trusted, access is denied.
No MPLS: ZTNA uses encrypted Internet connections over TLS instead of MPLS-based WAN connections. Traditional corporate networks are built on private MPLS connections. ZTNA is built on the public Internet instead, using TLS encryption to keep network traffic private. ZTNA sets up small encrypted tunnels between a user and an application, as opposed to connecting a user to a larger network.
IdP and SSO: Most ZTNA solutions integrate with separate identity providers (IdPs), single sign-on (SSO) platforms, or both. SSO allows users to authenticate identity for all applications; the IdP stores user identity and determines associated user privileges.
Agent vs. service: ZTNA can either use an endpoint agent or be based in the cloud

Benefits of a ZTNA architecture

Zero trust network access to private applications: Protect data and resources with application-level access control based on user identity and device security posture.
Seamless and direct access to public cloud(s): Connect remote users directly to applications in public cloud environments
Simplified IT operations: Modernize network architecture and increase security for Internet use using a scalable, cloud-based platform that unifies ZTNA, with cloud security (CASB) and web security (SWG).

Courtesy:https://www.cloudflare.com/en-in/learning/access-management/what-is-ztna/

https://www.netskope.com/products/capabilities/zero-trust-network-access