By Anand Ramanathan, Chief Product Officer, Skyhigh Security
Today’s work from anywhere culture, escalating ransomware, and an explosion of Internet of Things (IoT) devices are among the trends that are driving enterprises to rethink their approach to secure network access. Virtual Private Networks (VPNs) have long been the go-to method for providing remote users secure access to the corporate network. But time has shown that VPNs have serious limitations and are not the most secure option.
IT leaders are rethinking their strategies and increasingly considering another way to make access to private applications faster, easier, and more secure through Zero Trust Network Access (ZTNA). In 2021, Gartner saw a 127% increase in interest about ZTNA, compared to the prior year – and most of the use cases centered on ZTNA as a replacement for Virtual Private Networks (VPNs).
Why VPN can’t deliver
For decades, VPNs have been championed as a secure way for remote workers to interact with corporate networks. VPNs deliver an encrypted tunnel, which makes it harder for a cyberthief to sniff the connection and steal enterprise data, but that’s pretty much all they do for security.
The biggest risk with VPNs is that malware can get into a user’s system, effortlessly ride the VPN and potentially infect the entire enterprise. VPNs typically don’t scan for viruses or other malware. Plus, they offer little or no protection for data, especially in cloud and mobile-driven environments. With VPN, there’s nothing to stop a user from unintentionally sending out files with sensitive data, such as customer Social Security numbers and payment card details.
Zero trust is the way forward
Enterprises are starting to embrace a zero trust strategy – a better, more secure way to facilitate remote communications to headquarters and across the cloud. The basic tenet of Zero Trust is “never trust, always verify.” No file, device, user, or cloud account is assumed to be safe. In a zero trust world, everything is authenticated, authorized, and continuously validated wherever it is found. ZTNA is the network implementation of zero trust, which uses multiple techniques to deliver far better security as well as ease-of-use and ROI.
Behavioral analytics and least-privilege access
Like continuous authentication, ZTNA uses behavioral analytics. On the user side, multiple factors are taken into account: typing speed, the angle at which a phone is held, and the time and location of logins. Additionally, ZTNA looks at what data is being accessed, how often and whether it is being manipulated in a suspicious way.
Biometrics, such as facial scans, fingerprints, and voiceprints, are also important user identifiers. And devices are scrutinized for operating system version, apps, patching status, serial number, and disk size.
In this type of environment, there are strict methods for assigning privilege. IT makes sure all privileges are current and appropriate and that users only have access to systems that they absolutely need. When employees leave an organization, privileges are revoked, and when they are reassigned, privileges are adjusted accordingly.
Building blocks of a zero trust architecture
Zero trust moves beyond the traditional defense of a security perimeter based on static, enterprise data centers to a dynamic, policy-based, cloud-delivered edge to support the access requirements of the distributed workforce.
Zero trust also takes into account security hygiene at remote sites – whether at employees’ homes or branch offices. At a typical enterprise, those sites may include dozens of different routers. Some may not be patched or updated, while others may use the vendor’s default password, and lack malware detection. Even if the routers are properly updated and patched, they may not have the latest virus definitions.
Improved control over data
Zero trust looks for sensitive or confidential data by comparing it to fingerprints of known confidential data and seeks pattern similarities. In addition to detecting malware, monitoring malicious activity is also essential.
Whether a cybercriminal attempts to steal employee credentials or a malicious insider tries to appropriate corporate data, these bad actors begin their process by doing what a user does. That’s why zero trust leverages continuous authentication, which involves monitoring user activity beyond the initial point of authentication.
A cost-effective solution
When the pandemic forced the move to a remote work model, many VPNs failed because bandwidth fell short. Enterprises had to invest a significant amount of money to upgrade and increase capacity. They needed a way to automatically calculate and deliver sufficient capacity for peak times and non-peak times, with no penalty when they suddenly needed more bandwidth. A ZTNA approach delivers far more predictability in terms of costs and can ultimately lower those costs over time.
Find out more about Skyhigh Security’s approach to ZTNA here.