The Evolution of Zero Trust Network Access
In this article
The following article was written by Peter Newton from our partner, Fortinet.
When cellular phones first came out, all you could do with it was make a call. Over time, as more features were added, such as cameras and internet connectivity, those capabilities became an expected part of the phone itself. Today, even the cheapest $20 retro flip phone includes a camera, texting capabilities, GPS, music and even the ability to (still) make a phone call.
I think a similar transition is going to happen to zero trust network access (ZTNA). Right now, many ZTNA solutions are offered as an extra service, so that organizations pay per user to access applications in addition to their existing security solutions. But over time, ZTNA will become expected, much like you expect your phone to have a built-in camera. Going forward, ZTNA will simply become a standard part of cybersecurity.
The pandemic and ZTNA
The zero trust security model has been around for more than a decade. With zero trust, anything or anyone trying to connect to your network is assumed to be a potential threat. And every user must be verified before permission is granted to access resources. ZTNA takes zero-trust principles and applies them to application access. With ZTNA, users and devices are authenticated and monitored every time they seek to access an application.
A few years ago, ZTNA was slowly gaining attention for securing cloud-hosted applications, but when the pandemic hit, businesses quickly needed to support people working from home. Almost overnight, they needed to ensure their employees had secure access to the information and applications they needed to get their jobs done. Many of them turned to the VPNs they used for remote workers to get everyone set up at home. And at the same time, the expansion of the network perimeter offered a great new opportunity for hackers to exploit the weaknesses in often inconsistent remote security and the inherent risks and limitations of VPNs.
After the initial rush to get everyone set up in home offices, it became clear that traditional VPN technology wasn't up to the task. Once IT managers had a chance to take a breath and reassess, they realized they needed a better, more secure way to connect their workers to applications. ZTNA offers more secure, more granular access to applications. And it includes verification of user and device identity and checks for other factors such as time-of-day, location, and the state of the device prior to granting access. ZTNA also continues monitoring those factors and identities.
As organizations moved from VPNs, many of the initial ZTNA solutions focused solely on remote users. Some cloud-based ZTNA solutions and products were offered as part of a SASE solution. Organizations paid per user to access applications whether through SASE or as a stand-alone cloud-based ZTNA solution.
Work from home evolves to work from anywhere
After the initial crisis of the pandemic subsided and time went on, it became more apparent that the way people work was changing permanently. Work from home evolved to work from anywhere as organizations moved to implement various hybrid work models with a mixture of time in the office and working from home. Attitudes toward zero-trust solutions evolved as well.
Remote-only ZTNA solutions didn't support hybrid work models well because companies ended up having one policy for remote users and another one for people working on-site. However, one of the key principles of ZTNA is that security should be network- and location-agnostic with a consistent access policy that is applied everywhere. In other words, ZTNA needs to follow users no matter where they are located.
These concepts have been embraced more broadly as a way to deal with the security demands of highly distributed networks that have resources spread across data centers and multiple clouds. Today, more organizations are looking at ways to converge networking and security and ZTNA is part of that equation. At Fortinet, we've been talking about the benefits of convergence for a long time because it improves security, reduces complexity, and lowers costs by reducing the number of products and vendors in the infrastructure.
As part of that philosophy, ZTNA is a part of our cybersecurity platform, which is unique in the marketplace. If you have a FortiGate Next-Generation Firewall (NGFW), you already have ZTNA without an extra monthly fee. And the Fortinet FortiClient comes standard with both VPN and ZTNA agents, so you can migrate from VPN to ZTNA in a gradual manner without incurring additional costs. For organizations that already are using FortiClient solutions for their VPN, shifting to ZTNA is simply a matter of turning on the feature.
Cybersecurity in general and ZTNA specifically involve multiple solutions working together. For example, ZTNA requires several components: a client, a proxy, authentication, and security that all work together. Having a separate, bolt-on ZTNA solution increases complexity. In contrast, with a cybersecurity platform from a single vendor, products are designed to work together, which improves security and simplifies deployment and management. Because ZTNA is simply included as a feature in other products, it goes from being an add-on that enables remote access to cloud-based applications to an integral part of how organizations implement their cybersecurity strategies.
Zero Trust everywhere
At Fortinet, we believe zero trust should be everywhere and we have a broad portfolio of zero trust solutions that spans users, applications, network assets, and devices across the entire hybrid network. And by delivering a universal approach to ZTNA that is consistent on-premises, in the cloud, or as a service via SASE, Fortinet Universal ZTNA delivers secure access for any user anywhere whether they are remote or in the office.
Much like the camera on a phone, the Fortinet ZTNA solution is a no-added-cost feature. The ZTNA capabilities are integrated and offered as an unlicensed feature in both FortiClient endpoint protection and FortiGate NGFWs. Implementing a zero-trust architecture doesn't have to be complex. Because Universal ZTNA is built into Fortinet NGFWs, SASE solutions, and cloud-based solutions, organizations can benefit from consistent enforcement regardless of where users, applications, and other resources are located.
Learn more about how WWT and Fortinet Zero Trust Access improves secure access to applications anywhere.