Jason GarbisFebruary 13, 2023
Shift Toward Zero Trust Access Everywhere: Q&A With Webinar Guest Forrester
Enterprises are rapidly extending Zero Trust access beyond remote access and insecure VPN replacement to safeguard all user-to-resource and resource-to-resource connections across their hybrid IT infrastructures. This in-depth Q&A with Carlos Rivera, Senior Analyst at Forrester, adds additional color to our recent webinar discussion on the security and business benefits of applying Zero Trust access to secure connections for everyone to everything, anywhere.
The exponential growth of Zero Trust access began with enterprises scrambling to overcome the inability of VPNs to handle an influx of remote users securely and easily during the pandemic. Now, as the return to corporate campuses and offices ramps up and hybrid workforces are the norm, it’s clear that managing disparate secure access solutions for off-network and on-network users and devices is cumbersome and risky. During the webinar, Carlos and I discussed:
- How Zero Trust access everywhere gets to the heart of Zero Trust security
- Applying the benefits of adaptive and contextual Zero Trust access across hybrid workloads
- Zero Trust access vs. NAC
- How Zero Trust access protects non-person entities such as servers, devices and IoT
- How Zero Trust access policies reduce admin stress and complexity
- Zero Trust access cost savings
Follow-up Q&A with Carlos Rivera, Senior Analyst at Forrester
Q: What are the benefits of Zero Trust access when compared to traditional (legacy) security and network architectures?
A: The benefits of Zero Trust access when compared to legacy security and network architectures comes down to having greater flexibility in how enterprises deploy tools and technologies to address common scenarios such as adopting bring-your-own-device (BYOD) programs, managing/controlling access for interorganizational projects, facilitating compliance and governance, securing environments containing multiple cloud instances, and protecting east-west traffic between apps and services.
Q: What is driving the shift in conversation from Zero Trust Network Access to Zero Trust access everywhere?
A: Conversations involving Zero Trust Network Access (ZTNA) and Zero Trust access everywhere really is about preventing misconceptions and confusion that seem to be arising, particularly around ZTNA technology and capabilities. There is a narrative being pushed that ZTNA is only about remote access and didn’t address local access control ... or that ZTNA is mostly a cloud-based security offering.
This simply is not true. ZTNA is enabled through the effective use of a software-defined perimeter (SDP) approach to cybersecurity that is not relegated to a network security service hosted only on-premises or in the cloud. ZTNA is a tool that can be deployed either on-prem, in the cloud, or both (hybrid).
With Zero Trust access everywhere, it really is about understanding what tools and technologies should be implemented so that the principles of Zero Trust are embodied and access to resources is limited beyond Layer 3 controls and regardless of origination of access request or location of resource.
Q: Besides remote access, what other use cases can Zero Trust access solve for?
A: Zero Trust access goes beyond remote access, because it isn’t just about a network layer of security. It is about controlling resource access. In fact, it is a core theme in NIST 800-207; Zero Trust access is the need to secure communications between endpoints (subjects and objects). It follows the familiar use of technologies that emphasize the need for a Policy Decision Point (PDP) and a Policy Enforcement Point (PEP) to grant access on a granular level.
Applying Zero Trust access everywhere takes the concepts and principles found in Zero Trust to move the PDP/PEP closer (or as close as possible) to the resource. The goal is you are authenticating and authorizing ALL subjects, assets, and processes that make up your enterprise.
Q: What are the operational benefits of having a unified Zero Trust access policy engine for all users, workloads and devices and all locations?
A: Having a unified Zero Trust access policy engine allows for less complexity of access control deployments. Additionally, management of policies for communications across the enterprise for all users, workloads and devices can be easier if done through a centralized security policy service that has more improved orchestration such as onboarding and offboarding host systems or users.
Q: When evaluating a Zero Trust access solution what recommendations or cautions would you give to buyers?
A: Avoid solutions that have limited integrations or a weak partner ecosystem. The point of the Zero Trust access solution is that it must be a part of the grander Zero Trust technology ecosystem through interoperability and/or secure integrations.
Many vendors have an “approach” to addressing Zero Trust requirements particularly Zero Trust access. It’s important to seek out the one that suits your specific needs more efficiently. Do not be misled by marketing that attempts to address a falsity, such as ZTNA or ZT access only addresses remote users.
It has always been about pre-admission and post-admission from anywhere, any host, any user. Focus on vendors with messaging around protecting workloads while enabling a hybrid workforce. Solutions should satisfy this through more granular, stringent policies that ingest as much contextual information as possible to assess the nature of a connection request. Access (if any) is granted against an established risk threshold and is continuously evaluated for variations to either dynamically adjust access level or sever that connection.
These solutions can come either strictly as a SaaS/cloud-hosted offering or flexible deployments for on-prem, cloud, or hybrid use cases. Pick the solution that best suits the organizational needs.
Thank you very much, Carlos. It’s always a pleasure speaking with you.
Additional Zero Trust resources:
Podcast: Zero Trust Access for the Corporate Network
Blog: ZTNA Vendors: How to Sort and Select to Achieve Zero Trust Access
eBook: Zero Trust Maturity Model Roadmap
Video: 8 Key Concepts that Underpin Appgate SDP’s Design