4 Key Reasons Universal ZTNA Makes Sense
After the pandemic sent many people home to work, interest in hybrid work and the work-from-anywhere (WFA) model has skyrocketed. A forecast analysis from Gartner® reveals that “by the end of 2024, the change in the nature of work will increase the total available remote worker market to 60% of all employees, up from 52% in 2020.” Also, according to Gartner, “Organizations are facing a hybrid future, with 75% of hybrid or remote knowledge workers saying their expectations for working flexibly have increased.”
Remote work replaced the desktops traditionally secured behind corporate firewalls with laptops operating outside the corporate perimeter. This change significantly expanded the attack surface and exposed it to increased risks from poorly secured home networks.
As hybrid work becomes more pervasive, interest in zero-trust network access (ZTNA) solutions has also increased. Initially, ZTNA was discussed in the context of securing remote workers, but now more organizations are looking into using it to secure on-premises and branch locations as well. In fact, Gartner recently released a blog detailing the impact of WFA on the importance of ZTNA and the potential for “Universal ZTNA.” Many existing ZTNA solutions are remote-worker only, but Gartner suggests that ZTNA should apply everywhere. Extending ZTNA solutions to cover campus and branch environments offers a number of benefits for users and the organization.
Using ZTNA everywhere, aka Universal ZTNA, makes sense for many organizations for four key reasons.
1. Increase in Hybrid Work
Even while acknowledging the increased risk surrounding remote work, WFA is here to stay. A recent survey found that nearly a third of employees plan to work remotely full time after the pandemic, with another 27% anticipating that they’ll work remotely for at least part of the time. To accommodate remote workers, many enterprises primarily invested in VPN or (more recently) ZTNA technologies. But, as employees shift to hybrid work where they regularly work both remotely and in the office, using multiple products is inefficient and confusing. With this new hybrid work model in place, organizations must rethink and revamp their approach to security.
2. Consistent User Experience
At many companies, remote workers have different experiences for connecting than people working from the corporate office. For example, remote workers may need to load VPN clients or use different authentication methods. But with Universal ZTNA, the experience for the user is the same no matter where they’re connecting from or what applications and services they need to access.
3. Consistent Policies
Having different connection methods also means there are separate policy engines. So an organization needs to set and manage policy in multiple places, which increases the potential for misconfiguration and inconsistencies. With Universal ZTNA, access control doesn’t end at the access point. ZTNA operates in terms of identity rather than securing a place in the network, which allows policies to follow applications and other transactions end to end. By establishing greater levels of access control, ZTNA is a more efficient solution for end users and provides policy enforcement wherever needed.
With Universal ZTNA in place, once a user has provided appropriate access credentials such as multi-factor authentication and endpoint validation and is connected, they can then be given what is known as least privileged access. The user can access only those applications they need to efficiently perform their jobs and nothing else.
To keep everything consistent, ZTNA should be unified across endpoints and the network with a common set of APIs and integration points. Firewalls with ZTNA built-in are ideal for supporting Universal ZTNA and can be an integral part of a complete cybersecurity solution for hybrid networks. Because most internet traffic is now encrypted, firewalls need to decrypt that traffic if they are going to inspect it and see if it is safe. A firewall with custom security ASIC chipscan perform SSL inspection without significant performance degradation.
4. Lower Costs
The final obvious advantage of Universal ZTNA is that it lowers costs because organizations don’t have to pay for multiple separate products and their associated services and infrastructure. To ensure a better quality of experience for users, it’s ideal if ZTNA and SD-WAN are integrated into the same solution without additional licenses or fees.
Security Everywhere
When it comes to security, it shouldn’t matter where a user is working. The same zero trust security should apply everywhere and offer a consistent experience for users, whether they’re at their home office, on the road, or anywhere else. Fortinet brings together the technologies required to deploy a complete Work-from-Anywhere (WFA) solution with Universal ZTNA, delivering an integrated solution that provides the unified visibility, automated control, and coordinated protection needed to provide a consistent and secure experience for employees working from home, on the road, or in the office.
Read more about how Fortinet ZTNA improves secure access to applications anywhere, for remote users.
Copyright © 2022 IDG Communications, Inc.