Why you need to upgrade to ZTNA 2.0

Zero Trust Network Access (ZTNA) acquired major impetus throughout the COCVID-led transformation of work, and therefore digital security.

So much so that it’s now accepted by the smartest security minds that the original model for ZTNA is in urgent need of an upgrade.

Enter ZTNA 2.0. But before we explain what that means, let’s remind ourselves of what ZTNA 1.0 is, and what it isn’t.

 What is ZTNA 1.0?

Under the original model, apps were defined only based on IP address and port. That means once access is granted, everything is now trusted.

ZTNA 1.0 also only ever supported a small subset of private apps, while app traffic is never properly inspected, therefore making it harder to prevent malware or lateral movement.

The final issue with 1.0 solutions is that they do not provide coverage for all applications. Cloud-based apps or other apps that utilise dynamic ports or server-initiated applications - like support help-desk apps where server-initiated connections to remote devices - are not supported in ZTNA 1.0 approaches.

This means that ZTNA 1.0 solutions do not support SaaS apps either. And when you look at modern web apps that are comprised of a series of microservices, defining them based on L3/L4 FQDN is again a recipe for disaster. As more and more organisations continue on their cloud journey and build out more cloud-native applications, ZTNA 1.0 really becomes challenged.

Now that we’ve been through ZTNA 1.0, let’s take a look at how the next version has greatly improved upon it.

The Top 5 benefits of ZTNA 2.0

1. ZTNA 2.0 applies the principles of least privilege access, where a user and their application well defined come together
2. ZTNA 2.0 delivers continuous trust verification, replacing ‘allow and ignore’. If a user behavior changes, application behavior changes, or device posture changes, there has to be continuous verification of the trust level granted
3. ZTNA 2.0 delivers continuous security inspection for all traffic to protect against all threats and threat vectors
4. ZTNA 2.0 protects all data and protects it in a consistent manner across new modern applications including collaboration applications
5. ZTNA 2.0 protects and secures all applications across the entire enterprise

Creating the foundations for true ZTNA 2.0

CSIOs and CIOs with responsibility for cyber have completely different environments they need to get their arms around and secure today, with the key difference being unprecedented reliance on cloud platforms and applications.

Therefore, establishing a proper zero-trust framework requires a massively distributed cloud native and cloud-scale solution that is also enterprise class and multi-tenancy.

Critically, this enables the isolation of every tenant’s and every customer’s individual data plane, creating a more secure cloud environment in which the actions of other customers won’t have any effect on your data or operations.

Now, you may be thinking ‘well of course that’s the sort of configuration any sensible organisation should expect’, yet there remains many solutions in the market that would have you accept shared or comingled data planes.

This creates a situation where a “noisy neighbor” that generates a bunch of traffic can adversely impact the performance of all shared customers on that data plane.

Likewise, any potential security impact may also adversely impact all customers who are sharing that data plane. A better approach that ensures the highest performance is an enterprise-class multitenant environment that provides true data plane isolation / dedicated data plane per each customer.

If you would like to speak with one of Enablis' security experts about ZTNA 2.0 click here or visit our website here.

For information about Secure Access Service Edge you can also visit the SASE website here.