The traditional security perimeter is evaporating as cloud, remote working and edge computing trends accelerate
As the threat environment intensifies in parallel, traditional network security controls are continually the source of major security breaches and are therefore being rendered deficient. The “connect first, authenticate second” approach can no longer defend digital assets from malicious actors. Zero Trust access is based on the fundamental principle that no user, human or machine should be automatically granted access to anything.
It is the ultimate extension of the “principle of least privilege” approach to security.
Standard for secure enterprise access control
Dynamic policies and entitlements are then granted to the identity, provisioning limited access to authorised resources. These surgical entitlements are conditional and based on context and risk tolerance defined by the enterprise.
Zero Trust Policy Decision Point (PDP)
In this way, the Controller is acting as a Zero Trust Policy Decision Point (PDP) and the Gateway as a Policy Enforcement Point (PEP). It is infinitely more secure than using an IP address and username/password combination because the theft of basic credentials, IP spoofing and brute force attacks have made these traditional authentication methods vulnerable. ZTNA is a more dynamic solution which takes into account contextual factors.
Improved secure access. Monitor privileges. Modernise network security.
After the user has been given access, ZTNA continues to monitor to determine if access privileges should be adjusted or revoked entirely. It continues to evaluate the user and device in context, including the users role, device security posture, location, time and date and a range of other conditional requirements. This makes it possible to immediately interrupt suspicious behaviour before it causes harm.
In addition to improved secure access, another critical aspect of ZTNA is its ability to cloak the entire infrastructure and minimise the attack surface. This means that all resources secured with ZTNA are 100% invisible to malicious actors and only visible to authenticated and authorised trusted users, providing yet another layer of security.
The ZTNA model was originally known as the Software-Defined Perimeter (SDP) and the names are used interchangeably. By using these security architectures, enterprise organisations can modernise network security.