This year has brought about monumental changes in the cybersecurity landscape. From the impact of remote and ultimately hybrid working to some of the most prolific and disruptive attacks that have touched almost every industry, from the public sector to supply chains, manufacturers and healthcare.
There has been a noticeable shift in the way companies perceive trust within their networks, largely due to their more distributed workforce. Many are re-evaluating their remote access technology as a crucial part of their internal cybersecurity review process and find that zero trust or a least privileged view is more appropriate as hybrid work becomes more persistent and more widespread. The concept of zero confidence becomes the default.
The overall business landscape itself has evolved as applications and data continue to move offsite while keeping applications onsite. In fact, organizations have started to rely more on hybrid and multi-cloud environments to meet their ongoing digital transformation needs. According to a recent FortiGuard Labs Threat Landscape report from Fortinet *, 76% of respondents said they use two or more cloud providers.
Increased control and a consistent security approach applied to all users, regardless of where they are – off or on networks – or by accessing applications on or offsite, are essential. So how do organizations ensure that users who shouldn’t have access to a network don’t?
Don’t trust anybody
This is where zero trust comes in. Zero Trust operates on the premise that there are constant threats both outside and inside an organization’s network. Zero trust also assumes that every attempt to access the network or an application is a threat. No one inside or outside the network should be trusted until their identity has been carefully verified.
The term Zero Trust Access (ZTA) coined by Fortinet is an important first step towards implementing a zero trust security architecture. The creation of ZTA involves ubiquitous application access controls, powerful network access control technologies, and robust authentication capabilities. One aspect of ZTA that focuses on controlling application access is Zero Trust Network Access (ZTNA).
ZTNA extends the ZTA Principles to verify users and devices before each app session to confirm that they are complying with the organization’s policy to access that app. ZTNA supports multi-factor authentication to maintain the highest degree of verification.
Using the zero trust model for application access or ZTNA allows organizations to rely less on the traditional virtual private network (VPN) to secure remotely accessible assets. A VPN often provides unlimited access to the network, which can allow compromised users or malware to roam sideways across the network in search of resources to exploit. This is why it is crucial that a transition to a less trust model is necessary.
A consistent policy also applies whether or not users are connected to the network, which is a benefit of ZTNA. Thus, an organization benefits from the same protections, no matter where a user logs in from.
A cultural shift towards ZTA
Investment in ZTA solutions must increase, but a massive change in security strategy can seem daunting for many companies. There is an all too common notion that implementing a zero trust architecture requires a complete overhaul of a company’s network. There will certainly be a lot of work to do, but a successful implementation is about having the right framework in place paired with the right tools to execute.
Every environment should have consistent zero trust. It’s a cultural change, which is often a bigger change than technological change. It involves a mindset and a commitment to change the way access is granted and the way security is maintained throughout the organization.
ZTA is an evolutionary step, not a wholesale replacement for existing identity and access management. It is something that is accessible to everyone, from small businesses to large businesses. And is crucial in helping organizations protect themselves against an aggressive and changing threat landscape.
Fortinet’s recent FortiGuard Labs Threat Landscape Report found a ten-fold increase in ransomware in the first six months of 2021, highlighting a significant change from the same period last year. With remote and hybrid working being the norm, cybercriminals find it easier to access corporate networks using vulnerabilities in employees and wide area networks.
That’s why companies must take advantage of all the security benefits that exist, including the shift to a zero-trust security strategy. Because there are so many threats from outside and inside, it is appropriate to treat every person and thing trying to access the network and its applications as a threat.
Zero trust doesn’t have to be that big change or that existing security architectures need to be replaced, but rather the way solutions are used to gain more control within the network, creating an even stronger shield and barrier. . This is the way forward for organizations that want to be sure they have the tools and support they need to tackle evolving threats.
* Fortinet’s FortiGuard Labs Threat Landscape report is based on a comprehensive global survey of 572 cybersecurity professionals