Ineffective. Obsolete. Unrealistic.
These are just some of the words commonly thrown around by IT admins in response to perimeter-based security approaches that incorporate VPNs.
Trending remote work policies have released an avalanche of new security concerns while highlighting the limitations of old-school network security architecture.
Traditional security approaches depend on a centralized physical infrastructure that is not well-equipped to secure emerging cloud environments. Unfortunately, hackers are always improving their tactics, requiring IT admins to counter with more up-to-date security buffers.
Two of the most frequently discussed solutions for this challenge are Zero Trust network access (ZTNA or ZTA) and virtual private networks (VPNs).
This article will dive into the differences, similarities, and benefits behind the two approaches. After reading, you will know how to best reduce the attack surfaces of private, public, and hybrid cloud environments with modern network security solutions.
Zero Trust Network Access (ZTNA) Defined
Zero Trust network access (ZTNA), also referred to as Zero Trust access (ZTA), is a security model founded on a simple premise: trust no one when it comes to network access.
Zero Trust combines a set of technologies, security policies, and best practices to verify user identities and limit access to organizational resources on an “as needed” basis.
ZTNA frameworks protect organizational applications, data, and services from discovery while restricting access to specific identities.
ZTNA in Action
Fred is the VP of Marketing for a series B-funded tech startup. Monday morning, he receives an urgent message from a colleague requesting input on some campaign metrics.
While waiting for the barista to call his name, Fred opens his laptop and signs into his organizational network from Starbucks. Undetectable to Fred, rapid communication between his device, the coffee shop network, and Fred’s startup network begins to happen.
An authentication protocol (e.g., LDAP, RADIUS, SAML) verifies Fred’s request for network access. Once the identity authority determines that Fred is actually Fred — via some form of multi-factor authentication (MFA) — pre-determined policies assess which resources he can access and which ones he (Read more…)