Our review of 2021 IT trends reported that Zero Trust Network Access (ZTNA) was not only a common feature for enterprise IT teams, but that it will be sticking around for the near future, too. Much of this is attributed to shifting remote work architectures, which have made traditional perimeter security architectures essentially outdated. As organizations move away from a full-on remote workforce and into more of a hybrid model, ZTNA features remain just as important.
That's an easy one: It is the future of enterprise security. About 60% of enterprises either have plans to or have phased out traditional VPNs and use a ZTNA model. Much of this transition has to do with the following VPN challenges:
- A VPN takes a perimeter-based approach to security
- VPNs have no insight into the content they deliver
- Networks are now highly distributed
To date, a little more than 15% of organizations have completed a transition to a zero-trust security model. It's time to say goodbye to your VPN as we reintroduce our look at two different ZTNA models:
Client-Initiated Or Endpoint-Initiated ZTNA
The first zero-trust network access model is known as endpoint-initiated ZTNA or a client-initiated ZTNA model. This model is software-defined and based on the Cloud Security Alliance architecture which uses an agent on a device to create a secure tunnel to the enterprise network. This agent performs an assessment to determine the security risk of a user’s request to access an application using information such as their identity, device location, network, and the application being used. After building a risk profile, the agent connects back to the application over a proxy connection, and if the information meets the organization’s policy, access to the application is granted. The beauty of this model is that applications can be on-premises or cloud-based Software-as-a-Service (SaaS).
The Service-Initiated Or Application-Initiated ZTNA Model
The service-initiated model uses a reverse proxy architecture based on the BeyondCorp model and is also known as application-initiated ZTNA. The biggest difference from client-initiated ZTNA is that this model does not require an endpoint agent. Instead, to create a secure tunnel and perform a risk assessment profile, it uses a browser plug-in.
Three Questions For Zero Trust Network Access With Fortinet
Fortinet’s approach to zero trust access can be broken down into three pieces: who, what, and what happens after network access.
1. Who is accessing the network?
The first piece is who is accessing the network, which can include employees, supply chain partners, and customers. With a zero-trust model, users are only given access to the resources that are necessary for them. To achieve this, breach-resistant identification and authentication is mandated, with many enterprises going a step further and requiring multi-factor authentication at login.
2. What devices are accessing the network?
The second piece is the devices that are accessing the network. For a zero-trust access strategy to be effective, IT teams need a comprehensive solution to managing and monitoring the myriad of devices that require access to the network. This is especially true as internet-of-things devices continue to grow in usage and popularity. And let's not forget that IoT devices are an attractive entry point for hackers.
3. What happens when devices leave the network?
The third piece is about endpoint security, or what happens when a device leaves the network. According to Fortinet, a comprehensive zero-trust access strategy should provide off-network hygiene control, vulnerability scanning, web filtering, and patching policies.
Fortinet FortiOS 7.2 Expands Security Fabric
In April 2021, FortiOS 7.0 was released and included several notable features, including ZTNA. As we jump to the FortiOS 7.2 update, there were some key enhancements regarding its ZTNA features we should highlight. For one, cybersecurity leaders can now better manage enforcement due to a unified policy configuration in a single GUI for each connection. As a bonus, there were also improvements made to the ZTNA service portal.
In addition to ZTNA, FortiOS 7.2 assures greater unification on the convergence of networking and security across NGFW, SD-WAN, LAN Edge, 5G.
ZTNA is available right out of the box for FortiGate customers. It also doesn’t require a software-as-a-service solution and because it’s built into FortiOS 7.2, which provides the foundation for Fortinet’s security portfolio, ZTNA is also built into Fortinet’s other solutions, including FortiGate, FortiClient, FortiManager, and FortiAuthenticator.
ZTNA With Fortinet
Fortinet offers comprehensive and holistic security solutions for the largest enterprise, service provider, and government organizations in the world. From NGFWs for microsegmentation to ZTNA, Fortinet ensures security without compromising performance. If you have questions about how Fortinet can help you improve enterprise security for your company, contact WEI today.
NEXT STEPS: Take a closer look at all the security solutions IT leaders consider essential for securing their business throughout the digital transformation journey. Our eBook, "An IT Leader's Guide to Enterprise Security in a Digital World," pulls it all together. Click below to start reading.
