That's an easy one: It is the future of enterprise security. About 60% of enterprises either have plans to or have phased out traditional VPNs and use a ZTNA model. Much of this transition has to do with the following VPN challenges:
To date, a little more than 15% of organizations have completed a transition to a zero-trust security model. It's time to say goodbye to your VPN as we reintroduce our look at two different ZTNA models:
The first zero-trust network access model is known as endpoint-initiated ZTNA or a client-initiated ZTNA model. This model is software-defined and based on the Cloud Security Alliance architecture which uses an agent on a device to create a secure tunnel to the enterprise network. This agent performs an assessment to determine the security risk of a user’s request to access an application using information such as their identity, device location, network, and the application being used. After building a risk profile, the agent connects back to the application over a proxy connection, and if the information meets the organization’s policy, access to the application is granted. The beauty of this model is that applications can be on-premises or cloud-based Software-as-a-Service (SaaS).
The service-initiated model uses a reverse proxy architecture based on the BeyondCorp model and is also known as application-initiated ZTNA. The biggest difference from client-initiated ZTNA is that this model does not require an endpoint agent. Instead, to create a secure tunnel and perform a risk assessment profile, it uses a browser plug-in.
Fortinet’s approach to zero trust access can be broken down into three pieces: who, what, and what happens after network access.
1. Who is accessing the network?
The first piece is who is accessing the network, which can include employees, supply chain partners, and customers. With a zero-trust model, users are only given access to the resources that are necessary for them. To achieve this, breach-resistant identification and authentication is mandated, with many enterprises going a step further and requiring multi-factor authentication at login.
2. What devices are accessing the network?
The second piece is the devices that are accessing the network. For a zero-trust access strategy to be effective, IT teams need a comprehensive solution to managing and monitoring the myriad of devices that require access to the network. This is especially true as internet-of-things devices continue to grow in usage and popularity. And let's not forget that IoT devices are an attractive entry point for hackers.
3. What happens when devices leave the network?
The third piece is about endpoint security, or what happens when a device leaves the network. According to Fortinet, a comprehensive zero-trust access strategy should provide off-network hygiene control, vulnerability scanning, web filtering, and patching policies.
In April 2021, FortiOS 7.0 was released and included several notable features, including ZTNA. As we jump to the FortiOS 7.2 update, there were some key enhancements regarding its ZTNA features we should highlight. For one, cybersecurity leaders can now better manage enforcement due to a unified policy configuration in a single GUI for each connection. As a bonus, there were also improvements made to the ZTNA service portal.
In addition to ZTNA, FortiOS 7.2 assures greater unification on the convergence of networking and security across NGFW, SD-WAN, LAN Edge, 5G.
ZTNA is available right out of the box for FortiGate customers. It also doesn’t require a software-as-a-service solution and because it’s built into FortiOS 7.2, which provides the foundation for Fortinet’s security portfolio, ZTNA is also built into Fortinet’s other solutions, including FortiGate, FortiClient, FortiManager, and FortiAuthenticator.
Fortinet offers comprehensive and holistic security solutions for the largest enterprise, service provider, and government organizations in the world. From NGFWs for microsegmentation to ZTNA, Fortinet ensures security without compromising performance. If you have questions about how Fortinet can help you improve enterprise security for your company, contact WEI today.
NEXT STEPS: Take a closer look at all the security solutions IT leaders consider essential for securing their business throughout the digital transformation journey. Our eBook, "An IT Leader's Guide to Enterprise Security in a Digital World," pulls it all together. Click below to start reading.