Start your zero-trust journey with ZTNA over VPN

3 months ago AndyC

Zero trust is a cybersecurity framework that assumes that no user should be automatically trusted. By 2025, Gartner analysts predict that 60% of organizations1 will be adopting zero-trust principles.

[…]

Start your zero-trust journey with ZTNA over VPN

Zero trust is a cybersecurity framework that assumes that no user should be automatically trusted. By 2025, Gartner analysts predict that 60% of organizationswill be adopting zero-trust principles. Yet, it can be difficult to implement a full blown zero-trust architecture because IT teams often must first retool systems and deploy many new components. Consequently, the first zero-trust solution many IT teams deploy on their zero-trust journey is zero-trust network access (ZTNA)

ZTNA improves security by performing user identity and device posture checks before granting the user or device explicit access to any application. And ZTNA continues to check both the user and device to ensure they meet policy to remain connected to that application. This granular access control provides appropriate levels of visibility into the employees and devices accessing applications used by the organization. This makes it much more difficult for a cyberattacker to obtain and maintain access to an application.

ZTNA enables work-from-anywhere (WFA) employees to securely access applications. This is how 90% of work is now accomplished in knowledge-work industries.2 Fortunately, employees working offsite during the COVID-19 pandemic shutdown proved beyond all doubt that they can remain productive when properly supported.

Today, as organizations are shifting back to having employees spend more time or even full time on-site, controlling application access from both remote and on-premises locales is critical. ZTNA’s ability to safeguard the application attack surface is a huge step forward in any organization’s zero-trust journey.

Meeting in the middle with ZTNA over VPN

Deploying a complete ZTNA solution still requires alterations to the network and changes to how users access applications. Some organizations must take a more cautious approach. VPN networks have proven to be quite capable of securing traffic over the internet for WFA users, and those solutions are already fully deployed. However, VPN alone has limitations, such as authenticating and monitoring users, devices, and access. Implementing ZTNA over VPN for these organizations adds critical capabilities to a tried-and-true solution already in place.

ZTNA over VPN technologies that offer both capabilities may be a good option for organizations interested in Zero Trust but needing to take a more measured approach. 

ZTNA over VPN offerings enable user identity checks, device posture checks, and granular application access control over a VPN tunnel. Just remember that ZTNA over VPN is not a full ZTNA solution, as it only applies to remote workers. For example, when on-site users work on the network, the ZTNA over VPN policies will not be checked. However, for off-site users, it is a leap forward from legacy VPN-based networkwide access to granular application access control. 

Learn more

Fortinet has many customers who have adopted ZTNA over VPN as their first destination in their zero-trust journey. Review our solution brief on ZTNA over VPN for more information on our solution, or visit our ZTNA web page to find out more about Fortinet Universal ZTNA.

#####

1 Gartner, Predicts 2023: Zero Trust Moves Past Marketing Hype Into Reality – 6 December 2022 – ID G00780267 – By John Watts, Jeremy D’Hoinne, Dale Koeppen, Charlie Winckless

Ibid

GARTNER is a registered trademark and service mark, is used herein with permission. All rights reserved.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , ,

More Stories

Dropbox adds end-to-end encryption for team folders

Dropbox adds end-to-end encryption for team folders

1 day ago AndyC
TransUnion transforms its business model with IT

TransUnion transforms its business model with IT

1 day ago AndyC
Android versions: A living history from 1.0 to 15

Android versions: A living history from 1.0 to 15

1 day ago AndyC
The unspoken obnoxiousness of Google's Gemini improvements

The unspoken obnoxiousness of Google’s Gemini improvements

1 day ago AndyC
M&A action is gaining momentum, are your cloud security leaders prepared?

M&A action is gaining momentum, are your cloud security leaders prepared?

2 days ago AndyC
CIOs eager to scale AI despite difficulty demonstrating ROI, survey finds

CIOs eager to scale AI despite difficulty demonstrating ROI, survey finds

2 days ago AndyC

You may have missed

Major phishing-as-a-service platform disrupted – Week in security with Tony Anscombe

41 mins ago AndyC
Brokewell supports an extensive set of Device Takeover capabilities

Brokewell supports an extensive set of Device Takeover capabilities

4 hours ago AndyC
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw

4 hours ago AndyC
Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

10 hours ago AndyC

Friday Squid Blogging: Searching for the Colossal Squid

16 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.