The pandemic greatly expanded the work-from-home population. Due to the pandemic, 86% of IT leaders say that at least a quarter of their staff members are connecting to corporate networks through personal and shared devices. But even before the pandemic, mass cloud adoption and mobile users meant that applications could live anywhere. That greatly expanded the threat landscape and created the need for a new cybersecurity approach.
IT pros need to ensure security across a complex web of applications, devices, locations and users. You must understand whether a user is an employee, a contractor, a partner – or a bad actor, and whether a person is using devices that are – or are not – corporate issued. Plus, you have to provide security whether applications are on premises or in a public or private cloud.
That means you need to gain visibility, which a secure access service edge (SASE) solution can provide, and use that visibility to enforce security policy. Zero-trust network access (ZTNA) is the enforcement piece and a core capability of SASE.
ZTNA enables secure, any-to-any communications. It means that, by default, you trust nothing. With ZTNA, everything must be explicitly defined. ZTNA could allow a person on a corporate laptop to access and download data from Salesforce. If that person was on a personal laptop, a ZTNA solution might allow them to view Salesforce but not download data. And if what appeared to be a corporate laptop attempted to access Salesforce, but the connection was from North Korea, ZTNA could enforce your security policy to block that connection.
Here are some tips on how your organization can get the best results from ZTNA.
Choose a ZTNA Solution That Supports All Types of Applications
Most ZTNA solutions lack support for local on-premises traffic. So, if an employee is at a company office and wants to access a local app, there is no zero-trust enforcement. To enjoy the full benefits of ZTNA, look for solutions that support all types of applications, not just HTTP and HTTPS applications. Seek out solutions that enforce policy regardless of whether applications are on-premises or in the cloud, or are delivered via software-as-a-service models.