It’s time to abandon passwords and adopt a better way to combat cyber attacks, according to a security expert. Organizations can reduce their risk “massively” by using a new approach known as Zero Trust Network Access (ZTNA), said Rafi Wanounou, SE Director at Fortinet at a recent ITWC briefing.
“The challenge with existing authentication frameworks is they can be compromised through phishing and social engineering,” said Wanounou. “ZTNA is designed to put a bullet in this.”
ZTNA controls access to applications. It’s a way to verify users and devices before every session, no matter where they are, he explained. It also confirms that they meet the organization’s requirements to access that application.
Wanounou described ZTNA as a game changer. “This is the solution we’ve been waiting for,” he said.
How does ZTNA work?
ZTNA is founded on the principle of Zero Trust. “It literally means that no one is trusted, even at the corporate office,” said Wanounou. “Those days of trusting people with a badge to enter the office are slowly coming to an end.”
View on demand: “Zero Means Zero: Adopting ZTNA for the Hybrid Office Era”
With ZTNA, users are verified with multi-factor authentication such as usernames and biometrics. It also requires a physical token based on a new universal standard known as FIDO2 (Fast Identity Online). “You’re not going to get anywhere until you insert that token into your laptop,” said Wanounou. “So, unless the attacker is standing over you and inserting that device into your laptop, in theory, it’s unbreakable. It’s really the only technology that we have today that can’t be phished or spoofed.”
Allows users to securely work from anywhere
Another key advantage of ZTNA is that it truly enables employees to work from anywhere, Wanounou said. “User satisfaction is going to skyrocket because it’s more convenient for them,” he said.
Wanounou noted that the authentication process is seamless for users. It gives them access to the resources or applications they need without jumping through hoops.
The solution will also simplify security and reduce overhead costs for organizations, he said. For one thing, it puts an end to the need to manage devices. “If you’re doing next-gen ZTNA, everything is stored in the cloud,” said Wanounou. “If a laptop gets lost, there’s no risk because there should be nothing on it. It becomes disposable.”
It will also allow organizations to reduce the number of legacy security tools they have. “We have a lot of pieces now to accommodate work from home, Wanounou explained. “What ZTNA allows us to do is to collapse the stack of devices. You literally need 20 per cent of the devices that you have today to achieve 300 per cent of the service to your end users. It drastically lowers operating overhead.”
How to prepare for ZTNA
Although ZTNA is in the early stages, Wanounou encouraged briefing participants to embrace the idea now.
It starts with user education, he stressed. It’s important for employees to understand the concept of Zero Trust. Secondly, organizations should review the interoperability of their security stack. “This is a challenging piece if you have solutions from a number of vendors,” he said. A transition from central device management to a BYOD (bring-your-own-device) approach will be necessary to make ZTNA work. As well, Wanounou urged participants to tighten up their policies on what applications employees can access.
“This is absolutely the future the very near-term,” he said. “Just start thinking about how you can incorporate ZTNA into everything you do going forward
View on demand: “Zero Means Zero: Adopting ZTNA for the Hybrid Office Era”