The Fast Mode spoke to Denny LeCompte, CEO of Portnox on the impact of traffic visibility on ZTNA networks. Denny joins us in a series of discussions with leading cybersecurity and networking vendors, assessing the evolution of ZTNA technologies, the roadmap for ZTNA deployments, the benefits of ZTNA for enterprise and telco networks, and the need for real-time traffic visibility technologies such as DPI for ZTNA.
Ariana: What challenges do you see across ZTNA deployments?
Denny: Zero Trust Network Access (ZTNA) deployments present several challenges, with the degree of difficulty depending on a series of factors. Undoubtedly, the most problematic area resides in an organization’s existing systems and infrastructure. Deploying ZTNA in environments that utilize legacy software and hardware can pose several challenges for organizations seeking to adopt zero trust principles. These include:
- Lack of Native Support: Legacy operating systems, hardware, and applications may lack the necessary capabilities or built-in support for modern ZTNA technologies. This can hinder the seamless integration of ZTNA solutions, making it difficult to enable zero trust capabilities across outdated platforms.
- Complex Legacy Architecture: Legacy environments often have complex and convoluted architectures that have evolved over time. Understanding and mapping these architectures to implement ZTNA may require significant effort and expertise.
- Limited Visibility & Monitoring: ZTNA relies heavily on continuous monitoring and visibility into network traffic, user behavior, and potential security threats. Unfortunately, legacy systems often have limited logging and monitoring capabilities compared to more modern infrastructure.
- Outdated Security Protocols: Outdated or less secure communication protocols that are not compatible with the principles of ZTNA can hinder deployment. Upgrading these protocols without disrupting critical services can be a complex and challenging task.
- Integration Complexity: Integrating ZTNA solutions with legacy infrastructure can be complex and may require custom development or middleware. Legacy systems may not have open APIs or standard interfaces, making it challenging to establish the necessary connections for enforcing zero trust policies.
- User Resistance & Training: Users accustomed to traditional network access methods may resist the shift to a zero trust model. What’s more is that training users on new security protocols and practices may be challenging, especially if the legacy systems have long-established habits that need to be unlearned.
- Budget Constraints: Organizations with extensive legacy systems may face budget constraints when it comes to upgrading or replacing outdated infrastructure to align with ZTNA requirements. This can slow down the implementation of ZTNA and compromise an organization’s security posture – even if only briefly.
To overcome these challenges, organizations should develop a comprehensive ZTNA deployment strategy that considers the specific constraints and requirements of their legacy systems. This may involve a phased approach to migration, prioritizing critical systems, and investing in technologies that bridge the gap between legacy and modern architectures. Additionally, close collaboration between security teams, IT teams, and business units is crucial to ensure a smooth transition to a zero trust model without compromising business operations.
Ariana: Why is cloud a key component of ZTNA?
Denny: Today’s threat landscape demands that your organization’s security apparatus be continuously functional, everywhere, all the time. At its core, Zero Trust Network Access is designed to deliver on those needs. For years, the cloud has promised to enable this continuity and security, which is why today we see so many cloud-native vendors in the cybersecurity market. ZTNA is no exception.
Cloud computing plays a key role in ZTNA for several reasons:
- Scalability and Flexibility: Cloud infrastructure provides the scalability and flexibility needed to adapt to changing business requirements. ZTNA solutions can scale resources dynamically based on demand, ensuring that security measures can keep pace with the organization's growth and changes.
- Remote Access: With the proliferation of remote work, employees need secure access to resources from various locations and devices. Cloud-based ZTNA solutions enable remote access without the need for traditional VPNs (Virtual Private Networks), providing a more granular and secure approach to accessing resources.
- Centralized Management: Cloud-based ZTNA solutions typically offer centralized management, making it easier for administrators to monitor and manage security policies across the entire organization. This centralized approach is more efficient than managing disparate on-premises solutions.
- Automation and Orchestration: Cloud environments facilitate automation and orchestration of security policies. ZTNA solutions can leverage cloud-native tools and services to automate routine tasks, respond quickly to security incidents, and adapt to changing network conditions.
- API Integration: ZTNA solutions often integrate with cloud-based services and APIs to enforce security policies. Cloud environments make it easier to integrate with various services, ensuring comprehensive protection across different types of applications and data.
The cloud provides the necessary infrastructure and features to implement and effectively manage ZTNA. It aligns well with the dynamic, distributed nature of modern IT environments and supports the security requirements of organizations adapting to new business challenges and technological advancements.
As CEO, Denny LeCompte is responsible for overseeing the day-to-day operations and strategic direction at Portnox. Denny brings over 20 years of experience in IT infrastructure and cyber security. Prior to joining Portnox, Denny held executive leadership roles at leading IT management and security firms, including SolarWinds and AlienVault. Denny holds a Ph.D. in cognitive psychology from Rice University.
This interview is a part of The Fast Mode's Next-Gen DPI Traffic Visibility for ZTNA segment, featuring over 40 leading cybersecurity and networking solution providers and their views on the importance of traffic visibility for ZTNA. A research report on this topic will be published in January 2024 - for more information, visit here.
