Why Zero Trust Network Architecture Is the Future of Enterprise Security

The Fast Mode spoke to Carl Wilkins, VP of Cloud and Technology at Tonaquint Data Centers on the impact of traffic visibility on ZTNA networks. Carl joins us in a series of discussions with leading cybersecurity and networking vendors, assessing the evolution of ZTNA technologies, the roadmap for ZTNA deployments, the benefits of ZTNA for enterprise and telco networks, and the need for real-time traffic visibility technologies such as DPI for ZTNA.

Ariana: Why is ZTNA the future of enterprise security?

Carl: Many industry leaders, including myself, feel that Zero Trust Network Architectures (ZTNA) are the future of enterprise security for several reasons:

1. Changing Perimeter: Traditional security models rely on the concept of a trusted internal network and an untrusted external network. However, with the rise of cloud computing, mobile devices, and remote work, the traditional network perimeter has become increasingly porous and difficult to define. Zero Trust assumes that threats can come from both inside and outside the traditional network perimeter.
2. Increased Sophistication of Cyber Threats: Cyber threats have become more sophisticated, and attackers often use advanced techniques to compromise traditional security measures. Zero Trust acknowledges that attackers may already be inside the network, and it focuses on continuous monitoring and verification of users and devices.
3. Dynamic Work Environments: Modern enterprises have dynamic and distributed work environments. Employees access corporate resources from various locations, devices, and networks. Zero Trust is designed to adapt to these dynamic conditions, providing security regardless of the user's location or device.
4. Least Privilege Access: Zero Trust follows the principle of least privilege, which means that users and devices are only granted the minimum level of access needed to perform their tasks. This limits the potential damage that can be done in the event of a security breach.
5. Micro-Segmentation: Zero Trust often involves implementing micro-segmentation, dividing the network into small, isolated segments. This limits lateral movement within the network and contains potential threats.
6. Continuous Monitoring and Analytics: Unlike traditional security models that rely on static access controls, Zero Trust emphasizes continuous monitoring and analytics. It continuously evaluates the trustworthiness of users, devices, and applications based on various factors, including behavior and context.
7. Authentication and Authorization: Zero Trust places a strong emphasis on multi-factor authentication (MFA) and robust authorization mechanisms. This ensures that users are who they claim to be and that they have the necessary permissions to access specific resources.
8. Adaptability to Cloud Environments: With the increasing adoption of cloud services, traditional security models designed for on-premises networks may not be suitable. Zero Trust is adaptable to cloud environments, allowing organizations to secure their data and applications regardless of where they are hosted.
9. Regulatory Compliance: Many industries and regions have stringent data protection and privacy regulations. Zero Trust can help organizations comply with these regulations by implementing strong access controls, encryption, and monitoring.

In summary, ZTNA addresses the limitations of traditional security models in the face of evolving cyber threats, dynamic work environments, and the shift to cloud computing. It provides a more resilient and adaptive approach to securing modern enterprise networks.

Ariana: How important is traffic visibility for ZTNA vendors?

Carl: Traffic visibility is a critical aspect for Zero Trust Network Access (ZTNA) vendors. In a Zero Trust model, where the default is to "never trust, always verify," having comprehensive visibility into network traffic is essential for several reasons:

1. Risk Assessment: Visibility into network traffic allows ZTNA vendors to assess and understand the risk associated with different users, devices, and applications. By analyzing the patterns of traffic, they can identify anomalies and potential security threats.
2. Behavioral Analytics: Traffic visibility supports the implementation of behavioral analytics. By continuously monitoring the behavior of users and devices, ZTNA solutions can establish a baseline of normal behavior and quickly detect deviations that might indicate a security incident.
3. Identification of Shadow IT: Users within an organization may sometimes use unauthorized applications or services, known as shadow IT. Traffic visibility helps ZTNA vendors identify and control such instances, ensuring that all applications align with security policies.
4. Threat Detection and Response: Visibility enables real-time threat detection. ZTNA vendors can quickly identify and respond to potential security incidents by analyzing the content and patterns of network traffic. This proactive approach is crucial for preventing or minimizing the impact of security breaches.
5. Policy Enforcement: ZTNA relies on strong access controls and policies. Traffic visibility allows vendors to enforce these policies effectively by ensuring that only authorized users and devices have access to specific resources. This is particularly important in preventing lateral movement within the network by unauthorized entities.
6. Compliance Monitoring: Many industries have strict regulatory requirements regarding data protection and privacy. ZTNA vendors need traffic visibility to monitor and ensure compliance with these regulations, such as logging and auditing access to sensitive information.
7. User and Device Verification: Visibility into traffic helps ZTNA vendors verify the identity and trustworthiness of users and devices. Continuous monitoring ensures that the access granted aligns with the established security policies.
8. Incident Investigation: In the event of a security incident, traffic visibility provides valuable data for forensic analysis. It helps ZTNA vendors investigate the nature of the incident, the entry point, and the extent of the impact.
9. Adaptability to Dynamic Environments: ZTNA vendors must adapt to the dynamic nature of modern IT environments. Traffic visibility allows them to keep track of users and devices as they move across networks and access resources from various locations.

In summary, traffic visibility is a foundational element for ZTNA vendors. It empowers them to create a robust security posture by understanding, monitoring, and responding to network traffic in real-time, aligning with the principles of Zero Trust.

Carl Wilkins is VP of Cloud and Technology at Tonaquint Data Centers. Carl's passion for IT work began many years ago as a young teenager helping support PeachTree accounting software for family members on Windows 3.11 and MS-DOS. Since then his computing “clouds” have only grown! Before joining Tonaquint in 2020, he wore the various “hats” of a systems integrator, administrator, architect, and engineer. He has worked in non-profit, higher education, and the financial service sectors. His most recent experience was managing the systems infrastructure, engineering, and operations team of a large, federally chartered Credit Union. He has a BS in Computer Science from Utah Valley University. Outside of the office, Carl enjoys taking in the fresh air of the great outdoors of Utah and the occasional trip to the beach, meaning any beach with salt water, tides, and waves!

This interview is a part of The Fast Mode's Next-Gen DPI Traffic Visibility for ZTNA segment, featuring over 40 leading cybersecurity and networking solution providers and their views on the importance of traffic visibility for ZTNA. A research report on this topic will be published in January 2024 - for more information, visit here.