The coronavirus pandemic dramatically changed the way we work. Unfortunately, the evolution of technology is also benefiting cybercriminals. Because borderline security has not been able to respond to these conditions, the notion of ZTNA – and its solutions – are attracting attention.
1. What is ZTNA?
ZTNA (Zero Trust Network Access) is a concept that controls users' access at the application and data levels under the principle of zero trust – "no traffic is trusted." It may also refer to a security solution that accomplishes the same. It is highly similar to SDP (Software Defined Perimeter) in that it controls access at the application level. Still, ZTNA is a typical feature that realizes zero trust alongside CASB and SWGs described later.
2. Why is interest in ZTNA growing?
Interest in ZTNA has been increasing in recent years for two reasons: changes in the business environment and increasingly sophisticated cyber attacks.
1) Business environment issues accelerated by the coronavirus
The pandemic forced people worldwide to stop going out and businesses to lock down, forcing many white-collar employees to work remotely. Before, work carried out within the boundaries of a company network had been expanded outside those boundaries, such as at home and in cafés. However, the concept of "boundaries" has become vague, making it difficult to control security policies. As a result, the risk of cyberattacks is increasing.
Diversification of information assets through a cloud shift
The shift to remote work has moved most of our operations to the cloud, making them cloud-centric: web meetings, cloud storage, chat, cloud documents, and so on.
Information assets that had previously been aggregated into on-premises file servers are now distributed to the cloud, including public and private clouds, as well as to external storage devices. The wider scope of protection increases the burden on the system division and the risk of information leakage.
Due to the rapid change in the system, capital expenditures failed to catch up, and BYOD (Bring Your Own Device) – employees using private terminals – increased.
In addition, there are many cases in which remote work requires that multiple terminals, such as smartphones and tablets, be used in addition to notebook computers. Private terminals often have insufficient security measures. The increased access from such "unreliable terminals" raises the security risk.
Complexity of risk management in global companies
To cope with increasing traffic, global corporations sometimes manage gateway devices connected to internal networks at each office in each country, which complicates the unified management and control of security policies.
2) Increasingly ingenious and ferocious cyber attacks
In recent years, the number of targeted attacks directed at specific companies and organizations has risen. Cyber criminals try all ways to gather information and break into the networks of target companies. Vulnerable VPN gateways and private-use devices are good targets.
Cyber attacks targeting remote environments
Cyber attacks, to which remote work is vulnerable, also became apparent during the coronavirus crisis. For example, in 2020, there was a spike in Windows's Remote Desktop Protocol exploits.
Supply chain attacks
Cybercriminals have not limited themselves to global corporations. Attempts have been made to engage other companies in supply chains through system vulnerabilities and malware. At the end of 2020, prominent security provider solutions faced attacks through supply chains.
3) Rapidly expanding ransomware threats
Ransomware targeting an oil pipeline
Ransomware is now the most formidable cyberattack, and its damage can be huge. In May 2020, a US oil pipeline was targeted by the Dark Side, a criminal ransomware group.
The criminals exploited the vulnerability of VPN password authentication by intruding into the system and having a significant impact on the pipeline. In this case, they were paid $4.4 million. ※Of that amount, authorities were able to recoup $2.3 million.
Targeted ransomware and dual threats
Ransomware is also becoming increasingly sophisticated, with a growing number of types of attacks directed at specific companies and organizations. This type of attack is called “targeted ransomware,” in which criminals customize ransomware to suit the enterprise they have targeted. In addition to encrypting data, they also threaten to steal data and publish it if they aren’t paid for it. This is called "dual intimidation."
New business model of RaaS
RaaS (Ransomware as a Service) is a business platform for ransomware. Ransomware is evolving as a criminal business in which the providers of ransomware systems and those who use them are tagging and spreading attacks. Companies need to adapt to these evolving cyberattacks and changing business environments.
3. The notion of zero trust, which attracts attention
Against this backdrop, the concept of zero trust is becoming increasingly important.
1) What is zero trust?
Zero trust is a security concept that regards all communications inside and outside the company as "unreliable." This concept already existed in 2010, but the diversification of workplaces due to the pandemic has directed much attention to zero trust in recent years.
The conventional security model is called "borderline security." Boundary-type security essentially handled internal access and post-authentication access as secure. However, in recent years, the boundaries have become vague, and these concepts have limitations.
2) Risk of VPN
VPNs have become more and more popular with the spread of remote work, but they carry security risks. For example, if VPN credentials are leaked, there is a risk that all the information assets in a company could be accessed.
It is also possible that traffic to the VPN device will be concentrated, which will slow down the system's response time and interfere with business operations. The introduction of ZTNA can address the risks involved in VPNs.
3) Diversification of attack targets
As already mentioned, cyberattacks are becoming more sophisticated, and their methods and targets are becoming more diverse. Every touch point – whether inside or outside the boundaries, such as e-mail, SMS, or suppliers in the supply chain – can be the starting point of an attack. Under these circumstances, zero trust, which does not trust anything, becomes even more important.
4. ZTNA function
ZTNA is based on the zero-trust concept, and accesses are controlled at the application and data levels of each communication. Since the terminal communicates with the ZTNA access point instead of the office VPN gateway, the response delay due to traffic concentration can also be suppressed. Each is further explained in detail.
1) Application-level access control
ZTNA provides application-level, rather than network-level, access control. Every time there is a communication, zTNA evaluates the user and frees only the applications and resources that can be accessed. In the unlikely event that credentials are compromised, resources other than those that can be accessed are protected.
2) Integration of authentication and authorization
ZTNA provides IDP-integrated capabilities that alert and allow you to centrally manage authentication and authorization policies, such as Multi-Factor Authentication (MFA) and Single Sign On (SSO). Centralized management of authentication and authorization policies ensures safety in a variety of business environments.
3) Audit and logging
Log management features are important for security. ZTNA enables you to get and manage detailed activity logs, such as for application manipulation.
There are two ways to achieve zero trust in an approach that differs from ZTNA:
Cloud-based security (SWG)
SWG (Secure Web Gateway) is a cloud-based security service that provides features such as URL Filtering, Anti-Virus, and Sandbox. Some ZTNA solutions include SWGs.
Cloud monitoring (CASB)
CASB (Cloud Access Security Broker) makes cloud usage more secure by visualizing cloud usage and understanding usage conditions.
5.Benefits of introducing ZTNA
What are the advantages of introducing ZTNA? Here are six:
1) Reduce the number of places that may be attacked
ZTNA typically communicates with the solution provider's access point. Because ports such as corporate VPN gateways are not exposed externally, you can reduce the risk of unauthorized access.
2) Prevent damage in the event of an emergency
ZTNA controls access at the application and resource levels. In the unlikely event that a user terminal is infected with malware and is taken over by a third party, the user can access only authorized resources and prevent secondary damage.
3) Security not limited to a location
ZTNA allows you to centrally manage authentication and authorization policies. Security functions such as SWGs and CASB can be used in conjunction with other security functions to maintain a constant level of protection, regardless of whether the locations are internal or external.
4) Comfortable working environment
When users work away from the site, they communicate with cloud-based access points provided by service providers, making it easier for access to be distributed and thereby preventing delays from occurring and not interfering with the user's business.
5) Flexible scalability and reduced management effort
Because ZTNA is software-controlled, it is easy to deploy and can be easily expanded. To reduce the management of servers and network devices, the workload of information systems can be reduced and advertised to core operations.
6) Centralized management of security policies
You can centrally manage security policies and status, such as applying MFA to all applications. Centralized management improves safety and ensures efficient risk management.
The principle of zero trust will become increasingly important in preparing for ransomware and other sophisticated cyberattacks, as well as in adapting to changing workplaces.
ZTNA is a safe and pleasant, business environment-friendly solution. IIJ has recently released its ZTNA solution Safous. Please refer to the free eBook for details, or contact us.
Receive the latest news, events, webcasts and special offers!