Page 154 - Cyber Defense eMagazine September 2022
P. 154
ZTNA and the Distributed Workforce: Hype vs. Reality
By Timothy Liu, CTO & Co-Founder, Hillstone Networks
ZTNA, or zero-trust network access, seems to be one of the hottest cybersecurity buzzwords right now,
at least as measured by the coverage it’s been receiving. At its core, ZTNA is a fairly straightforward
construct that purports to improve security across the board, especially for the distributed workforce. Its
basic premise is to eliminate implicit trust in users, devices and other network elements, which will
theoretically reduce overall attack exposure including multi-level, multi-phase threats. Is all the buzz
warranted, though? At Hillstone, we believe the answer is a resounding ‘Yes,’ with a few qualifications.
But First, A Look Back
Before examining ZTNA in detail, it’s important to understand why this new model is being proposed and
promoted. Achieving a means of secure remote access has been an objective of IT professionals almost
since the very first data networks were developed. In the early 1990s, several early methods of securing
remote access arose, such as SIPP. In the mid-1990s the secure sockets layer (SSL) protocol was
released and it became the underlying technology for the enterprise-class SSL VPNs that are still in wide
usage today.
(Author’s note: Though most in the industry still refer to this type of secure remote access as SSL VPN,
technically the technology is now based on transport layer security (TLS), which superseded SSL in about
the mid-2000s.)
Cyber Defense eMagazine – September 2022 Edition 154
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.