It’s important to note that the user-to-application approach expands security past the network perimeter
            to  any  resource  connected  to  the  network.  This  can  include  cloud  applications  and  resources,  for
            example, or remote physical or virtual applications and data.

            Industry analyst firm Gartner has promoted the concept of the secure access service edge (SASE), which
            includes ZTNA as one of its elements. SASE, another hot topic in the cybersecurity world, consists of
            cloud-based  security  infrastructures  to  serve  the  new  distributed  workforce.  Two  closely  related  key
            benefits of SASE are reduced latency and an improved user experience.



            A Practical Path Forward

            Given the wide adoption and usage of SSL VPN, any conversation about transitioning to ZTNA must
            account for the older technology. There’s just too much current investment in platforms, IT staff time, and
            education of end-users to simply discard existing SSL VPN solutions. Luckily – and partly by design –
            ZTNA easily lends itself to a more stepwise approach.

            For example, Hillstone’s ZTNA solution leverages Hillstone NGFWs as well as the Hillstone Security
            Management (HSM) platform to overlay ZTNA authentication over SSL VPN capabilities. The combined
            solution can leverage a wide range of authentication protocols and provides tight controls over users and
            devices with role- and context-based policy enforcement. Another possibility is to leverage the security
            capabilities of SD-WAN (another of the elements of SASE) alongside SSL VPN services to serve as a
            bridge to ZTNA and SASE later.



            Conclusion

            Ultimately  ZTNA  is  a  nascent  cybersecurity  technology  –  though  it  seems  to  be  maturing  quickly.
            Development  efforts  will  eventually  lead  to  consolidation  and  standardization,  which  will  give
            manufacturers and security pros alike a set of table stakes to shoot for. For now, whether ZTNA is just
            the  latest  hashtag  or  the  real  deal  will  depend  upon  how  it’s  implemented.  It  will  require  careful
            consideration of how it can co-exist with the existing security framework, support and enhance security
            policies, and better secure and defend the entire network from core to endpoint to cloud.



















            Cyber Defense eMagazine – September 2022 Edition                                                                                                                                                                                                         156
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.