Page 156 - Cyber Defense eMagazine September 2022
P. 156
It’s important to note that the user-to-application approach expands security past the network perimeter
to any resource connected to the network. This can include cloud applications and resources, for
example, or remote physical or virtual applications and data.
Industry analyst firm Gartner has promoted the concept of the secure access service edge (SASE), which
includes ZTNA as one of its elements. SASE, another hot topic in the cybersecurity world, consists of
cloud-based security infrastructures to serve the new distributed workforce. Two closely related key
benefits of SASE are reduced latency and an improved user experience.
A Practical Path Forward
Given the wide adoption and usage of SSL VPN, any conversation about transitioning to ZTNA must
account for the older technology. There’s just too much current investment in platforms, IT staff time, and
education of end-users to simply discard existing SSL VPN solutions. Luckily – and partly by design –
ZTNA easily lends itself to a more stepwise approach.
For example, Hillstone’s ZTNA solution leverages Hillstone NGFWs as well as the Hillstone Security
Management (HSM) platform to overlay ZTNA authentication over SSL VPN capabilities. The combined
solution can leverage a wide range of authentication protocols and provides tight controls over users and
devices with role- and context-based policy enforcement. Another possibility is to leverage the security
capabilities of SD-WAN (another of the elements of SASE) alongside SSL VPN services to serve as a
bridge to ZTNA and SASE later.
Conclusion
Ultimately ZTNA is a nascent cybersecurity technology – though it seems to be maturing quickly.
Development efforts will eventually lead to consolidation and standardization, which will give
manufacturers and security pros alike a set of table stakes to shoot for. For now, whether ZTNA is just
the latest hashtag or the real deal will depend upon how it’s implemented. It will require careful
consideration of how it can co-exist with the existing security framework, support and enhance security
policies, and better secure and defend the entire network from core to endpoint to cloud.
Cyber Defense eMagazine – September 2022 Edition 156
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.