Improving security with Zero Trust networking

05 June 2024

Chris McKie, VP product marketing, security and networking solutions, Kaseya

Chris McKie, VP product marketing, security and networking solutions, Kaseya

With cyber risks steadily growing, organisations are increasingly looking to Zero Trust as a strategy to help defend their networks and boost their cyber resilience. The underlying principle of Zero Trust is well known by now: to never trust anything or anyone by default, including internal network devices, and to only grant verified users access to the data they really need.

It sounds simple enough. But for many organisations, putting Zero Trust into practice proves less straightforward than it sounds.

This is because implementing it involves several different capabilities, requiring resources and skills that smaller businesses often lack: an ‘assume breach’ mindset, strict access controls, continuous monitoring across the IT infrastructure and proactive threat hunting are all essential parts of a Zero Trust strategy.

Zero Trust Network Access (ZTNA), meanwhile, has emerged as an important subset to Zero Trust. Rather than requiring every single process to follow Zero Trust, it focuses on the network: imposing strict controls on network access to protect data and users, including those working remotely. This network focus makes it much more achievable.

There are five core elements to implementing ZTNA. They help ensure that only trusted entities working on secure devices are accessing the company network and in addition, that they only use the data and applications they have explicit permission to access.

This is achieved by always verifying users and their context, continually validating devices and their status, authorising the applications used, files and data, restricting access to cloud and SaaS resources and finally, enforcing an organisation’s security policies and controls.

SASE solutions can help deliver Zero Trust
Secure Access Service Edge (SASE) solutions play an important role in delivering ZTNA as some of the required functionality is already built in. While their main use case up until now has been to replace VPNs in remote access scenarios, SASE’s potential goes far beyond simplifying remote access. These solutions combine the necessary networking and security-as-a-service capabilities that can help organisations achieve Zero Trust networking.

Following the principle of ‘least privilege,’ SASE solutions work by only connecting identified users and devices to specific resources in the cloud or on-premises. In line with Zero Trust, access is granted based on the verified identity of the user, device, or entity, considering important real-time context such as the device’s security posture.
SASE also delivers next-gen firewall protection with policy enforcement and content filtering across branch offices, remote users, and on-premises workers. This helps businesses implement fundamental ZTNA security controls. And, whereas VPNs tend to expose a lot of information on the internet that could be useful for would-be attackers, with a SASE solution, networks and resources remain hidden from sight.

What’s more, the cloud-based management of a SASE solution makes the ZTNA security model very achievable even for smaller companies – allowing easy deployment and management. There are scalable, easy-to-use SASE solutions on the market that can cater to organisations’ specific requirements and individual budget constraints, bringing Zero Trust networking within easy reach.

Greater control and reduced risk
Zero Trust Network Access is just as vital for small and medium-sized businesses (SMB) as it is for enterprises – especially considering that the fallout from an attack can be even greater. In the Datto 2022 SMB Cybersecurity Report, around 70% of SMBs admitted the impact of a ransomware attack would be ‘extreme’ or ‘significant.’ In fact, an attack can be so devastating that almost a fifth (17%) said it would be difficult for them to recover.

Zero Trust Network Access addresses this by providing a modern and robust approach to network security that helps businesses limit the damage of an attack. If they embrace it, they will benefit from greater control, improved visibility, and reduced risk.

The first step is to put in place a cyber security framework that aligns with the organisation’s needs and goals. The principle of Zero Trust is then added as an overlay, with the necessary policies and controls to achieve ZTNA – encompassing not only remote workers through a SASE solution, but also internal users and devices sitting within the network boundaries.

Due to the perceived complexity of Zero Trust, businesses can find the prospect of deploying a solution by themselves daunting. While implementing ZTNA is not complicated, many businesses – SMBs in particular – will want to engage an MSP partner who can help them define a least-privilege access strategy with appropriate controls. The MSP can not only supply and manage the right verification and identification solutions including SASE, but also take responsibility for the 24/7 monitoring of the network via a remote monitoring and management system (RMM).

Organisations are increasingly prioritising security measures to combat the growing number of cyber threats. Zero Trust is here to stay – and starting with Zero Trust networking is a great first step to strengthen an organisation’s security and cyber resilience.