ZTNA Recommendations for IT, Security, and Risk Management Leaders
The expanding nature of network access by multi-clouds, mobile users, IoT devices, and the remote worker population is forcing companies to broaden their perspectives on network security. It is becoming clear that a default no-trust security posture is becoming a necessity for protecting the growing network perimeter.
A Zero Trust Network Architecture (ZTNA) is the best option to ensure IT infrastructure, applications and network security. ZTNA enables granular access to specific corporate assets, without exposing the entire network. This significantly limits the potential for malicious actions.
With critical assets on-premises and in the cloud, and users working from home and from anywhere on mobile devices, access demands are coming from all directions. RevBits ZTN ensures access authenticity and security from anywhere, at any time, and with any device. Enabling an explicit and risk appropriate zero trust security posture, users are granted access based upon their identity and device. This includes attributes and context, like roles and responsibilities, time and date, location and more. Identity-related device data includes operating systems, browser versions, disk encryption and security software update status. RevBits combines policies for applications, users, devices, IP addresses, locations, workloads and risk, and utilizes identity data to define and enforce access control policies, allowing the appropriate level of access and trust.
RevBits ZTN ensures the identity, integrity and authorization of all users and devices. Access is provided only after verification is completed, regardless of location or network connection. No access is allowed before establishing a ZTN-brokered session between a user, including non-managed IoT devices, and an enterprise resource. When access is granted, users have least privileges to complete a task.
Managing access needs of anywhere workers, third-parties, and expanding device types requires deep and wide protection measures. Below are some recommendations for IT, security, and risk management leaders.
- Begin deployment by applying specific policies to user groups to control access to resources.
- Document application resource usage prior to starting a ZTNA implementation, then map users to resources within RevBits ZTN.
- Clean up access privileges by blocking employee and third-party access for those no longer associated with the organization.
- Managing resource access policies is an ongoing and iterative process, thus as business requirements change, resource access policies should too.
- Inventory all VPN instances that allow network access and replace them over time.
- Include unmanaged device access with the ZTNA architecture.
- Define policies to combine user attributes to enforce who has access to what.
- Develop a strategy to address heterogeneous workloads spanning on-premises, hybrid, virtual, and container environments.
Begin with a pilot project — Initiating a pilot project with RevBits ZTN will help with planning rollouts of WFH employee and third-party access. Testing resources with RevBits ZTN will help you learn access patterns by users and their roles and grow and apply policies as needed.
Best practices to enable a smooth and efficient ZTNA implementation — Before deploying RevBits ZTN, identify potential use cases. For example, grouping users and resources, or granting access to third-parties. Apply specific policies to appropriate user groups.
Document resource usage before implementing ZTNA — Documenting resource usage before implementing ZTNA will provide a better understanding of the relationships between users and resources. This can be accomplished with application discovery tools. Interviewing business leaders within different departments will help determine which resources their teams use, and which require third-party access. This also sets a standard for each team and helps accelerate ZTNA deployment.
Originally published at https://revbits.com.