Software Defined Perimeter a journey towards Zero Trust

Zero Trust Architecture is one of the most discussed topics today. As the name indicates its more about the 'Trust' and to be specific of more contextualized need for

Trusting A Device

Trusting a user or identity

Trusting a network etc.?

It's about not trusting but moving away or eliminating the implicit trusts.

Traditionally the enterprises or organizations were built to have a space for people to come and do their job (corporate networks), and fraction of the users were enabled with remote access or treated as mobile users. The office networks were considered trusted networks, the organization provided laptops or devices were considered as trusted devices. These users were enabled with VPNs with network level access controls, to have the access to services they need while outside the corporate network. These were good enough and not complex to manage considering the minimal number of users and devices provisioned with such accesses.?

The 2019 pandemic forced globally to ramp up such accesses with the need to isolate people for the safety of lives being top priority. The new enablers were online meeting and messaging platforms which became mainstream to conduct businesses supported with backend systems accessible to office workforce through VPNs. VPNs were good and served their time. However rapid scaling of VPN access?made it complex to manage with limitations of complex configuration, potential vulnerabilities and broad attack surface. As organizations grow and diversify there?appears a struggle to adapt to the dynamic nature of modern business and services.

The adversaries see the opportunities of users moving to home and other networks, which were once untrusted become widely trusted with increase in remote or hybrid work, bringing an increase in statistics of breaches. With adoption of cloud and hybrid identities brought the avenue of credential harvesting to peak.

MFA and tokens once considered required or used only by financial institutions become mainstream for everything and are not a choice anymore. Security became priority over convenience, and we all started adopting the same for personal or private emails and social media platforms. Industry is dealing with improving and securing further such MFA solutions to avoid human fatigue errors and moving towards password less to eliminate the risk of passwords itself. User awareness is key and a line of defense however attrition, fatigue, motivational factors and variance in understanding makes it difficult to rely on completely.

The pandemic brought other challenges as well, changing the economy of IT operations with limitations and cost associated with links and bandwidth required to serve the flip of 20:80 to 80:20 ratio of hybrid workforce. Post pandemic hybrid work was adopted globally by many enterprises and employees as the barrier of adoption was disrupted during the period.?

The significance of Zero Trust Architecture and Zero Trust Network Access evolved and became available with the right formulation in the right time during this period. There are various solutions sold in all different flavors of ZTNA.??

With the Zero Trust Philosophy of trust nothing and verify everything challenges traditional notion of establishing trust based on network location. Users and devices are authenticated, authorized and verified periodically irrespective of their location inside or outside the organization network.

ZTNA with the least-privilege approach reduced the attack surfaces significantly by granting access only to the specific services and resources needed by a user. This enables to thwart the lateral movement of threats and limit potential damage thereby enhancing the security posture.

ZTNA enables granular access on a per application basis while dynamically adopting user roles and permissions. It is key to adopt least privilege model while implementing ZTNA entitlements. This requires a discovery exercise to map the services and ports, to define entitlements preferably associated to security groups for seamless management, provisioning and deprovisioning. The granularity ensures users access limited to what they need to perform the task minimizing the risk of unauthorized access.

Considering the hybrid and edge infrastructures while being futuristic about cloud, a choice of solution that supports both cloud and on-premises deployments of gateway is highly desirable. Ensure the solution seamlessly integrates with cloud while acknowledging the trend of the distributed and hybrid infrastructure.

ZTNA solutions provides a smoother and more user-friendly experience. Reduces the friction accessing corporate resources?remotely from distributed locations (muti-dc, multi-cloud) without backhauling traffic?to single termination point of traditional VPNs. ZTNA architectures are inherently scalable and flexible catering to the dynamic needs of the organization, ensuring security measures remain effective even as the organization evolves. They enable the same security levels irrespective of the location of work seamlessly. Identity integration is one key factor to be considered on ZTNA implementation along with hybrid approaches and modern authentications with MFA.

A smooth transition to ZTNA is very much feasible considering the same is not a disruptive change. By carefully planning the deployment in parallel to the current VPN and gradual transition is possible with adequate planning for services and users in batches. With the ability to support mobile users on multiple devices this?can also reduce publishing of internal services for mobile users limiting the public exposure of services.

Zero trust network is not a mere replacement of VPN, it's a paradigm shift towards a more secure, dynamic and user centric approach to remote access. With organizations prioritizing security in ever-changing digital landscape, with transition to perimeter anywhere, ZTNA/SDP becomes a strategic move towards a resilient and future proof cybers security architecture.