For zero trust security that scales, organizations must examine their use cases, resource access, and adoption of SD-WAN
The secret’s out — enterprise businesses see the value of simple, reliable, customizable zero trust security technology, and they’re ready to bring it to their network edge. In fact, zero trust inquiries made by Gartner end-user clients increased by more than 50% year over year. These organizations are diligently researching ways to replace VPNs for their extended workforce, grant secure third-party access to their network, and more.
To properly protect their networks, IT and security leaders must sift through a growing number of zero trust product and service offerings and drill down to the capabilities and use cases that best align with the needs of their business. Here are three questions for potential buyers to explore when implementing a zero trust strategy.
#1: What are your zero trust use cases?
When it comes to WAN edge security, most organizational zero trust needs will fall into three primary use cases: extended workforce remote access and “bring your own device” (BYOD), privileged remote access, and on-premises access.
Remote access for the workforce and BYOD
End-to-end security for the extended workforce is a need that has grown exponentially since the global standardization of remote offices. Employees are also increasingly working from their own laptops, smartphones, and tablets, and using the same network for both company and personal assets, creating a larger attack surface area.
A zero trust network access solution (ZTNA solution) takes both user and device profiles into account on a per-session basis to properly enforce access to the enterprise network. For many organizations, this level of security across the entire digital attack surface is a key benefit of a zero trust solution.
Third-party remote access
Privileged remote access for third parties refers to the users and resources who are physically segmented from the primary enterprise network. This includes vendors such as HVAC or payment processing companies, as well as those who use air gapped networks, such as a “store within a store.”
By verifying a user’s location and contextual usage patterns on an ongoing basis throughout the session, ZTNA technology protects against malicious actors who may use a third-party application to penetrate the network.
On-premises access
In the past, on-premises access primarily referred to large headquarters filled with employees who would connect to the company network from their cubicle. Today, an on-premises zero trust solution also refers to internally hosted LANs — or private cellular networks — that cover a variety of spaces including manufacturing floors, classrooms, sports arenas, and more.
For these use cases, it is vital to ensure your private network edge security solution includes a built-in zero trust strategy that can enforce custom access policies for all users and endpoints on the network.
#2: How will your resources connect to the network?
When considering the location and connectivity options for users and endpoints, a ZTNA solution can be either agent-based or agentless.
An agent-based zero trust strategy requires specialized components to be installed on every device to perform required security functions such as posture assessments, device and user authentication, and network traffic redirection to the security gateway. This can lead to a lack of control over which devices and applications can take advantage of ZTNA, particularly in the instance of third-party remote access. Agent-based systems are often support-intensive and can be cost prohibitive compared to an agentless solution.
Agentless ZTNA is an agile solution and the only available option if an agent cannot be deployed to the endpoint, such as in the case of BYOD, contractor access, or remote or specialized locations. Agentless ZTNA solutions rely on a web-based portal for user authentication and access, making them simple to manage from a single pane of glass.
#3: Is SD-WAN a critical component to your enterprise network?
If SD-WAN and 5G aren’t part of your zero trust strategy, it might be time to go back to the drawing board. By implementing zero trust to eliminate default network access, you are creating a secure network foundation that can scale more efficiently with the addition of 5G and SD-WAN capabilities.
This security-driven approach to networking improves uptime through link aggregation and redundancy, especially with 5G connectivity as the main link. 5G has become an essential part of SD-WAN infrastructure, providing enhanced security attributes that complement zero trust and create a trusted security solution regardless of your network location.
Capitalize on the agility of zero trust with a router-based approach
Flexible deployment of a zero trust strategy starts with a wireless router built with security top of mind. When zero trust is integrated into an agentless solution, organizational edge security becomes agile. There is no limit to the number of protocols that can be set, and the zero trust policies can be deployed to users and devices regardless of location, creating a platform for your enterprise to grow securely.