Data is one of the most precious and fragile commodities in our lives, particularly for the efficient operations of big corporations. Data plays a crucial role in business operations, from financial records to non-disclosure agreements, personal information to statistics, and intellectual property. Its precious nature is rooted in its essential role in keeping business operations running smoothly, with the availability and integrity of data being of utmost importance. Yet, its fragility remains a concern as outside forces, whether they be competitors or criminals, seek to steal or harm it, and natural disasters can cause accidental destruction. These threats’ unpredictable and unwelcome nature only underscores the need for proper protection and safeguarding of valuable data.

Data protection can be split into two parts: physical data preservation and data/information security – a defense shield against all kinds of intruders.

People came up with multiple ways to protect information’s physical and virtual well-being. In this blog, I am focusing on cyber security – a set of tools and mechanisms facilitating defense against any unauthorized access ranging from involuntary exposure to aggressive attempts to steal and/or damage information.

Currently, the main security domains that have been recognized are network/critical infrastructure, cloud, endpoint, mobile, IoT, and applications. Over time, security engineers/architects developed a wide variety of tools and measures to cover possible security gaps in all these areas. They all have their strengths and weaknesses and are all trying to provide enough security within a reasonable budget without making an organization spend too much on maintenance. However, for this discussion, I will focus only on the modern and popular term of Zero Trust Network Access (ZNTA), which many believe is a silver bullet solution for cybersecurity.

According to Gartner, ZTNA is “a product or service that creates an identity- and context-based, logical access boundary around an application or set of applications.”  ZTNA is a security framework, where there is a ‘middleman’ that enables remote access to the organization’s applications, data, or services based on explicitly formulated access control criteria. Also, ZTNA can be seen as an alternative to virtual private networks (VPNs). Unlike VPN, it does not provide access to the whole network, only to the target service.

So how does ZTNA work? The process begins with the authentication of the user, which can be performed using a variety of methods, including multi-factor authentication, context-based authentication, biometrics, and more. Once the user is authenticated, a ZTNA solution establishes a secure, encrypted tunnel and grants the user’s device access to a specific application. Other applications and services, as well as the IP address on which the application is running, are kept hidden from both the user and the outside world. This is achieved through the implementation of the «dark cloud» concept, which prohibits users from accessing or even being aware of the existence of other applications and services within the corporate network that they are not authorized to use. Even if a potential attacker gains access, they will not be able to detect the presence of other services. It’s crucial to acknowledge that this approach doesn’t guarantee absolute security. Adversaries can still make efforts to gain access to these resources by exploiting application weaknesses or misleading users to reveal their login information through phishing attacks.

So, let’s try to list the pros and cons of Zero Trust Network Access

The Pros of ZTNA:

• ZTNA is an entirely software-based solution that does not require any hardware. Given the current state of logistics and supply chain problems, businesses should consider migrating to software-based security solutions.
• Data plane simplicity – the user traffic no longer needs to travel to a data center as it goes directly to the application, thereby simplifying the data plane.
• The application location does not matter – it can reside in a data center, an Intranet, or in the cloud.
• ZTNA offers the advantage of capacity scaling based on licensing, eliminating the need for additional infrastructure modifications after implementation.
• Corporate users do not need to connect to a corporate network. Therefore, the infrastructure is invisible.
• Organizations control application segmentation, so complex network segmentation is not necessary.

The Cons of ZTNA:

• ZTNA can be very complex to implement in an organization. Every user, device (including IoT and other headless devices), and application needs to be authenticated and authorized. This creates additional complexity, especially when discussing corporations with many users, devices, and applications.
• The shift from conventional perimeter-focused security to ZTNA must undergo extensive testing and documentation to prevent any surprises for users during the transition.
•  ZTNA might impede productivity. Extra security measures like two-factor authentication can affect the overall user experience. To mitigate this, additional products must be integrated to learn and implement an access control system, reducing the frequency of authentication over time.
• ZTNA is designed around networks and applications, making it a solution that is not focused solely on data. As a result, in the event of a ransomware attack, it is possible that some of the data may still be compromised. To address this, an additional layer incorporating AI/ML technology would be necessary to monitor user behavior and operations and restrict access in the event of any anomalies detected.

Absolute security is like a perpetuum mobile – impossible, even in theory. We can only increase the efficiency of security within manageable cost boundaries. Think of an equation based on the price of support, and the price of a potential recovery, multiplied by the probability. If we look at security as a standalone product, it should adhere to the traditional balance between value and price. The reduced likelihood of a hack represents the value, but the question remains, “how low is low enough?» The cost of a solution factors in the expenses for technical support, the impact on end-users’ daily tasks, and even the likelihood that business users may request removal.

Clearly, Zero Trust represents a foundational approach to network security that has garnered significant attention in recent years. However, the ever-evolving threat landscape requires the Zero Trust security architecture to evolve continuously. As technology advances, the methods used by attackers also become more sophisticated; thus, the Zero Trust architecture must be adapted to keep up with these changes. Keeping an eye on the latest technological advancements is crucial to ensure that the Zero Trust network access foundation remains strong and secure. This proactive approach will enable organizations to stay ahead of potential security threats, reducing the risk of data breaches and other cybersecurity incidents.