One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1871172 |
| Date de publication | 2020-08-19 16:15:00 (vue: 2020-08-19 22:12:55) |
| Titre | Zero Trust Network Access (ZTNA) explained |
| Texte | This blog was written by a third party author In today’s ever-changing cybersecurity landscape, Zero Trust is here to stay. Before the concept of Zero Trust was well known, organizations followed the belief that anything within the network is trusted, and anything outside of it is untrusted. Zero trust is built on the idea that all traffic, whether incoming or outgoing, should be inspected, regardless of the source. Traditional remote connectivity solutions, like VPN, fall short of meeting this requirement because they connect users to an entire network segment, which in many cases provides access to a lot more than what is required to do their job. With many organizations having to support a suddenly remote workforce, major performance concerns have arisen with VPN since it was never designed to support thousands of employees working remotely and connecting simultaneously. Zero Trust Network Access can help address both of these concerns. Users and applications are already in the cloud, so it follows that secure access should be granted through the cloud. This cloud-based solution leverages software-defined perimeters (SDPs), created specifically for a cloud-based environment — putting organizations in a better position to embrace Zero Trust. What is Zero Trust Network Access? ZTNA solutions provide seamless and secure connectivity to applications without placing users on the network or exposing applications to the internet. Relying on legacy solutions to access network applications is no longer required with ZTNA. With ZTNA, granting access based on an IP address is replaced by locally enforced and cloud-managed secure policies. With this type of visibility, user-specific access to apps is granted solely to those users with authorization to view or use them. Instead of connections to internal networks, all access is contextual. By isolating access in this manner, risks to the network brought about by potentially infected devices is drastically reduced. ZTNA’s user-to-application methodology transforms the inherently insecure internet into today’s corporate network. ZTNA is achieved through a software-defined perimeter (SDP), a term created by the Cloud Security Alliance. For the enterprise, an SDP favors software over traditional network security appliances to seamlessly connect remote users with applications running in their data centers and cloud environments. It’s important to note that while replacing your VPNs may provide motivation for ZTNA adoption, ZTNA products should not be considered a VPN replacement. What are the benefits of ZTNA? The benefits of ZTNA deployment are diverse. Like a traditional VPN, any ZTNA connection offers encryption to provide confidentiality. But unlike VPN, ZTNA boasts significant upgrades in agility, policy management, user experience, and adaptability. ZTNA is a solution that contributes to digital transformation projects, driven by cloud-based applications and employees working remotely. Other notable benefits not already mentioned above include: Improved UX (user experience) Improved content access granularity More centralized policy management that leverages both network and application access control as well as user access control with MFA Visibility into what applications are being used, including previously undiscovered programs and the ability to provide access to specific applications by role or by user Reduced risk of distributed denial of service (DDoS) attacks by not exposing the applications to the public internet ZTNA use cases ZTNA opens the doors to a multitude of use cases previously unattainable with traditional access methods. With access dictated more by user, application, and service, the enterprise can adapt to the growing requirements for today’s new normal. With ZTNA, organizat |
| Envoyé | Oui |
| Condensat | by is ability about above access accessing achieve achieved adapt adaptability address administrative adopting adoption affect agility all alliance already another answer any anything anywhere appliances application applications apps are arisen at&t attacks authenticating authentication author authorization based because before behavior being belief belonging benefits best better blog boasts both bring brought built business but byod can can: cannot care cases centers centralized changing channels cloud collaboration company conceal concept concerns confidentiality connect connecting connection connections connectivity considered content contextual contractors contributes control corporate country create created cybersecurity data ddos defined denial deploy deployment designed device devices dictated digital diligence direct distributed distribution diverse doors drastically driven due duties easiest efficiently else embrace employee employees enabling encryption endpoint endpoints enforced enterprise entire environment environments ever example expect experience explained exposing facing factor fall favors finally followed following follows friendly from functionality gateway global granted granting granular granularity growing have having help here high home hostile hot idea important improved improving include: including incoming infected inherently insecure insider inspected instead internal internet iot isolate isolating it’s its job known landscape legacy leverages like local locally location longer lot maintain major making managed management manner many may meeting mentioned methodology methods mfa mitigated mobile more motivation mssp multi multitude native need network networks never new normal not notable note offers one opens organization organizations originated other out outgoing outside over own partner partners party performance perimeter perimeters personal personas placing platforms policies policy position potentially practices prevented previously products programs projects properly provide provided provider provides public putting questions questions: reduce reduced regardless relied relying remote remotely replaced replacement replacing request required requirement requirements risk risks role running sdp sdps seamless seamlessly secure security seek segment separation service services short should significant silos simplify simultaneously since situations software solely solution solutions source specific specifically spot stay successful such suddenly suppliers support systems take technical term than them these things third those thousands threats through today’s traditional traffic transformation transforms travels trust trusted type unattainable undiscovered unlike untrusted upgrades upon use used user users value vendor verified view visibility vpn vpns way ways welcome well what when whether which who wireless within without workforce working would written you’ll your zero ztna ztna’s |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.