What does Zero Trust (ZT) security mean, and why is a ZTNA approach now being talked about?
The activities of Lutech Group’s Advisory Team
With the ever greater use of multicloud technology, the company boundary is becoming ever vaguer: it is therefore necessary to switch up the paradigm by developing an advanced and broad strategy, appropriately defining new client requirements in accordance with a Zero Trust approach. Lutech supports clients through a series of preliminary advisoring activities able to identify the most suitable Zero Trust strategy in terms of cost-benefit ratios for their business requirements.
Marco Ceccon, Lutech Group Advisory Practice Director
While embracing the principles of Zero Trust (ZT) security is now mandatory, pushing on towards protection solutions and services which use a ZTNA (Zero Trust Network Access) model represents the most effective and complete way to protect the company network and data.
The Zero Trust philosophy is considered by all security vendors to be the best suited to protecting company networks today. A genuine philosophy which completely overturns the principles on which protection was based up until a few years ago. The paradigm change was made necessary when it was realized that it was no longer possible to work on obsolete beliefs fundamentally based on the fact that “inside the company perimeter means safe” and “outside means unsafe”. This is also because the confines of the company networks are ever-increasingly vague and ill-defined.
Remote working is just the latest trend to show up the traditional approach as being outdated. IT architectures distributed across different cloud environments, access via Internet to the company network by controlled and uncontrolled devices (like with IoT) had already contributed to definitively bringing down the castle walls. Faced with the new operating methods and distribution of the IT environments, traditional methods such as VPNs or DMZs showed all their limitations.
Today, protection of the network must be independent from the physical location where the device connects from, and above all must not be bound by the pre-saved profile of the person who is logging in, canceling any kind of trust.
What does this mean? Zero Trust means that the latest generation of corporate protection systems ask the user to gain their trust before allowing access to platforms and applications. This is because the large majority of attacks on company networks today occur through known profiles, often following identity theft.
Zero Trust? Stop trusting employees, for their own good
According to the Zero Trust philosophy, no user is “safe”, and the freedom to access services and applications must be won over one application at a time, session by session. Access by default is definitively banished; users accessing the network and their device pass through various checks managed by NAC (Network Access Control) and “brokers” (CASB) for monitoring cloud environments, often supported by machine-learning algorithms. Finally, increasing use is being made of multi-factor authentication (MFA).
The application level given over to authentication checks the authorizations of the previously defined profile for access to the applications, and carries out instantaneous checks of the device and the context: what time the user is connecting to the network, how and from where.
Ultimately, various different tools come into play in the Zero Trust approach: CASB, gateways, brokers, NAC platforms or MFA (multi-factor authentication) tools. With these integrated solutions, the IT team can obtain a complete, global view of who is connecting, from where and why.
The three goals of a Zero Trust strategy
- What: know every device on the network
- Who: know every user accessing the network
- Inside and Outside: know how to protect resources inside and outside the perimeter.
The importance of evolving from a ZTA to a ZTNA solution
A ZTNA platform guarantees maximum protection from human error, but requires significant commitment in terms of configuration, management and monitoring which it is convenient to delegate to the technology partner.
Alessandro Berta, System Engineer Manager for Northern Italy at Fortinet
The philosophy is called ZT; an initial, valid package of solutions falls under the acronym ZTA (Zero Trust Access); while the maximum level of security is guaranteed by a ZTNA (Zero Trust Network Access) solution, also known by the acronym SASE (Secure Access Service Edge).
Why are the most advanced companies opting for a ZTNA platform? There are essentially two main limits with authentication and monitoring solutions:
- The first concerns the frequency of updating of the access checks and authorizations. A ZTNA solution re-evaluates the trust status of an access (user and device) at each session.
- As a second step, a verification process for each individual application is provided for. A ZTNA platform requires greater efforts in the implementation of the protection plan in terms of configuration and customization. For example, it may be required to install an agent on the end point, with significant consequences for the IT team.
Fortinet’s ZTA approach
- Identify, profile and scan all devices
- Ensure constant monitoring of the network
- Maintain network orchestration and automatic response
- Establish identity through login and multi-factor authentication
- Provide role-based information for privileged access
- Simplify user authentication thanks to SSO
Fortinet’s complete offering for corporate protection
Lutech is a Fortinet Expert Partner
Fortinet is world leader in advanced protection of networks and their content, and security of access, the public and private cloud, and of end points.
Choosing the best protection solution for a company is a complex activity to be carried out alongside the IT partner. Lutech Group puts the fundamental contribution of its advisory team at the forefront of security projects for its clients. As a first step, a complete assessment is carried out of the corporate infrastructure solely oriented to the business requirements. How the data circulate, who must access the individual applications and how, what the different protection priorities are: these are the questions which must be answered during the assessment phase.
In the next phase, Lutech Group designs the most appropriate integrated solution, drawing on the offering of a qualified vendor such as Fortinet. The world leader in security makes available everything needed for a Zero Trust approach.
From FortiCASB and FortiNAC to FortiAnalyzer and FortiManager, the range of Fortinet offerings includes everything needed for a Zero Trust approach and the adoption of an SASE strategy. Fortinet guarantees the maximum level of protection even in management of uncontrolled end points, such as IoT devices, which are delicate points of access for an attack on the corporate network precisely as they are autonomous.
The advantages of FortiNAC
NAC (Network Access Control) technology is the ideal means to protect headless IoT devices in the network. FortiNAC offers three key functions:
- Visibility of all devices and users which register on the network
- Limitation of the areas that the devices can access
- Automated response which reduces the reaction time from days to seconds
Thank you for your interest!
We have received your contact request; we will be in touch shortly to further discuss your business requirements.