How to Identify User Personas for Zero Trust Network Access
Identifying user personas is a challenging yet essential part of any zero trust journey. Recent trends in the United States — including the May 12, 2021, executive order on improving the nation's cybersecurity — have provided an impetus to zero trust adoption.
According to Gartner, zero trust will move past marketing hype into reality in 2023. Gartner also suggested in a recent report that ZTNA (zero trust network access) and network micro-segmentation are two primary factors for organizations of any size to consider when starting their zero trust journey.
Steps to Zero Trust Implementation
In Part 1 of this BlackBerry® blog series, I discussed how to identify practical ZTNA use cases for your organization. Now in Part 2, I’ll look at how large and mid-market enterprises, SMBs (small and medium-sized businesses), and nonprofit organizations can confidently start their journey by employing user personas.
Zero Trust Network Access User Personas
Taking a human-centric approach to a zero trust business transformation is one of the most effective actions to sustain the benefits of a ZTNA project. Identifying a variety of user personas at the start, therefore, will greatly help to pace the transition to a zero trust system, and minimize disruption to existing network architectures.
User Persona #1: Contractors and Suppliers
Third-party access has undeniably been a significant contributor to data breaches. In particular, traditional VPN (virtual private network) solutions — a technology that ZTNA is fast making obsolete — are often a factor, since they are frequently insufficient for limiting access to third parties, such as contractors and suppliers. Employing least-privilege access, segmented access control, and authenticated and authorized access control greatly reduces the attack surface, while also expediting the onboarding of contractors and suppliers for secure remote access.
According to the 2023 Black Kite Third-Party Breach Report, unauthorized network access emerged as the most common root cause of third-party attacks, initiating 40% of the third-party breaches analyzed. Defining the boundaries for this specific use case allows the ZTNA project team to fine-tune the rollout before expanding to other user personas.
User Persona #2: Off-Site Teams
On-the-go access to company resources and data is what empowers a modern, mobile workforce. However, off-site remote access via VPN or VDI (virtual desktop infrastructure) can fail to effectively safeguard computers, enterprise networks, and other endpoints against the growing threat of malware and assorted cyber risks. A modern ZTNA solution, tightly coupled with endpoint protection and XDR (extended detection and response) solutions, can harden those defenses.
In addition, enabling secure remote access from healthy managed and unmanaged devices to public, private, and SaaS (software-as-a-service) applications, can also significantly enhance the user experience. At its core, zero trust security is about achieving continuous security without slowing or complicating workflows for remote hybrid workforces.
User Persona #3: Home-Based Workers
Distributed workforces require a continuous need for enterprise connectivity to support WFH (work from home) and BYOD (bring your own device) work models. A ZTNA solution enables work-from-anywhere scenarios, such as for home-based employees using high-speed networks to connect to SaaS apps, while eliminating bandwidth issues and preserving the end-user experience.
Private access to resources can also be established with fine-grained controls and context, to ensure that only healthy devices are communicating with the network infrastructure. Digital transformation and hybrid deployment models — combined with work-from-anywhere and BYOD policies — help consolidate NetOps (network operations), SecOps (security operations), and ITOps (information technology operations), thereby improving productivity without compromising security.
User Persona #4: New/Acquired Businesses
One of the biggest benefits of zero trust network access is its ability to improve the speed and agility of transformative events, without the need to integrate networks to enable productivity. Additionally, a cost-effective ZTNA solution that can comprehensively support all major operating systems (Windows®, macOS®, iOS®, and Android™), and unmanaged BYOD devices, can save millions of dollars in new hardware purchases. This is a critical consideration for any organization that must coordinate with new or acquired businesses and establish a unified, stable, and secure experience across all partners involved.
User Persona #5: Temporary Access
Because VPNs are prone to creating network vulnerabilities, it’s smart to eliminate the need for VPN-based temporary access when possible. A zero trust model achieves this by granting temporary access without creating a new Active Directory user profile, and by providing minimal access for a limited time. Defining a “temporary user persona” in the ZTNA playbook furthers the evolution of zero trust architecture and enhances cyber resiliency.
In the upcoming Part 3 of this blog series, I will discuss different types of applications that could be brought under ZTNA, as well as supporting architectures that gradually reduce attack surfaces while maintaining a great user experience.