Five Steps to Zero Trust Network Access: Creating Your First Use Cases
Zero trust as a concept has been discussed for a very long time, but several recent trends in the United States — including the 2021 executive order on improving the nation's cybersecurity — have increased the impetus for zero trust adoption.
According to Gartner, zero trust is moving past marketing hype into reality this year. Gartner also suggested that ZTNA (zero trust network access) and network micro-segmentation are two projects that provide good places for organizations to begin their zero trust journey — regardless of their organizational size.
Steps to Zero Trust Implementation
In this multi-part blog series, I will discuss how large and mid-market enterprises, SMBs (small and medium-sized businesses), and non-profit organizations can confidently start their journey towards zero trust in five steps, utilizing the following activities in their first ZTNA project:
1. Identify practical ZTNA use cases. The best place to start is by identifying a use case that is tailored to the needs of your organization. In Part 1, I’ll dive into detail about how to get started by choosing a zero trust project that will put you on the right path to success.
2. Employ user personas for initial ZTNA rollout. Every successful transformation is predicated on first gaining a deep understanding of your end users and business requirements. A phased rollout anchored around one user persona at a time can greatly contribute to a frictionless rollout. In Part 2, I will discuss several types of user personas to help manage the transition to a zero trust architecture.
3. Identify relevant applications to bring under the ZTNA umbrella. Secure access to applications, with airtight integration and identity management, defines the appeal of a zero trust experience. In Part 3, I discuss different types of applications that could be brought under ZTNA, as well as supporting architectures that gradually reduce attack surfaces while maintaining a great user experience.
4. Define access control list policy for user-application micro-segmentation. The ultimate goal of a zero trust transformation is segmented, identity-aware access control, which can be dynamically changed based on your organization’s risk posture, through continuous authentication and authorization. In Part 4, I address the implementation of an ACL (access control list) policy that significantly increases cyber resiliency.
5. Support ongoing adoption. The preceding four steps enable businesses to prepare for a companywide rollout of ZTNA to all users. In the final piece of this multi-part blog series, I discuss organizational considerations to help maintain and support ZTNA beyond its initial implementation.
Zero Trust Network Access Example Use Cases
As mentioned above, the first step in a business’s zero trust network access journey involves identifying practical use cases. Here are four real-world scenarios in which ZTNA could be beneficial.
Use Case #1: Virtual Private Network Replacement
A ZTNA solution is an ideal choice for replacing legacy VPNs (virtual private networks) that frequently expose their inadequacies. Digital transformation, cloud transformation — and remote/hybrid work structure adoption — all drive home a clear message: VPNs are obsolete. As supporting evidence, an FBI advisory revealed that ransomware attacks often focus on unsecured VPN servers, and have been steadily rising in frequency since June 2022. However, organizations that follow basic tenets of zero trust and implement a ZTNA solution can significantly mitigate such attacks.
Use Case #2: Network Protection
A ZTNA solution can also help harden your internal network architecture. Businesses are increasingly adopting zero trust measures to deliver perimeter-less network security and protection by reducing their attack surface. Instead of trusting entities by default or via a one-time authentication, users are vetted continuously by ascertaining their current security posture. No device on the network is automatically considered “trusted” — regardless of whether it belongs to staff, other internal or external users such as contractors or agencies — and neither are the networks, applications, and devices those users access.
Use Case #3: Threat Detection
A ZTNA solution with built-in threat protection that utilizes IDS/IPS (intrusion detection system/ intrusion prevention system) rules, destination reputation, content filtering, and machine learning models can thwart many zero-day attacks. Common cyberthreat activities that ZTNA addresses include ransomware, social engineering, C2 (command-and-control) beaconing, DDoS (distributed denial of service), phishing, and malicious domain detection.
Use Case #4: Network Visibility
A ZTNA solution provides insights into security and network operation events, classifies intelligence, and eliminates shadow IT. It also becomes an enabler of modern collaborative ecosystems. When combined with conditional access to SaaS (software-as-a-service) applications, zero trust network access empowers digital business transformation while keeping data, applications, and users secure.
In the upcoming Part 2 of this blog series, I will share practical tips for rolling out a ZTNA solution in your organization, beginning with employing user personas to minimize disruption to existing network architectures.