Welcome to the fifth and final installment of our 5-part BlackBerry blog series designed to demystify the key stages of a zero trust journey. In Part 1, we discussed practical zero trust network access use cases. In Part 2, we covered how to employ ZTNA user personas. Part 3 was devoted to various ZTNA-relevant applications, while Part 4 focused on implementation of an access control list policy. Here in Part 5, I’ll provide some guidance on how organizations and businesses can maintain and support ZTNA beyond its initial implementation.
Five Steps to Zero Trust Network Access: Beyond ZTNA
Beyond ZTNA: Sustaining, Supporting, and Evolving into SSE
ZTNA is the anchor to modernizing SecOps (security operations), enabling the hybrid workforce, and building 24x7x365 cyber resiliency. The residual benefits of a ZTNA solution include consolidating existing network and security tools, transforming legacy network architectures, building a strong zero trust security foundation, and maximizing the investments made to support the organization’s overall digital transformation efforts.
When it’s sustained, supported, and evolved, a well-thought ZTNA solution enables businesses to embrace even newer frontiers, such as security services edge (SSE) solutions.
Here are the five things an organization should address to advance its ZTNA implementation and reap the lasting benefits of an initial zero trust journey.
1. Modernize SecOps. A ZTNA solution can help modernize SecOps teams that are required to provide rapid response to zero-day threats. A strong zero trust foundation in the form of a well-deployed ZTNA solution can consolidate actionable alerts and indicators of compromise into a single canvas, bringing enormous efficiencies to SecOps teams.
Zero trust is a journey and the course needs to be charted with clear goals and priorities that are aligned with outcomes. A disciplined approach wherein every milestone in the journey can result in measurable ROI can catalyze expanding zero trust principles across all digital resources and connected assets.
In a recent BlackBerry Global Threat Intelligence Report, researchers found that prioritizing the detection of TTPs (tactics, techniques, and procedures) in a network is critical. By identifying these TTPs and threat actor profiles, a cybersecurity team can significantly reduce the impact of attacks and bolster their threat hunting, incident response, and recovery efforts.
2. Consolidate network and security tools. A ZTNA solution that plugs in and/or coexists seamlessly with your EPP (endpoint protection platform), EDR (endpoint detection and response), XDR (extended detection and response), UEM (unified endpoint management), and SD-WAN (software-defined wide area network) infrastructures can fuel the consolidation of network and security tools.
According to a recent survey of security leaders, enterprises are using an average of 76 discrete network and security tools distributed across their organization. A ZTNA solution that leans towards an SSE architecture can decrease the number of security and network tools needed in the environment, reducing complexity while eliminating silos and removing security “blind spots.”
3. Transform network architectures. A cloud-native ZTNA solution that can seamlessly support secure access to private, public, and SaaS (software-as-a-service) apps can help businesses take a leap in modernizing their network infrastructure, by moving away from the traditional “castle-and-moat” approach of relying upon on-premises network appliances, which are becoming obsolete due to digital transformation.
As additional users are brought under the ZTNA umbrella, and as the network transformation evolves into an SSE architecture, a number of traditional network security and connectivity tools need to be managed, including VPNs (virtual private networks), SD-WANs, firewalls, secure web gateways, CASBs (cloud access security brokers), and more. A best-in-class ZTNA solution that adopts an SSE approach can facilitate this layered transformation, providing small and mid-market businesses a great opportunity to secure, harden, modernize, and transform their network architectures.
4. Accelerate digital transformation. As organizations continue to migrate resources from on-premises to the cloud as part of their digital transformation journey, they need to be able to establish connectivity to private resources — wherever they are hosted.
Enterprises are often constrained in their digital transformation ambitions due to an inability to simultaneously manage secure remote access to enterprise resources that reside on-premises and in the cloud. A best-in-class ZTNA solution with SSE is uniquely positioned to solve this situation for the enterprise, by facilitating secure remote access to resources residing in both environments.
5. Track goals, priorities, and outcomes. Zero trust is a journey, and the course needs to be charted with clear goals & priorities that are aligned with outcomes. A disciplined approach, where every milestone results in measurable ROI, can catalyze expanding zero trust principles across all digital resources and connected assets.
What’s Next?
I hope this blog series helps demystify some of the hype around zero trust. A realistic and pragmatic implementation approach can bring early wins in a zero trust transformation journey, while also helping organizations support, sustain, and evolve from ZTNA to a security services edge solution.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
Related Reading
- Five Steps to Zero Trust Network Access: Creating Your First Use Cases, Part 1
- Five Steps to Zero Trust Network Access: How to Identify User Personas for Zero Trust Network Access, Part 2
- Five Steps to Zero Trust Network Access: Identifying Your Applications, Part 3
- Five Steps to Zero Trust Network Access: Configuring ACL for User-Application Segmentation, Part 4
- At the Cutting Edge of Zero Trust: Seven Enhancements to CylanceEDGE
