The legacy method of granting users access to applications in the enterprise is to extend the network perimeter to the client. This is achieved by routing the traffic between the client and the network edge in one secure tunnel. This approach poses a security risk as the user usually has full access to all network resources and applications.
The next problem with legacy VPNs is that it is based on Layer 3. This means your security policies are based on IP information, for example Access Control Lists (ACLs). These ACLs become increasingly complex to manage as the number of applications grows. The network team spends considerable time maintaining firewall and ACL rules just to ensure that users can access the applications they need to do their job.
The solution to this is Zero Trust Network Access (ZTNA), sometimes called a Software Defined Perimeter (SDP). ZTNA removes the need to expose the network to the user — instead, the user is granted access to specific applications based on identity and context, not network location.
This fundamentally changes the security posture: users can only see the applications they are authorised to access. The network becomes invisible, and lateral movement — a key technique in modern attacks — becomes impossible.
Read the full article on Cloud Security Zero.
← All writing