Zero Trust Network Access (ZTNA) is a security method in which verification is required from anyone accessing resources on a given network. Trust is never implied inside or outside the network, and access is defined by granular policies.
ZTNA is designed to give users secure and seamless access to private applications without exposing apps to the internet or expanding the network’s attack surface.
Why does it matter?
As more applications move up to the cloud, network-centric solutions like VPN are no longer effective in securing sensitive data.
Traditional VPN extends the network to each remote user, which broadens the attack surface and increases security risks. Additionally, a full VPN gateway appliance stack is expensive and requires significant resources to manage, making scalability difficult. Not to mention the inconvenience of latency and constant login requirements that often slow down productivity.
How does it work?
While VPN is a network-centric solution, which comes with several limitations, ZTNA is a cloud-centric solution that secures access to applications with a fundamentally different approach.
* With ZTNA, network access and application access are two completely separate things. This distinction reduces risks reaching the network and ensures that only authorized users are granted access.
* ZTNA only makes outbound connections, which makes networks and applications invisible to unauthorized users. As a result, IP addresses are never exposed to the internet, and the network is less likely to suffer from a security breach.
* ZTNA’s native app segmentation grants authorized users access to applications on a one-to-one basis. This means that users only have access to specific applications instead of the full network.
* ZTNA shifts the emphasis from the network to the internet, making the internet the new corporate network and leveraging end-to-end encrypted TLS micro-tunnels rather than MPLS.
Secure Private Access
Secure Private Access is a cloud service that uses a distributed architecture to provide fast and secure access to private applications running on-prem or in the public cloud. Easily and securely access business applications from any device, anywhere, anytime. The service provides access based on four key principles:
* The internet has become the enterprise’s new transport network
* Application access is based on user permissions and will not require inside-the-network access
* Inside-out connections are used to make the network and applications invisible to hackers
* Application segmentation should connect users to a specific app and limit lateral movement
Avast Business solutions include Zero Trust Network Access.