The Covid-19 pandemic has upended traditional ways of working all over the world. Employees that may have been tethered to their desks at the office for the vast majority of their working lives found themselves working remotely for the first time. For example, over 65% of Australians now work from home at least some of the time, indicating that organizations shifting toward remote and hybrid work environments are less likely to be a trend but more pronounced going forward.
Yet, this migration to remote work may expose holes in your organization’s network security that threat actors are all too eager to exploit. As the concept of the traditional enterprise perimeter, or the “old castle and the moat” concept gives way to cloud-based technologies, the demarcation lines become increasingly more blurred.
A whole new world
During this shift in landscape, mobile technology and devices have moved to the forefront of business operations in ways they have never been before with their combination of flexibility and performance. Unfortunately, these new technologies also represent a number of challenges for security departments looking to ensure critical data remains protected as control over the infrastructure moves from on-premises to the cloud.
Depending on their management plan and ownership level, organizations may increasingly rely on staff to use their personal devices when working remotely. When left unmanaged, threats such as unauthorized access to sensitive data and network breaches have a higher tendency to occur stemming from an uptick in phishing and ransomware attacks in recent years. Mobile users are particularly more vulnerable to phishing attacks via SMS and through social media platforms, such as Facebook and WhatsApp, which recent threat data supports are increasingly targeted due to their wide, global acceptance.
Virtual Private Not-working
In addition to altering the underlying management infrastructure for mobile devices, the increased number of users requiring secure connections and reliance on cloud-based technologies place an additional burden on legacy VPN solutions. Such solutions not only impact endpoint performance but also:
- Offer a substandard user experience and
- Are complex to integrate and centrally manage.
- Worse still, they are insecure by design, requiring
- users to be granted access to the entire network and not just
- what they need. But legacy VPN solutions add a level
- of difficulty to threat mitigation and remediation.
Most importantly, as organizations plan for the paradigm shift toward remote or hybrid work environments, legacy VPN solutions simply were not intended to offer the level of security required of endpoint protection solutions for mobile devices in the modern computing landscape.
The latter corresponds to a rise in the scope and range of security threats targeting remote workforces and the exploding cost of ransomware mitigation, among other cybersecurity threat trends. These have left IT and Security departments searching for a solution that bolsters mobile endpoint security while simultaneously improving secure access management and simplifying security protocol integration.
A hero is born…
Enter Zero Tolerance Network Access (ZTNA). The modern replacement to legacy VPN only allows secure access to applications, data and services in remote locations after the end-user has successfully authenticated through a multi-faceted authentication process. A process that involves:
- Extensive user verification through credentials
- Multi-factor Authentication (MFA) approval
- Validation of device, including authorization and health status checks
- Contextualized approvals, based on other criteria, like time/date or location
By separating “secure access” from the data, applications or services being requested, ZTNA provides the best possible defense against the most common entry points used by malicious actors for exploitation. It achieves this by establishing unique microtunnels for each request made to a remote service. If the request fails to authenticate, then access remains blocked until the user and/or device receives remediation to bring the user’s credentials and/or device into compliance without impacting access to other services and apps, allowing end-users to remain productive.
Simply put: zero tolerance means zero tolerance. Never trust — always verify.
Putting ZTNA to work for your organization
For IT teams adopting ZTNA solutions, this means that deploying servers, managing certificates for user authentication and configuring IP addresses are effectively a thing of the past. ZTNA’s identity-centric security model permits only authorized users and devices to connect to business applications.
Thanks to its cloud-based infrastructure, there is no hardware to manage or complex security software to configure when deploying ZTNA technology. Additionally, the unified access policy allows for secure protection that spans across all hosting locations (on-premises, public and private clouds and SaaS apps), meaning protocols are enforced consistently across your entire fleet of endpoints — regardless of location.
As an endpoint security solution tailored for fully remote and hybrid work environments, ZTNA also performs constant risk assessments of devices, usage policies and data integrity on both devices and in the cloud.
What does this mean? That access is only granted when the users and endpoints requesting access are verified and in compliance with all of the prerequisites set forth by IT and Security teams.
ZTNA solutions are designed specifically to replace legacy VPNs with a consistent secure access experience, allowing staff to operate anywhere with their own device.
By using a strict, multi-layered verification process to build up trust before users and devices are granted access to networks and sensitive data, these layers of security place firm controls on what end users can and cannot access across their devices.
Key takeaways
- VPN security relies on implicit trust, but ZTNA is designed as “zero trust”. Each request for access must be verified before access is granted — no exceptions.
- As a network solution, ZTNA supports security operations across both devices and apps for all modern desktop and mobile operating systems, such as macOS, iOS, Android and Windows.
- The cloud-based infrastructure eliminates the need for IT to deploy, manage and support physical servers, complex software configurations or manage certificates for identification.
- ZTNA solutions integrate with your existing stack, leveraging identity and authentication workflows, enabling Single Sign-On (SSO) spanning all hosting locations.
- Application microtunnels provide unique connectivity to apps and services, simultaneously enforcing least privilege while preventing lateral movement.
- ZTNA utilizes risk-aware policies that constantly monitor device health to detect non-compliance with organizational policies, effectively denying access until remediated.
- End-user privacy is maintained through split-tunneling technology which routes traffic generated from personal apps directly to the Internet while keeping business app traffic secured.
Considering that a vast majority of organizations have migrated to remote and hybrid workforces, it is now more essential than ever for organizations to have the most effective and lightweight security measures guarding access to their business apps while remaining seamless to the end-user.
ZTNA solutions provide a comprehensive and consistent layer of security while serving as the modern replacement for all legacy VPN security solutions.
But don’t just take Jamf’s word for it. Put ZTNA to work today in your environment!
Subscribe to the Jamf Blog
Have market trends, Apple updates and Jamf news delivered directly to your inbox.
To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.