What does Zero Trust (ZT) security mean, and why is a ZTNA approach now being talked about?

While embracing the principles of Zero Trust (ZT) security is now mandatory, pushing on towards protection solutions and services which use a ZTNA (Zero Trust Network Access) model represents the most effective and complete way to protect the company network and data.

The Zero Trust philosophy is considered by all security vendors to be the best suited to protecting company networks today. A genuine philosophy which completely overturns the principles on which protection was based up until a few years ago. The paradigm change was made necessary when it was realized that it was no longer possible to work on obsolete beliefs fundamentally based on the fact that “inside the company perimeter means safe” and “outside means unsafe”. This is also because the confines of the company networks are ever-increasingly vague and ill-defined.

Remote working is just the latest trend to show up the traditional approach as being outdated. IT architectures distributed across different cloud environments, access via Internet to the company network by controlled and uncontrolled devices (like with IoT) had already contributed to definitively bringing down the castle walls. Faced with the new operating methods and distribution of the IT environments, traditional methods such as VPNs or DMZs showed all their limitations.

Today, protection of the network must be independent from the physical location where the device connects from, and above all must not be bound by the pre-saved profile of the person who is logging in, canceling any kind of trust.

What does this mean? Zero Trust means that the latest generation of corporate protection systems ask the user to gain their trust before allowing access to platforms and applications. This is because the large majority of attacks on company networks today occur through known profiles, often following identity theft.

According to the Zero Trust philosophy, no user is “safe”, and the freedom to access services and applications must be won over one application at a time, session by session. Access by default is definitively banished; users accessing the network and their device pass through various checks managed by NAC (Network Access Control) and “brokers” (CASB) for monitoring cloud environments, often supported by machine-learning algorithms. Finally, increasing use is being made of multi-factor authentication (MFA).

The application level given over to authentication checks the authorizations of the previously defined profile for access to the applications, and carries out instantaneous checks of the device and the context: what time the user is connecting to the network, how and from where.

Ultimately, various different tools come into play in the Zero Trust approach: CASB, gateways, brokers, NAC platforms or MFA (multi-factor authentication) tools. With these integrated solutions, the IT team can obtain a complete, global view of who is connecting, from where and why.

The philosophy is called ZT; an initial, valid package of solutions falls under the acronym ZTA (Zero Trust Access); while the maximum level of security is guaranteed by a ZTNA (Zero Trust Network Access) solution, also known by the acronym SASE (Secure Access Service Edge).
Why are the most advanced companies opting for a ZTNA platform? There are essentially two main limits with authentication and monitoring solutions:

1. The first concerns the frequency of updating of the access checks and authorizations. A ZTNA solution re-evaluates the trust status of an access (user and device) at each session.
2. As a second step, a verification process for each individual application is provided for. A ZTNA platform requires greater efforts in the implementation of the protection plan in terms of configuration and customization. For example, it may be required to install an agent on the end point, with significant consequences for the IT team.

Choosing the best protection solution for a company is a complex activity to be carried out alongside the IT partner. Lutech Group puts the fundamental contribution of its advisory team at the forefront of security projects for its clients. As a first step, a complete assessment is carried out of the corporate infrastructure solely oriented to the business requirements. How the data circulate, who must access the individual applications and how, what the different protection priorities are: these are the questions which must be answered during the assessment phase.

In the next phase, Lutech Group designs the most appropriate integrated solution, drawing on the offering of a qualified vendor such as Fortinet. The world leader in security makes available everything needed for a Zero Trust approach.

From FortiCASB and FortiNAC to FortiAnalyzer and FortiManager, the range of Fortinet offerings includes everything needed for a Zero Trust approach and the adoption of an SASE strategy. Fortinet guarantees the maximum level of protection even in management of uncontrolled end points, such as IoT devices, which are delicate points of access for an attack on the corporate network precisely as they are autonomous.