Zero Trust Network Access (ZTNA) works by authenticating a user before allowing them access to applications and services. Once authentication has taken place, the user is granted permission based on predefined parameters. This provides another layer of security over the top using a secure encrypted tunnel which shields applications and services from otherwise visible IP addresses.
This type of security gives protection against lateral attacks as attackers cannot scan the network to locate other applications and devices.
Business B use case
Business B has a hybrid workforce who often work from different locations across the globe. They regularly use public cloud-based applications in Oracle Cloud as well as in-house applications hosted in their data centre. All remote users currently all applications from the public internet
Currently Business B requires all users to access cloud and data centre applications via a corporate VPN service. This has been problematic because once user devices are authenticated to the VPN, they have full access to the corporate network. This means compromised devices could launch an attack on the corporate applications.
Business B have decided to move to a Zero Trust Network Access solution and will deploy DUO, a Cisco ZTNA product. This will enable their team to continue working remotely while allowing efficient access to only authorised applications. No user or device will have unrestricted access to the corporate network thereby improving security and significantly reducing the attack footprint.