2021 was a busy year for cybersecurity. Nation-state-sponsored attacks from Russia, China, Iran and North Korea were aplenty. Last year was also replete with ransomware attacks on everything from hospitals and schools to critical infrastructure, so much so that even some of our favorite TV programs featured episodes capturing the impact of ransomware.
Back in the real world, ColonialPipeline was arguably the most visible, resulting in physical disruption, gasoline price hikes, and shortages to the entire Eastern Seaboard’s fuel supply. But a year of damaging cyberattacks also highlighted many of the flaws of remote access architectures: zero-days in many commercial virtual private network (VPN) solutions, new techniques to bypass multi-factor authentication (MFA), and compromised remote desktop software.
As we enter a new year, many organizations are rightfully addressing their technology gaps and transitioning away from legacy remote access solutions, like VPN, which lack even basic security safeguards. Most are executing these transitions in a phased manner, and the most successful zero trust network access (ZTNA) projects we’ve seen began with organizations rolling out access in small batches—identifying “crown jewels,” monitoring traffic flows to and from them, and implementing phased, identity-based access control.
I also feel 2022 will finally be the year that organizations embrace the permanent shift away from the “corporate network” concept and the guardrails that came with it. The more forward-thinking organizations that embraced cloud and mobility over the last 10 years have already reached this point. The rest need to catch up because, the reality is, work is an activity, not a place.
Workforces transiting between home offices, branch offices, and headquarters is now expected behavior and will—if it hasn’t already—become the standard. Hybrid work has made it essential to mitigate new risks with a consistent approach to access control, security policies, and app content inspection, anywhere users work. It also means user experience monitoring is more critical than ever before and is a must-have for any ZTNA deployment.
3 user access scenarios where ZTNA can help in 2022
As hybrid work is here to stay for a vast majority of organizations, there are three secure user access scenarios that most affect an organization: remote employees; branch offices; and accommodating new, contingent, or traveling workers.
Every remote employee is essentially an internet gateway. With remote access services transitioning to identity-based controls, attackers will be opportunistic by targeting credentials. And why not?
Let’s think about digital access the same way we think about physical access to a building. What’s easier for gaining access into a building: Stealing an employee’s ID badge, or a brute force break-in that will potentially trigger alarms, be caught on surveillance cameras, and can be stopped by roaming patrols? Clearly, it’s much easier to gain access by using an employee ID badge that won’t raise any flags within the physical security systems.
Similarly, I see no letup with insider threats, which expose a greater risk than credential theft. Why? Because a remote access “broker” that sees valid device posture and user context will have no reason not to allow policy-based access, even if the user’s intent is malicious. Access brokers not (yet) being mindreaders is exactly why ZTNA needs to include the ability to block malicious behavior with inline threat (known and 0-day) and data loss prevention. Otherwise, you’re relying on host or app security alone if credentials are stolen or abused…not a desirable position.
Now let’s look at the branch. Hybrid work means the “thin branch” approach is increasingly desirable. Most branch offices will remain at partial capacity for the foreseeable future, accelerating trends toward curtailing hardware and expensive private line connectivity. Continued adoption of SD-WAN as an alternative will continue and accelerate by bringing networking under the security umbrella, an approach that’s become the mainstay of true secure access service edge (SASE) solutions.
As branch infrastructure is streamlined, it’s easy to get lax with security. Extending ZTNA to the branch mitigates the risk of security posture erosion due to simplification while providing access policy and user experience consistency with remote working scenarios, a win-win.
Accommodating new, contingent, or traveling workers
The Great Resignation is at hand. As companies struggle with high employee turnover and managing a growing rank of contract and mobile workforces, we need to put a premium on the simplified scale and usability for ZTNA solutions. This means agentless deployment options for temporary employees and non-employee users.
Covid restrictions subsiding means employee travel will resume, as it has for some already. In this dynamic environment, organizations will need to continuously monitor employee access attempts and sessions as behavioral baselines will be constantly shifting. It won’t always be easy to pick up on red flags of compromised accounts.
For example, login times, session durations, and locations will be changing. These variables need to be factored into real-time trust decisions that trigger a response, like additional authentication challenges or breaking off access to specific resources. And this is especially pertinent given the increased risk of compromised credentials and snooping in certain geographical areas.
Gain consistent security policy and controls with ZTNA
If this year is anything like the last, it will be far from predictable. Don’t let it overwhelm you. We have the ability to prepare ourselves better by ensuring we take a broader approach to ZTNA through the application of consistent policy and security controls for users working from anywhere, to any resource that they try to access.
Find out how ZTNA from Palo Alto Networks can help you meet your 2022 secure remote access goals, wherever your employees and resources are located.