Today’s columnist, Andy Oehler of Zentry Security, writes about how Sydney, Australia, has mostly returned to normal, but that many workers still want to work from home some of the time. That’s why Oehler says Zero Trust Network Access will emerge as the secure option for businesses as we move out of the pandemic.

After a year of face masks, intermittent lockdowns and endless government announcements, many countries are now rolling out their coronavirus vaccination programs. And with vaccinations either underway or about to begin, some countries have started to look at possibly relaxing regulations around social distancing and slowly begin planning a return to some kind of normalcy.

Australia, where the spreading of COVID-19 has already largely been contained, may serve as a preview of what a return to normalcy might look like in other countries. As people walk around the streets of Sydney without face masks and are allowed to organize in-person social gatherings, the Australian government has encouraged workers to return to their offices and resume their work life as it was pre-pandemic. But workers have no intention of giving up the freedoms granted by remote working. Fewer than half of Sydney's office workers took up the government's offer, while only one-third of Melbourne's did, with the majority choosing to continue to work from home, as according to a survey by the Property Council of Australia. A PwC U.S. Remote Work Survey also found that 55% of employees would prefer to be remote at least three days a week once pandemic concerns recede.

If this trend extends geographically, businesses that were forced to hastily find remote working arrangements this time last year will now have to reassess their access solutions to see if they are viable and secure. With the cost of recovering from a breach estimated at $3.86 million by Ponemon Institute’s Cost of a Data Breach Report 2020, it's crucial for businesses of all sizes to reduce the attack surface, while allowing employees flexibility. Thankfully, tools are available to ensure that business productivity and secure connection to the corporate network aren’t mutually exclusive.

Why Zero Trust Network Access matters

Traditionally, organizations have relied on virtual private networks (VPNs) to grant users access to the corporate network remotely. The VPN approach, however, has always been challenging to scale: VPNs are inherently access tools, not a security measure, and are slow, routing traffic through a physical corporate network that’s often hundreds or even thousands of miles away from the end user. Zero Trust Network Access (ZTNA) offers a secure and efficient alternative to VPNs. It’s a network access security architecture based on the principle of Zero Trust, an approach to security that never automatically trusts a user with access to applications and systems, but rather, denies access as a default unless permission has explicitly been granted.

In fact, rather than being granted access as they would with a VPN, with ZTNA users are authenticated and then access specific apps through an encrypted channel that ensures that they can only see the systems they have explicitly been given permission to access, thus adding a layer of protection that prevents lateral movement. Where a VPN can allow a compromised user to pivot to other resources on the network, ZTNA automatically compartmentalizes access to reduce the attack surface, giving users access only to the applications they need to do their job.

A secure approach by design

ZTNA tools allow for a much more granular configuration than their VPN counterparts. Rather than giving users access to the entire network segment where an application is hosted, ZTNA tools let administrators restrict or grant users’ access to single functionalities within an application.

In its definition of ZTNA, Gartner explains that “applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access and prohibits lateral movement elsewhere in the network.”

This approach greatly reduces the potential damage caused by a security incident: whereas, with a VPN an attacker could easily reach the entire corporate network from an infected endpoint, ZTNA greatly limits any potential damage from an attacker by restricting access to individual applications and resources.  Moreover, because ZTNA requires multi-factor authentication prior to granting a connection, most attackers cannot gain access to applications and resources.

ZTNA’s operational value

ZTNA offers greater security than VPNs, and it’s also a much more scalable, flexible and elastic option, suitable for organizations that need to provide a remote workforce with seamless access to the systems they need to do their jobs. Accessing systems are often as simple as opening a browser, and this doesn’t require users to download VPN clients or go through lengthy authentication processes.

ZTNA also offers significant value in providing today's modern businesses with consistent remote access experiences for employees, contractors, and third parties. This encourages collaboration and more readily adjusts to changing business circumstances than the more traditional VPN.

The benefits of a more reliable and significantly faster network access solution naturally translate into a faster, more efficient workforce, no longer bound by the nerve-wracking connection times complex device clients, and frustrating policy syntax.

If the past year has taught us anything, it’s that resilience has become the key to survival. Businesses that could adapt quickly were the ones that better managed to cope with the challenges of the “new normal”. But as workers slowly ease back to the office, we are likely to see hybrid models of working become more popular, with workers continuing to operate remotely for part of the time, bringing their own devices to work and, in general, expecting more flexibility from their employers.

ZTNA best positions IT teams to face those requirements: Easy to deploy and lacking the complex infrastructure maintenance required by VPNs, ZTNA offers an equally secure, scalable and seamless option for the businesses of the future. 

Andy Oehler, vice president, engineering, Zentry Security