Not long ago, even though our world was highly advanced in digitalization, most enterprises would prefer the on-site working model and resist moving to the remote-based one, for the concern of employee productivity. As only a small proportion of the workforce relied on remote access to the corporate network, IT organizations leveraged VPN (Virtual Private Network) connections to enable such user connections. These costly proprietary VPN appliances quite satisfied most demands for tunneling to the company resources such as emails or ERP systems, in a simple approach.
The global coronavirus pandemic, however, has forced the majority of enterprises to adapt their networking strategies to the public-health crisis. With the number of remote connections from multiple isolated locations growing at an exponential rate, not only has the massive influx of remote working been escalating the use of personal devices, cloud-based applications and edge computing are also becoming the new normal.
Reduced fear, growing confidence
Consequently, this monumental shift in working habits swept across the globe and seems to have brought long-term changes to our digital work environment. After the outbreak of COVID-19, managers and executives were surprised to find the continued high productivity of their employees, which was contrary to their previous assumptions and prompted IT teams to start revisiting their infrastructure.
Before this shift, VPN worked well for decades in handling business requirements: allowing the off-site employees to access the centralized data centers from any available (untrusted) networks via encrypted connections. In other words, VPN wasn't designed with scalability or for securing cloud applications; it was never aiming to provide complete visibility into user activity; it was a solution to address connectivity at the cost of weak traffic visibility and complex network configurations.
This shift having placed a real strain on network security, IT teams must assert positive control over the changing compute environment. A real Zero Trust Access approach is an excellent approach to bolster business security without significantly compromising system flexibility and employees’ productivity regardless of where they work.
ZTNA (or software-defined perimeter”) is an emerging networking technology intended to overcome the limitations posed by VPNs while totally differing from VPN connections in nature. By providing advanced authentication to all access requested by any user from any physical location, it secures the corporate’s entire ecosystem meanwhile minimizing the network attack surface without a VPN. The following are some advantages of ZTNA compared with VPN:
Tailored Session-based Network Segment
Unlike VPN, which treats all attempted access as trusted users by default, each access request is assumed hostile, and authentication is required before the connection is made. Also, all connectivity is only granted based on the user identity and the context around its request. That is to say, the individual access given to each user is least-privileged to ensure they get access only to the applications required to do the job but nothing more.
Extra Layer of Authentication
In addition to the conventional password authentication, corporate SSO and MFA are commonly required to provide extra protection to corporate resources.
Enhanced and Seamless User Experience
With ZTNA, users stay connected all the time whether they are accessing the public cloud or a web-based application. This makes them feel like working in the office and maintains a high level of work efficiency.
As the cloud and the pandemic transformed the way web services were delivered, millions of workers around the globe transferring their workplace from office to distributed locations, full-time remote working will become the new reality. ZTNA is essential for a secured remote workforce that each security team should implement to ensure adequate protection, control and visibility over all connections without sacrificing productivity or scalability.
Fanless SFF Desktop Network Security Appliance for SME Edge Security
|CPU||Intel® Atom® C3000 Series 2~8 Cores (Denverton)|