The move to hybrid work has dramatically increased the attack surface that SecOps and IT teams must protect. As employees move off the internal network and connect from anywhere using a wide array of unsecured devices, it is essential to improve cyberdefenses. Perhaps the most important new approach for securing data and assets is the zero trust framework. This is not a product but rather a structure and set of policies that are the foundation for deploying better defenses.
The main concept behind the zero trust security model is “never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified. Further, accounts should be given the least privileges necessary for users to do their jobs, ensuring limited access to resources that could be compromised if a user’s identity were compromised.
Zero trust network access (ZTNA) takes the same principles and applies them to remote access to ensure the security of applications, data and services using clearly defined policies. ZTNA is an important improvement in cybersecurity for hybrid work. Virtual private networks don’t provide anything more than a secure connection, and if a user’s credentials are compromised, attackers can move laterally without much limitation because they have gotten behind the firewall.
ZTNA Is a Better Solution for Hybrid Work
With employees connecting from anywhere, with any type of device, yet still needing access to the full library of corporate applications, it falls to SecOps to ensure that these activities are secure. To help with that task, ZTNA has several specific capabilities that deliver better protection. These include:
- Constant monitoring: One of the most important capabilities of ZTNA is that it constantly monitors user accounts looking for “abnormal” usage metrics or activity that may indicate that a user’s credentials have been stolen. This is critically important because it dramatically reduces the time to detection and helps stop a breach much faster.
- Consistent device security without user involvement: One of the trickiest elements of legacy security approaches was the need to have users either add or update security software to provide an initial line of defense. Of course, 100% compliance was never going to happen, and vulnerabilities were commonplace.
- Effective restriction of lateral movement when attackers gain access: It is a certainty that attackers will occasionally compromise user credentials. With ZTNA and the use of least-privilege access restricting what each user can do, attackers can no longer move laterally with impunity. As a result, a single breached account has far less impact and is automatically contained.
- Application protection: Rather than providing all users access to the entire environment, ZTNA supports policy-based application access for only those employees who need it. Further, applications in the cloud or outside the data center are also protected.
Citrix Utilizes ZTNA to Enable Secure Access From Anywhere, for Any Device, to Any Application
Citrix has achieved a leadership position by implementing ZTNA to protect web applications, SaaS, client-server and DaaS. This gives workers full access without putting corporate assets at risk. Citrix supports constant monitoring of user sessions to identify any suspicious activity more quickly. Further, with Citrix Analytics for Security, the SecOps team has enhanced tools to leverage the basic capabilities of ZTNA. And key Citrix platforms have automated security controls that can stop potential attacks as they are happening, as soon as malicious activity is visible. Finally, all this security is in place without impacting the user.
The migration to hybrid work demands a secure environment. Cyberdefenses need to be purpose-built for both the current threat landscape and the digital employee experience. ZTNA provides the constant vigilance, unique policy-determined privileges and application access that are necessary today. Citrix has implemented ZTNA to deliver a digital workspace that meets the demands of employees, management and IT and security teams. To learn more about how your organization can deploy a secure hybrid work solution, please check out (CALL TO ACTION).