Zero Trust Network Access: What is it?

Zero Trust Network Access (ZTNA) is an approach to IT where trust is never implicit. Trust needs to be earned, repeatedly, to ensure that everything inside your network (and of course outside) is a verified, trusted resource.

“Trust but verify” is not an adage that modern cybersecurity teams should be repeating. We all need to update our mantra to be: “Never trust. Always verify.” 

We see the need for this mentality in everything from phishing emails to questionable changes made within company IT infrastructure. We can’t trust that the person claiming to be our CEO in a strange email is our CEO and “verify later”. We need to question that immediately.

Verify first, and skip the trust unless it’s earned. And that trust is only temporarily.

Where did Zero Trust come from?

While we can thank Stephen Paul Marsh’s doctoral thesis on computation security for the term “Zero Trust”, the modern concept was reintroduced to the world by Forrester analyst John Kindervag. And like seemingly everything in our digital lives, once Google tested it in 2009 with BeyondCorp, it started to take off.

In the wake of the OPM data breach, the U.S. government began to take (and promote) a Zero Trust approach. In an article, Representative Jason Chaffetz points out that were Zero Trust implemented at the time of the OPM attack, “Zero trust would have profoundly limited the attacker’s ability to move within OPM’s network and access such sensitive data.” This endorsement of Zero Trust from the federal government made the approach centerstage.

Defining ZTNA in 2021

It was a lot easier to trust things inside your network when your network was inside an office along with all of your employees. But that’s not the case anymore. Employees are spread far and wide, and often your company network includes employees who are working from home and relying on home routers. 

Your network is a distributed workforce of home offices, WeWork spaces, cafes, IoT devices, mobile tablets, and various other infrastructure.

This change in the last year has really cemented the need for complete adoption of Zero Trust Network Access. Susan Gosselin on CIO Insight called 2021 the “year for Zero Trust security.” Attacks occurring from within company infrastructure by outside attackers made that clear. So the need for repeated authentication is a huge must-have for cybersecurity professionals (and companies as a whole) going forward.

In reality, you don’t know who’s behind that desk.

Walking the Zero Trust walk

Despite how often the term gets thrown around, ZTNA isn’t as widely adopted as you think it is.

One of the biggest issues with the concept of “Zero Trust” is that it’s a model, not a tool you can deploy. And so, a lot of companies think they’re employing Zero Trust when really they’re leaving it to their employees to apply a Zero Trust mindset ad hoc. And then there are companies that have a Zero Trust model in one department, but it’s not company-wide. And then there are the companies that think implementing ZTNA means an overhaul of their entire security framework.

But moving to Zero Trust doesn’t me re-architecting everything. It means applying that model to everything you’re doing currently and then adopting the tools you need to fill in the gaps.

What you really need are the right tools in place to support a Zero Trust framework. This way, there is less pressure on individuals to “take a Zero Trust approach” since everything is put in place so that their only choice is to take a Zero Trust action inside a Zero Trust model.

So what does this look like?

It means putting “trust” barriers between people and the actions they take. When you implement our DNS security, that means that no website any of your users want to go to is inherently trusted. You put that website under a microscope to find out what category it falls into and whether or not it’s malicious.

And this protects you as sites inevitably change. Formerly malicious sites are taken down, purchased by new owners, and turn into small business websites. Alternatively, previously “trusthworthy” websites can be hacked. Our AI looks for markers that indicate a site is now deceptive, and will categorize that site as a threat.

Additionally, we see our features such as Multi-factor Authentication as an important part of a Zero Trust architecture, enabling our users to prevent threat actors or employees lacking the right permissions and the ability to login and change your company’s DNS security policies.

When you work in the cloud, DNS is the road that your entire infrastructure is built on. It’s important that you implement a Zero Trust model when it comes to how your employees use it.

role of dns in it infrastructure


Search
  • There are no suggestions because the search field is empty.
Latest posts
How MSPs Can Enhance Customer Experience with Technology How MSPs Can Enhance Customer Experience with Technology

Customer experience is the secret sauce that sets successful Managed Service Providers (MSPs) apart from the rest. In a market teeming with competition, you need to offer more than the best technology or the lowest prices. It's about how clients feel when they interact with your services. A stellar customer experience can transform a one-time client into a loyal advocate, while a poor one can send them running to your competitors. According to a ...

From The Election Polls to Holiday Deals: Cybercriminals are Preying on Seasonal Trends For Their Own Gain From The Election Polls to Holiday Deals: Cybercriminals are Preying on Seasonal Trends For Their Own Gain

In July I published a blog on the DNSFilter website where I looked closely at our passive DNS data, highlighting early election trends in relation to threat domains.

Ensuring CIPA Compliance: A Practical Guide (and checklist) for Educational Leaders Ensuring CIPA Compliance: A Practical Guide (and checklist) for Educational Leaders

The Children's Internet Protection Act (CIPA) is a critical law designed to ensure that students are protected from harmful online content. It requires schools and libraries to implement Internet safety measures, such as filtering and monitoring, to safeguard minors. Compliance with CIPA is essential for institutions seeking E-Rate program discounts for Internet access and internal connections.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.