Zero Trust Network Access: What is it?

Zero Trust Network Access (ZTNA) is an approach to IT where trust is never implicit. Trust needs to be earned, repeatedly, to ensure that everything inside your network (and of course outside) is a verified, trusted resource.

“Trust but verify” is not an adage that modern cybersecurity teams should be repeating. We all need to update our mantra to be: “Never trust. Always verify.” 

We see the need for this mentality in everything from phishing emails to questionable changes made within company IT infrastructure. We can’t trust that the person claiming to be our CEO in a strange email is our CEO and “verify later”. We need to question that immediately.

Verify first, and skip the trust unless it’s earned. And that trust is only temporarily.

Where did Zero Trust come from?

While we can thank Stephen Paul Marsh’s doctoral thesis on computation security for the term “Zero Trust”, the modern concept was reintroduced to the world by Forrester analyst John Kindervag. And like seemingly everything in our digital lives, once Google tested it in 2009 with BeyondCorp, it started to take off.

In the wake of the OPM data breach, the U.S. government began to take (and promote) a Zero Trust approach. In an article, Representative Jason Chaffetz points out that were Zero Trust implemented at the time of the OPM attack, “Zero trust would have profoundly limited the attacker’s ability to move within OPM’s network and access such sensitive data.” This endorsement of Zero Trust from the federal government made the approach centerstage.

Defining ZTNA in 2021

It was a lot easier to trust things inside your network when your network was inside an office along with all of your employees. But that’s not the case anymore. Employees are spread far and wide, and often your company network includes employees who are working from home and relying on home routers. 

Your network is a distributed workforce of home offices, WeWork spaces, cafes, IoT devices, mobile tablets, and various other infrastructure.

This change in the last year has really cemented the need for complete adoption of Zero Trust Network Access. Susan Gosselin on CIO Insight called 2021 the “year for Zero Trust security.” Attacks occurring from within company infrastructure by outside attackers made that clear. So the need for repeated authentication is a huge must-have for cybersecurity professionals (and companies as a whole) going forward.

In reality, you don’t know who’s behind that desk.

Walking the Zero Trust walk

Despite how often the term gets thrown around, ZTNA isn’t as widely adopted as you think it is.

One of the biggest issues with the concept of “Zero Trust” is that it’s a model, not a tool you can deploy. And so, a lot of companies think they’re employing Zero Trust when really they’re leaving it to their employees to apply a Zero Trust mindset ad hoc. And then there are companies that have a Zero Trust model in one department, but it’s not company-wide. And then there are the companies that think implementing ZTNA means an overhaul of their entire security framework.

But moving to Zero Trust doesn’t me re-architecting everything. It means applying that model to everything you’re doing currently and then adopting the tools you need to fill in the gaps.

What you really need are the right tools in place to support a Zero Trust framework. This way, there is less pressure on individuals to “take a Zero Trust approach” since everything is put in place so that their only choice is to take a Zero Trust action inside a Zero Trust model.

So what does this look like?

It means putting “trust” barriers between people and the actions they take. When you implement our DNS security, that means that no website any of your users want to go to is inherently trusted. You put that website under a microscope to find out what category it falls into and whether or not it’s malicious.

And this protects you as sites inevitably change. Formerly malicious sites are taken down, purchased by new owners, and turn into small business websites. Alternatively, previously “trusthworthy” websites can be hacked. Our AI looks for markers that indicate a site is now deceptive, and will categorize that site as a threat.

Additionally, we see our features such as Multi-factor Authentication as an important part of a Zero Trust architecture, enabling our users to prevent threat actors or employees lacking the right permissions and the ability to login and change your company’s DNS security policies.

When you work in the cloud, DNS is the road that your entire infrastructure is built on. It’s important that you implement a Zero Trust model when it comes to how your employees use it.

role of dns in it infrastructure


Search
  • There are no suggestions because the search field is empty.
Latest posts
What is Secure Web Gateway: What It Does, Benefits, and More What is Secure Web Gateway: What It Does, Benefits, and More

In today's world of ever-increasing cyber threats, organizations need strong defenses to protect their networks and data and in this complex digital ecosystem, we need more than just one line of defense.

Revving Up the Fun: DNSFilter's IndyCar Experience Recap — St. Pete Edition Revving Up the Fun: DNSFilter's IndyCar Experience Recap — St. Pete Edition

What a weekend at the track! DNSFilter was thrilled to host 10 guests alongside Pax8 this weekend for an unforgettable IndyCar experience in sunny St. Petersburg. Those who joined us came from Thrive, MVP Network Consulting LLC, Myrtle Beach Academy of Aviation, Entech, NetGain Technologies,Warren Averett Technology Group, LLC, and ECMSI—we were lucky to be in such great company for our very first race of the season.

Man-in-the-Middle Attacks: What Are They? Man-in-the-Middle Attacks: What Are They?

A man-in-the-middle (MITM) attack is a form of cyber threat where a bad actor inserts themselves into a conversation between two parties, intercepts traffic, and gains access to information that the two parties were trying to send to each other. It allows attackers to eavesdrop, collect data, and even alter communications between victims. Understanding the mechanics, implications, and defense mechanisms against MITM attacks is essential for prote...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.