Zero Trust Network Access: What is it?

Zero Trust Network Access (ZTNA) is an approach to IT where trust is never implicit. Trust needs to be earned, repeatedly, to ensure that everything inside your network (and of course outside) is a verified, trusted resource.

“Trust but verify” is not an adage that modern cybersecurity teams should be repeating. We all need to update our mantra to be: “Never trust. Always verify.” 

We see the need for this mentality in everything from phishing emails to questionable changes made within company IT infrastructure. We can’t trust that the person claiming to be our CEO in a strange email is our CEO and “verify later”. We need to question that immediately.

Verify first, and skip the trust unless it’s earned. And that trust is only temporarily.

Where did Zero Trust come from?

While we can thank Stephen Paul Marsh’s doctoral thesis on computation security for the term “Zero Trust”, the modern concept was reintroduced to the world by Forrester analyst John Kindervag. And like seemingly everything in our digital lives, once Google tested it in 2009 with BeyondCorp, it started to take off.

In the wake of the OPM data breach, the U.S. government began to take (and promote) a Zero Trust approach. In an article, Representative Jason Chaffetz points out that were Zero Trust implemented at the time of the OPM attack, “Zero trust would have profoundly limited the attacker’s ability to move within OPM’s network and access such sensitive data.” This endorsement of Zero Trust from the federal government made the approach centerstage.

Defining ZTNA in 2021

It was a lot easier to trust things inside your network when your network was inside an office along with all of your employees. But that’s not the case anymore. Employees are spread far and wide, and often your company network includes employees who are working from home and relying on home routers. 

Your network is a distributed workforce of home offices, WeWork spaces, cafes, IoT devices, mobile tablets, and various other infrastructure.

This change in the last year has really cemented the need for complete adoption of Zero Trust Network Access. Susan Gosselin on CIO Insight called 2021 the “year for Zero Trust security.” Attacks occurring from within company infrastructure by outside attackers made that clear. So the need for repeated authentication is a huge must-have for cybersecurity professionals (and companies as a whole) going forward.

In reality, you don’t know who’s behind that desk.

Walking the Zero Trust walk

Despite how often the term gets thrown around, ZTNA isn’t as widely adopted as you think it is.

One of the biggest issues with the concept of “Zero Trust” is that it’s a model, not a tool you can deploy. And so, a lot of companies think they’re employing Zero Trust when really they’re leaving it to their employees to apply a Zero Trust mindset ad hoc. And then there are companies that have a Zero Trust model in one department, but it’s not company-wide. And then there are the companies that think implementing ZTNA means an overhaul of their entire security framework.

But moving to Zero Trust doesn’t me re-architecting everything. It means applying that model to everything you’re doing currently and then adopting the tools you need to fill in the gaps.

What you really need are the right tools in place to support a Zero Trust framework. This way, there is less pressure on individuals to “take a Zero Trust approach” since everything is put in place so that their only choice is to take a Zero Trust action inside a Zero Trust model.

So what does this look like?

It means putting “trust” barriers between people and the actions they take. When you implement our DNS security, that means that no website any of your users want to go to is inherently trusted. You put that website under a microscope to find out what category it falls into and whether or not it’s malicious.

And this protects you as sites inevitably change. Formerly malicious sites are taken down, purchased by new owners, and turn into small business websites. Alternatively, previously “trusthworthy” websites can be hacked. Our AI looks for markers that indicate a site is now deceptive, and will categorize that site as a threat.

Additionally, we see our features such as Multi-factor Authentication as an important part of a Zero Trust architecture, enabling our users to prevent threat actors or employees lacking the right permissions and the ability to login and change your company’s DNS security policies.

When you work in the cloud, DNS is the road that your entire infrastructure is built on. It’s important that you implement a Zero Trust model when it comes to how your employees use it.

role of dns in it infrastructure


Search
  • There are no suggestions because the search field is empty.
Latest posts
Revving up the Fun: DNSFilter's IndyCar Experience Recap — Long Beach Edition Revving up the Fun: DNSFilter's IndyCar Experience Recap — Long Beach Edition

What a weekend at the Long Beach street circuit! The energy was electric, the excitement palpable, and DNSFilter was at the heart of the action, ensuring our guests had an unforgettable experience with Juncos Hollinger Racing and Romain Grosjean, the #77 driver for Juncos Hollinger.

Securing Public Wireless Networks Securing Public Wireless Networks

In the current era of digital transformation, securing public wireless networks has emerged as a fundamental challenge for IT professionals worldwide. The evolution of technology and the increasing reliance on digital platforms for both business and personal use have made public Wi-Fi networks indispensable. However, greater access creates greater vulnerabilities, making these networks prime targets for cybercriminals. The imperative to secure pu...

How to Secure Public Wi-Fi Networks How to Secure Public Wi-Fi Networks

In the quest to safeguard public Wi-Fi networks from the myriad of cyber threats, certain proactive steps stand out as fundamental. These measures form the backbone of a comprehensive security strategy, ensuring that the network remains robust against unauthorized access, data breaches, and various forms of cyberattacks.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.