Zero-trust network access has become the leading project for organizations looking to adopt zero-trust principles.
Gartner predicts that 60% of organizations will be adopting zero trust by 2025,1 so there are lots of zero-trust projects going on.
As a result, ZTNA is frequently the first solution identified as a zero-trust project.
ZTNA enables the need to shift how employees access applications, which is how 90% of work is accomplished in knowledge-work industries.
Now, as organizations shift back to more time in the office, controlling application access from both remote and on-prem locations is vital.
ZTNA's ability to protect this critical attack surface is a giant leap forward in the zero-trust journey.
ZTNA increases access security by performing user identity and device posture checks before granting explicit access to each application, and it continues to check both the user and device to ensure they remain connected to that application.
This granular access control enables appropriate levels of control for the various applications in use, making it much more difficult for an attacker to get and maintain access to an application.
Of course, implementing a complete ZTNA solution still requires changes to the network and how users access applications.
VPN networks have proven quite capable of securing traffic over the internet for remote users, and those solutions are already fully deployed.
VPN alone has limitations, such as authenticating and monitoring users, devices, and access.
For these organizations, implementing ZTNA over VPN adds critical capabilities to a tried and tested solution already in place.
The Fortinet Security Fabric integrates our ZTNA and VPN technologies, allowing ZTNA over VPN to be quickly and easily implemented.
At the head end, every FortiGate next generation firewall contains a VPN concentrator and a ZTNA application gateway.
For endpoints, FortiClient includes both a VPN and a ZTNA agent.
Organizations can utilize these capabilities in the FortiGate and FortiClient for ZTNA over VPN to enable user identity checks, device posture checks, and granular application access control over a VPN tunnel.
Of course, ZTNA over VPN is not a full ZTNA solution, as it only applies to remote workers.
When users are working on the network, the ZTNA over VPN policies will not be checked.
For remote users, it is a big step forward from legacy VPN-based networkwide access to granular application access control.
Fortinet has many customers who have adopted ZTNA over VPN as their first step in their zero-trust journey.
This Cyber News was published on feeds.fortinet.com. Publication date: Thu, 07 Dec 2023 16:43:06 +0000