Naveen Palavalli, VP of Product – Netskope speaks to VARINDIA on the importance of the Zero trust network principle and how the evolution from legacy security mechanisms to Zero trust network access is helping organizations in terms of security, performance and the overall cost of deployment -
How do organizations benefit from deploying ZTNA?
Zero trust network access (ZTNA) is an evolution from the traditional security mechanisms, such as VPNs, that place excessive implicit trust on users and often permit full network access to any user with valid keys. ZTNA, on the other hand, is built using zero trust principles and provides context-driven “least privileged” access to specific applications, reducing the risk of excessive data exposure or lateral movement of threats.
ZTNA offers major benefits in terms of security, performance and the overall cost of deployment. On the security front, ZTNA prevents excessive data exposure and lateral movement of threats by providing precise access to specific applications after the evaluation of several contextual elements such as user identity, device identity, device security posture, time of the day, location, etc.
Talking about performance, ZTNA significantly improves the user experience by providing direct connectivity to the applications, no matter whether they are hosted in public clouds or private data centers. This is a huge value add for the current hybrid workforce that would prefer frictionless access to the corporate applications instead of letting their traffic get backhauled to centralized servers for security enforcement. ZTNA also allows organizations to achieve huge cost savings and improve business agility by eliminating the expensive MPLS and VPN connections in favor of fast and affordable broadband connectivity.
ZTNA is a key part of an SSE or SASE architecture, enabling organizations to secure their web, cloud and private applications traffic from a unified cloud-native platform.
How does it ensure unlimited access of resources to employees without endangering its security?
Actually it specifically doesn’t ensure unlimited access to anything - zero trust is about verifying that access is appropriate before it is granted. One of ZTNA’s characteristics is to provide precise access to specific resources only for that specific instance, preventing unauthorised lateral movement in case the user or device is compromised.
Additionally, since the goal of ZTNA is to eliminate implicit trust and secure the access to protect the data, a ZTNA solution should continuously evaluate the dynamic risks associated with the users, devices and data, and enforce adaptive access control policies to protect the valuable data.
ZTNA also allows organizations to optimize the application access and minimize network latency, thus ensuring uninterrupted and fast access to necessary resources, and improving the employee experience, which was a major weakness of early zero trust solutions.
For example Netskope’s network is underpinned by more than 60 global data centres, ensuring consistently low latency of under 10 milliseconds.
Could you tell us more about ZTNA anywhere and how do you wish to project it among organizations who look for applying Zero trust principle?
ZTNA Anywhere is a term introduced by Gartner, and it essentially captures the idea of using ZTNA for both remote and campus or office based employees. While the cloud-delivered ZTNA solution solved the remote work challenges for a majority of the workforce and allowed them secure and direct access to the corporate applications, the access within the corporate premises was still controlled by legacy solutions such as VLANs, WLANs, ports, switches, and firewalls.
Moreover, the implicit trust placed by the legacy solutions left the on-premise users with potentially too much access to internal applications. Ideally what you would want is to replicate the same zero trust principles for internal corporate traffic. Securing private application traffic through ZTNA works great when the user is connecting from home or a remote branch office, but it becomes cumbersome to hairpin the corporate network traffic through ZTNA provider's point-of-presence when both the user and the application are local.
This is where the ZTNA Anywhere solution can help. By extending the ZTNA capabilities to campus locations, ZTNA Anywhere gives organisations the ability to enforce zero trust access within the corporate networks, effectively providing consistent user experience and comprehensive visibility and control offered by ZTNA for remote workers.
How do you propose to address the hybrid work challenges with ZTNA Anywhere?
While consensus has not yet been reached around the optimal balance of office and remote work, there is a growing agreement that hybrid in some form is going to be the way forward. India is no exception, with both employers and employees aligned on the fact that the hybrid model is probably the best moving forward. With employees splitting their time between home office and corporate office environments, their access to corporate applications need to be seamless, no matter where they connect from, and the ideal solution in this scenario is ZTNA Anywhere.
Netskope's ZTNA offering, Netskope Private Access (NPA), delivers ZTNA Anywhere by combining the capabilities of cloud-based ZTNA and campus ZTNA, seamlessly connecting users anywhere to private resources everywhere delivered via a unified SSE platform. In campus ZTNA, the ZTNA brokers are deployed within the local data centres or campus locations. The goal is to keep local traffic local, while enjoying the same flexibility and security benefits a cloud-based ZTNA solution provides. As users move between the campus and other remote locations, NPA automatically steers the users’ traffic through the most optimum route. The consolidated ZTNA Anywhere solution offers consistent and superior user experience with uniform policy enforcement, strong security control and enhanced visibility into application traffic and user activities.
Hybrid work is converging the IT requirements and zero trust strategies to empower successful digital transformation. Netskope Private Access, with its ZTNA Anywhere solution, is driving the hybrid work initiatives by delivering the performance, scalability, availability, and resilience that infrastructure teams demand, as well as the visibility, data protection and risk reduction that are priority for the security teams.
How is Netskope planning to expand its reach into the SASE market?
Netskope has been a pioneer of the SASE market even before the term was coined by Gartner. Netskope was named a leader in the inaugural Gartner SSE Magic Quadrant validating it’s complete vision and execution for SSE. In order to advance the innovation on SASE, Netskope acquired Infiot, a leading SD-WAN innovator with a view to deliver a unified SASE platform.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
