ZTNA – What is it and why are my customers interested in it?

ProductsSophos ZTNATechnical News

One thing is for certain, COVID has accelerated a change in working practices with a dramatic shift away from office-based operations. Cybersecurity has to adapt because the traditional ‘fortress’ approach of securing data behind multiple layers of defence is starting to look as antiquated as the medieval castles so often used as a real-world analogy of this protection model. How can we maintain security when the perimeter is dissolving and in this brave new work from home world? Enter Zero Trust Network Access or ZTNA.

The founding principles of this model are simple – trust no one and assume nothing. Inherited trust just because you are connecting from a certain network, using static defences like a firewall is largely eliminated. Access is instead granted dynamically and established via a multitude of checks on identity, device, location, requested resource and privilege, all of which is constantly revaluated. This brings enormous operational flexibility into the equation, unifying traditional data centre, public cloud and SaaS application access and facilitating remote working using a combination of device types and ownership as required. The benefits run deeper, however, because whilst on the face of it, ZTNA sounds like it is introducing complexity, the reverse is potentially true. Zero-trust can remove many of the headaches typically associated with security management:

Control of the entire IT estate
From inside the office all the way to the cloud platforms you use. No more lack of control outside the corporate perimeter or struggles with remote users.

Manage and secure all users in the same way
By no longer seeing things as inside or outside the corporate perimeter, you can treat all users in the same way. This both simplifies IT security while also ensuring all devices and users are treated equally.

Maintain security even when you don’t own/have full control over the infrastructure in use
By using identity, location, device health, MFA, and overlaying monitoring and analysis, you’re still able to have strong security across any kind of environment, platform, or service.

Drastically reduce the movement of malware or attackers
Rather than having free rein of the entire network once they’re inside, attackers only have access to the bare minimum of systems the compromised user had access to. By continuing to distrust the authenticated user, checks will be in place between those systems.

Hopefully by now you are sold on the philosophy, but the next question is how to facilitate zero-trust and experience this utopian vision of the future. Enter Sophos ZTNA.

Sophos ZTNA is a brand-new cloud-delivered, cloud-managed product to easily and transparently secure important networked applications with granular controls.  It’s scheduled to enter early access early next year.

Sophos ZNTA consists of three components:

  • Sophos Central– provides the ultimate cloud management and reporting solution for all Sophos products including Sophos ZTNA.  Sophos ZTNA is a fully cloud enabled with Sophos Central providing easy deployment, granular policy management, and insightful reporting from the cloud.
  • Sophos ZTNA Gateway– will come as a virtual appliance for a variety of platforms to secure networked applications on-premise or in the public cloud with AWS and VMware ESXI support initially closely followed by Azure, Hyper-V, Nutanix, and others.
  • Sophos ZTNA Client– provides transparent and frictionless connectivity to controlled applications for end-users based on identity and device health. It will integrate with Synchronized Security for Heartbeat and device health. It is super easy to deploy from Sophos Central, with an option to easily deploy alongside Intercept X with just one click, or it can work stand-alone with any desktop AV client (obtaining health status from Windows Security Centre). It will initially support Windows, followed by macOS and later Linux and mobile device platforms as well.

Although we aren’t quite ready to launch yet, Sophos ZTNA is in an advanced stage of early access program (EAP). In fact, we are now in our second phase and that means that many of the core features and capabilities are now available for you to test and evaluate. You can learn more about ZTNA and register for the early-access program today on our website. We’ll be sure to bring you more news on this as we bring the product to market.