Just when you thought the cybersecurity acronym list couldn’t get any longer, UZTNA has made its debut. UZTNA, or Universal ZTNA, extends a single set of zero-trust access policies to users and entities regardless of whether they’re on-site, remote, or on the move. It’s a step ahead of the ZTNA framework, which does not automatically cover all IT environments and assets.
Traditional ZTNA can lead to discrepancies in policies depending on the type of infrastructure and user’s location. For instance, a user may be able to access a cloud-based resource from within the office but not remotely. By expanding ZTNA’s scope and reach to all IT environments, UZTNA ensures that all users and entities are subject to the same stringent security standards, no matter the type of resources, how they’re accessed and from where.
ZTNA to UZTNA Explained
VPNs have long been a staple for secure remote access. But they offer broad access to the entire network. If a malicious entity gains initial access to the network, it can potentially move laterally and compromise more critical assets. Conversely, ZTNA champions least privilege access, ensuring users get access to only the resources they need. It also divides the network into microsegments, ensuring that users from one segment can't access others unless explicitly allowed.
So far, ZTNA implementations have mostly focused on a single IT environment or location of enterprise resources. As a result, all users and entities in today’s complex hybrid and multi-cloud enterprise environments may not face the same level of scrutiny. Admins must define and manage access policies across disparate access control systems for different types of infrastructure, assets, and users. For instance, an employee working from home could be subject to ZTNA policies while an in-office employee might need to use Cloud Access Security Broker (CASB) for accessing a cloud-based productivity application. This complex blend of access control systems can result in inconsistent access policies.
This is where UZTNA comes in. It enables an integrated access control system that eliminates the need for disparate solutions for different environments. It manages access and secures connections for all network assets (on-prem, cloud-based, and SaaS) and users (on-site, remote, mobile, and contracted).
Fixing ZTNA’s Flaws with UZTNA
Overall, the benefits of UZTNA over ZTNA include:
Consistent User Experience: Employees can work from anywhere (WFA) and go through the same familiar connection experience regardless of their location or the particular app or system they're interacting with.
Consistent Policy Enforcement: Admins can define the zero trust principles once and for all network entities without worrying about inconsistent policies and the possibility of attackers exploiting the weakest link.
Easier Integrations: Business operations and new integrations are more streamlined when there is a centralized and universal access control system - UZTNA.
Improved Productivity: ZTNA's strict access controls can sometimes hinder user productivity. UZTNA’s integrated approach balances security and usability with adaptive authentication and SSO.
Issues resolved! Except, network security is incomplete without data security…
ZTNA or UZTNA, You Still Need to 'Shift-Up'
While UZTNA offers a more consistent and comprehensive approach to secure access, it does not holistically address all types of information security threats.
Without proper encryption, sensitive data remains vulnerable to Man-in-the-Middle (MitM) attacks during transmission.
Authorized users with malicious intent or negligent behavior continue to pose significant risks.
Vulnerabilities in third-party SaaS applications can still compromise security.
Instead of looking for an information security cure-all, organizations must implement a defense-in-depth strategy with multiple layers of security. Unlike current ZTNA and UZTNA implementations, zero trust principles must shift up to the data within applications and storage systems.
At Confidencial, we refer to this as “Shift-Up ZTNA”, which essentially means extending ZTNA’s
principle of least privilege access up to the data and data field levels. Shift-Up ZTNA can be achieved through fine-grained, cryptographically enforced access controls, which we discuss in detail in our recent whitepaper, “Data is the New Perimeter: “Shift Up” Zero-Trust to Cover Application Data”. The idea is to enforce robust data encryption at a granular level within documents to ensure that irrelevant parties can’t access sensitive data even if they are exposed to it.
Back Up UZTNA Strategically with Confidencial
Confidencial allows you to precisely select which parts of data, documents, or any file type you need to encrypt. Protection is built into the document’s metadata at a much more granular level than file-level encryption, allowing you to choose who can access exactly what in a document. It’s effectively shifting ZTNA’s least privilege access principles up to the data and data field levels.
Interested in learning more about the Shift-Up paradigm? Join us for our upcoming webinar, where our Co-founder & CTO, Karim Eldefrawy, PhD, and Senior Solution Consultant, Karine Wachman, will explain the principles of Shift-Up ZTNA and provide insights into future-proofing your ZTNA implementations.
Date: September 4, 2024.
Time: 11 am EST
Register Here: https://content.confidencial.io/webinar-shift-up
Don’t miss out—secure your spot today!
Commentaires