Martin Mackay, CRO at Versa Networks
Hybrid working has transitioned from cutting edge to commonplace in the last few years, and the Covid-19 pandemic has fundamentally altered the way we work.
The latest figures from the Office of National Statistics (ONS) found that just under half (44%) of all UK workers reported either working from home or using a hybrid model. Notably, of the 56% who only travelled to work, most did so because their role could only be carried out on-site. Just 10% of those travelling to work full time said that they could work from home.
This shift has brought about new demands for security, networking and Zero Trust Network Access (ZTNA). Balancing user experience and network security remains a challenge for many organisations. If security controls are too tight, usability and productivity take a hit. Too loose, and the firm risks leaving itself vulnerable to cyber threats.
For decades, security measures were primarily designed for traditional office environments. However, the rapid shift to remote work during the pandemic necessitated a rethinking of these measures. As a result, ZTNA solutions, which operate on the principle of ‘never trust, always verify’, gained prominence for their ability to secure remote work.
Now, as hybrid working becomes more widespread, the demands on ZTNA are evolving. The need for security is no longer confined to just remote work. On-premises work environments also require robust security measures to protect against increasingly sophisticated cyber threats.
According to a report by Gartner, ZTNA was the fastest-growing segment in network security in 2022, and predicts that by 2026 10% of large enterprises will have a mature and measurable Zero Trust program in place. This underscores the growing recognition of ZTNA’s importance in the current work environment. However, to fully leverage the benefits of ZTNA, it’s crucial to adapt and extend these solutions to meet the unique demands of hybrid work.
Understanding the limits of current ZTNA solutions
Current ZTNA solutions, while effective for remote work, face limitations when applied to on-premises work environments. These solutions were primarily designed to secure remote workers, providing them with secure access to enterprise resources over the internet. However, when these solutions are extended to on-premises environments, they often fall short.
One of the main limitations is the impact on user experience. ZTNA solutions typically require all traffic to be routed through a secure gateway for inspection and policy enforcement. This process, known as ‘hairpinning’, can introduce latency, negatively affecting the performance of applications and the overall user experience.
Moreover, current ZTNA solutions often lack the ability to enforce policies inline, in real-time. This means that if a security threat is detected, the response may be delayed or only enforced at the secure gateway. Without inline enforcement, threats are not stopped from propagating ‘east-west’ across the network via ‘lateral movement’.
Furthermore, these solutions frequently struggle to provide seamless access to local resources, such as printers and IP phones, which are commonly used in on-premises environments. This can result in a disjointed and frustrating user experience.
So, while current ZTNA solutions have been instrumental in securing remote work, they still need to be modernised to effectively meet the networking and security needs of hybrid work environments.
Why the convergence of Zero Trust and Software-Defined LAN will be the next step
One of the most promising solutions to these issues is the integration between ZTNA and Software-Defined LAN, also called ‘Zero Trust Everywhere’. This convergence incorporates the ‘never trust, always verify’ principles of Zero Trust with the flexibility and efficiency of SD-LAN.
SD-LAN modernises the traditional LAN architecture with a software-defined, hardware-agnostic approach. It provides advanced automation and AI/ML-based network and security anomaly detection. This approach allows for dynamic best-path traffic selection to optimise user-to-application experience and inline Zero Trust policy enforcement at the user, device and application level.
By integrating ZTNA and SD-LAN, organisations can enforce granular, Zero Trust access policies based on continuous assessment of identity, device posture and application. This approach ensures a secure and consistent user experience across all locations. Moreover, this convergence allows organisations to deliver an in-line ZTNA solution that can be integrated into any campus or branch architecture.
This integration provides a comprehensive solution that can meet the networking and security needs of both remote and on-premises users in today’s hybrid work environment.
Meeting balancing security and user experience
The integration of ZTNA and SD-LAN is uniquely positioned to meet the demands of both networking and security in a hybrid work environment. This combination addresses the limitations of current ZTNA solutions, providing a comprehensive and efficient approach to securing both remote and on-premises work.
First, this convergence enhances security by enforcing Zero Trust policies inline, in real-time. This means that security threats can be detected and responded to immediately, preventing them from propagating within the network. By continuously assessing the identity, device posture and application, granular access policies can be applied, ensuring that users only have access to the resources they need. And equally, the application of Zero Trust policies inline at the switch or access point closest to the user stops lateral movement of infected devices that might get access to the network, limiting the ‘blast radius’ of threats like ransomware.
Second, the integration of Software-Defined LAN improves network performance by eliminating the need for hairpinning. Traffic can be routed directly to its destination, reducing latency and improving the performance of applications. This results in a better user experience, regardless of whether the user is working remotely or on-premises.
Finally, this convergence simplifies network management. By integrating Zero Trust Security and Software-Defined LAN into a single solution, organisations can reduce the complexity and costs associated with managing multiple security products. This allows for a more streamlined and efficient approach to network management.
In the evolving landscape of hybrid work, the convergence of Zero Trust Security and Software-Defined LAN offers a promising solution to the challenges of securing both remote and on-premises work.
By addressing the limitations of current ZTNA solutions and providing a comprehensive approach to network security and performance, such convergence can meet the demands of today’s hybrid work environment. As we move forward, it’s crucial to continue innovating and adapting our security measures to ensure a secure, efficient, and seamless work experience, no matter where we choose to work.