Zero Trust is a framework – what does that mean in concrete terms?

The Zero Trust Security model is a security concept based on the principle of not trusting anything or anyone inside or outside a network. The aim is to reduce the security risk in a network and its applications to a minimum and at the same time exclude both external and internal threats.

How do I move in an MPLS/SD-WAN without Zero Trust?

Imagine your network (MPLS/SD-WAN) as a business building with many areas and functions: the reception is your firewall that checks who is allowed in – comparable to a doorman. As an employee, you have an access card with defined rights. You present the card and gain access to the building – i.e. the entire network – regardless of whether you are on site, in your home office or on the move. It also doesn’t matter whether you have been authenticated via MFA or not. Once you have access, you can move freely around the network – according to your authorizations. For example, you can delete data, create new data or communicate with colleagues. Perhaps you order something in the canteen – this corresponds to actions with budget approval – and when you are finished, you leave the network – just like when you leave the building.

What is the difference with Zero Trust?

In the Zero Trust model, you have a personal security guard at your side after the firewall. It accompanies you through the entire network – into every system, every file, every application. At every step, it checks whether you are allowed to carry out the respective action and assesses whether your input is secure and permitted – in both directions. The Guard analyzes whether the communication partner is trustworthy in terms of company guidelines. Every file, every level is checked – access is only granted if you have valid authorization, and everything is logged seamlessly until you leave the network again.

Why is this so important and valuable?

In the course of constant digitalization, more and more services are being outsourced to the cloud. You are faced with the challenge of ensuring that your systems work in perfect harmony with one another. This is precisely where the strength of a partner becomes apparent: the extent to which their integrations/services match your profile. We are increasingly seeing companies undergoing a transformation at application level to the cloud (SaaS, public-private cloud) as well as a transformation in the WAN area – away from rigid closed networks to SD-WAN and thus also to the cloud.

Increased attention is being paid here to investing sensibly in the hardware components used, or to reducing these costs where possible, and to connecting newer technologies to security instances. Specifically, this involves the realignment of firewalls, VPN connectors, load balancers, but also services at application level for anti-virus, sandbox, SSL, URL filtering, etc…

In addition, and not just since COVID, a sustainable strategy for integrating home office workplaces is needed, which is a challenge to manage/integrate on the one hand and to ensure that the security guidelines are adhered to – at all times, in all places – and can be presented transparently on the other.

What modules are available?

Zscaler Internet Access:

Connects the WAN(Internet) securely to SaaS applications and the Internet

✔ Included are: Secure Web Gateway, Cloud Access Security Broker (CASB), and Data Loss Prevention

Zscaler Private Access:

Connects authorized users to the internal network and shared applications and supports Zero Trust Network Access (ZTNA)

Conclusion

With Zero Trust, you reduce the complexity of connecting a wide variety of applications and increase their security at the same time. You combine solutions that are currently distributed across several levels into a single instance and thus relieve your internal resources. Compared to many other security solutions, the use of Zero Trust increases security standards by also monitoring and logging internal applications and processes.

We support you in choosing the right components.