How Does Zero Trust Network Access (ZTNA) Work?

To understand how Zero Trust Network Access (ZTNA) works, it’s best to look at the origins of ZTNA first. 

Traditionally, VPNs would be used to provide remote workers with required access to enterprise networks. However, VPNs apply their security at the network edge. Perimeter defense is seen as a flawed approach because if users and apps inside the VPN perimeter are implicitly trusted, once malicious operators breach the perimeter, they can traverse the network unchecked. 

The issues with perimeter security have been widely discussed since the early 2000s. In 2004, the concept of deperimeterization was proposed by the Jericho Forum industry group. Deperimeterization, now a staple of the Zero Trust security approach, was seen as a vendor-neutral framework of security solutions that could be picked-and-mixed to provide cyber defense in depth. The term Zero Trust security itself was coined in 2010 by John Kindervag, then a security analyst at Forrester Research. 

Increasingly, Zero Trust is being adopted by both the private and public sectors as a means to protect the network.  

How Zero Trust Security Works

Because ZTNA is based on a vendor-neutral framework of security functions, Zero Trust security administration can be handled mostly with the same tools used for a traditional VPN-based network environment. The security training and certifications for those environments are just as valid for Zero Trust security.

Later on, we’ll discuss the SC-900 online security training course for the Microsoft Certified: Security, Compliance, and Identity Fundamentals certification. But first, what are the steps needed to make a Zero Trust security environment work?

See also: What is Zero Trust Security?

Step 1: Segment your network

The first step is to break your network down into discrete small segments that are aligned with specific workloads, services and data. The idea is that you segregate your applications and data resources according to the types of access that are required. These microsegments can then serve as “trust islands” with Zero Trust policies because only authenticated, trusted users and devices can access the applications, files and services on each island.

Because of the granular nature of the Zero Trust policies, it becomes easier to detect and prevent lateral attacks because users and devices must reauthenticate before they are allowed to move from one trust island to another. Even if an infiltrator manages to get onto one trust island, they will be contained and prevented from causing more damage.

Step 2: Implement effective identity and access management 

The second step for Zero Trust security is to implement a strong identity and access management (IAM) infrastructure that includes:

• Authentication and authorization. For each microsegment, you’ll assign the appropriate access credentials and permissions to each and every user and device. The IAM tool will use this information to authenticate the users and determine their authorization—whether they are permitted to access the resource they are asking to use. To go from one microsegment to another, the user must be reauthenticated. 

• User, application, and device context. The context of an access request is important. If a user tries to log in from an unfamiliar or unusual location or makes an unusual service request, red flags should be raised. A common practice adopted in Zero Trust security is the use of multifactor authentication, so even if a user logs in with a valid id and password, a possible breach attempt is assumed, and the user is required to provide additional verification of their identity.

• Least privilege access. Once a user, application, or device is properly authenticated, it must be granted least privilege access — “just enough” and for the “necessary duration” for its function to be fulfilled.

The choice of IAM tool will depend on the vendor platform your organization uses. Microsoft’s Azure Active Directory (AD) is a popular choice, and it is a key focus of the SC-900 online security training course. 

Step 3: Implement a rigorous process for threat detection, event logging, and security analysis

The cybersecurity team must have continuous and timely access to an overall view of security events across the network. This will be provided through tools such as the Microsoft 365 Defender threat protection system and the Azure Sentinel security information and event management (SIEM) system.

How to Learn Zero Trust Security Fundamentals

The implementation of a Zero Trust security methodology rests on the capabilities of the vendor security products. If you want to take a step into Zero Trust security, look at the Microsoft Certified: Security, Compliance, and Identity Fundamentals certification. That’s because Microsoft and Azure are the most likely enterprise platforms, even if you’re in an AWS or Google hybrid environment.

If you are currently involved in network operations or hoping to make a move into security, earning a Microsoft SCI certification can give you an important career edge.

If you’re not up to speed on Microsoft Azure and Microsoft 365, then start with some introductory online training courses. You can: 

• Learn about Azure Cloud technical concepts and business propositions with the Microsoft Azure Fundamentals course.

• Reinforce your knowledge of core Microsoft 365 services and concepts with Microsoft 365 Fundamentals.

Then prepare for the Microsoft SCI certification exam by taking the Microsoft Certified: Security, Compliance, and Identity Fundamentals online security training course. You can take all three of these online security training courses (and so much more!) when you subscribe to CBT Nuggets. Not sure you want to subscribe? Sign up for a free 1-week trial subscription to see how much you get with a monthly subscription.