ZTNA

Zero Trust Network Access
Consistently operate a Zero Trust Network Access security policy and ensure your solution is managed to best practice through its entire lifecycle.
icon

Internet as the network of necessity

In the past, when users were tied to the corporate network and corporate-managed devices, protecting against malware, ransomware, and phishing was as simple as rolling out endpoint antivirus, installing a stack of appliances in a data center, establishing a DMZ, and backhauling traffic for inspection and control.

But in today’s hybrid work environment, users have left the building, devices are now unmanaged, and the Internet is fast becoming the corporate network of choice through necessity.

icon

Operating in a cloud-first, remote-first world

Traditional hub-and-spoke networks and the castle-and-moat security organizations relied upon no longer support today’s remote workforce, cloud applications, and sophisticated threat actors.

Those on-premises security solutions lack the visibility, scalability, intelligence, and real-time response that a cloud-first, remote-first world requires. VPN were never designed for today’s way of working.

Yet many teams lack the skills and experience needed to successfully architect and operate security in today’s environment.

icon

Defending against an increased risk of attack

Failure to address this situation leaves internal applications and users exposed directly to the Internet and leads to an increased risk of attack.

This is further exacerbated by the increased attack surface created by disparate users and applications.

To be successful in security today, I&O teams must therefore place user identity and application access requirements, and the associated business processes and policies, at the center of their security strategy.

Take a different approach to Security

That’s why forward-thinking Infrastructure & Operations leaders are taking a different approach to security, one of Zero Trust Network Access, where every machine, user, IP address and server is untrusted until proven otherwise and then continuously verified.

What is Zero Trust Network Access?

Zero Trust Network Access (ZTNA) is part of a wider network security architecture, based on a strict identity verification process over the lifetime of the user’s connection. The architecture assumes that there is no perimeter, and that every user and device is equally untrusted.

Zero Trust Network Access principles dictate that only authenticated and authorized users, IP addresses and devices can access applications and data on the corporate network (including on-prem and cloud services).

Zero Trust Network Access is configured to deliver ‘policy at the point of need’ to ensure that users only have access to the applications and services they need to do their jobs based on how and where they’re accessing the network from.

Once a connection has been approved, the solution continuously monitors user behavior and traffic flows to protect the network.

Core tenets of Zero Trust Network Access include:

Ensuring all resources are accessed securely, regardless of location or hosting model.

Adopting a “least privilege” and “default deny” strategy when enforcing application access.

Inspecting and logging traffic, for both applications you control and those you don’t, to identify malicious activity.

What are the benefits of Zero Trust Network Access?
  • Protect your data & business from:
    • Disruption for customers from stolen personal ID information
    • Reputational damage
    • Loss of IP
    • Financial cost in the aftermath of breach
  • Ensure better protection against attacks
  • Reduce time to breach detection
  • Reduce complexity of the security stack
  • Consolidate security policies
  • Improve the flexibility, agility, and scalability of application access
  • Enable and simplify ‘cloud-first’ & ‘remote-first’ strategies​
  • Add an extra layer of protection to internal applications with direct Internet access
Where can Zero Trust Network Access go wrong?

Many I&O teams have adopted a Zero Trust Network Access approach, however it’s important that you don’t just select this path ‘because everyone else is doing it’.

To get it right, security must be thought about very differently, by taking a user- and application-centric approach and carefully considering the business processes and policies it supports. Here’s where we’ve seen things go wrong.

Leading with technology

Zero Trust Network Access isn’t about technology first. It’s about process and mindset, and this must be this must be approached from ‘inside the network out’ vs. ‘outside in’.

Many teams try to throw technology at the concept and hope they’ll get it right, but with Zero Trust Network Access it pays to develop the strategy first, which requires a shift in thinking.

Dealing with legacy systems

Achieving Zero Trust Network Access won’t be an overnight accomplishment and it won’t be easy, especially if an organization has legacy security systems in place that don’t transition well to the new architecture.​

Ongoing effort required

Organizations need to understand up front that Zero Trust Network Access will require an ongoing effort and that certain aspects might be more challenging than others.

For example, in a modern network environment, changes are happening daily and need to be configured properly with changing IP address data and policies updated to make sure there’s no interruption in service access for employees or corporate transactions.

Otherwise, serious downtime could be experienced.

Not looking at security holistically

ZTNA is pointless if a user can come to the office and simple plug in a go without the same level of checks – Regardless of where, when and how you access the network, your trust profile should be checked and continually verified in the same way.

Failure to get these things right could mean you end up with:

  • Systems that aren’t set up correctly, leaving holes in your cyber defense
  • Users unable to access applications to be able to do their jobs, impacting mobility
  • Users opening corporate assets to security risks in order to access systems, leaving data and systems exposed
  • Additional complexity from adding extra layers of technology
  • Deploying technology that doesn’t integrate with current or planned infrastructure
How can Teneo help?

Here’s how we can help you with Zero Trust Network Access:

Zero Trust Network Access by design, integrated into your existing security posture and network services.

Support digital transformation and Work From Anywhere initiatives.

Approach Zero Trust Network Access with users, applications & business processes at the heart of your strategy.

Make best use of technology as you retire legacy systems.

Give you the people resource, skills & experience needed to operate Zero Trust Network Access on an ongoing basis.

Save you time by keeping policy updated with changing network and application usage and requirements.

Zero Trust Network Access from Teneo

Teneo’s Zero Trust Network Access service is for I&O teams that want to ensure their Zero Trust Network Access solution is deployed and consistently managed to best practice throughout its lifecycle, and doesn’t become a case of ‘set and forget’.

Now, more than ever, the threat landscape is constantly changing, and security must be constantly updated and reviewed. That’s where Teneo can help. Teneo’s Zero Trust Network Access provides monitoring and regular reviews of policy usage and effectiveness, network changes and new applications. And, thanks to the visibility we gain through full logging and behavioral analytics, we’re able to report on those insights and provide recommendations for change to help you stay ahead of modern-day hackers and threats.

To further protect your users, Teneo recommends adding Multi-Factor Authentication (MFA) as an additional login security layer. Many current two factor authentication methods can be manipulated by attackers and bypassed using simple phishing or social engineering techniques.

With our MFA service, customers can leverage the strongest standards-based authentication method available, FIDO2.

In partnering with Teneo, you’ll benefit from a highly sophisticated set of Zero Trust Network Access controls, delivered using the power and scalability of the cloud, and without the need for heavy investment in internal resources or ongoing training.

By adopting Zero Trust Network Access in partnership with us, you can reduce the risk from attack, and deliver applications to users whenever and wherever they need them – securely. Our light touch, always-on Zero Trust Network Access service ensures that access is not only secure on network entry, but also throughout the lifespan of the connection.

With Teneo, you gain peace of mind that your security policy is updated as network usage and security threats continue to evolve.

Service Detail

Zero Trust Network Access is suitable for 100+ users and is available in three main building blocks: Internet Access, Private Access, and MFA.

Internet Access

Delivers a Secure Web Gateway (SWG) to protect users when accessing Internet-based services, including SaaS applications.

Service features:

  • Design, deployment & configuration
  • Cloud-based Secure Web Gateway​
  • Protection from malware, ransomware, phishing and data exfiltration
  • Block malicious payloads​
  • Control shadow IT​
  • Prevent data loss​
  • Improve off-network device security without using VPN​
  • Uniform policy enforcement​
  • 24×7 monitoring & alerting​
  • Managed change control​
  • Monthly security insights meeting
  • 24×7 helpdesk
  • 100% guaranteed uptime​

Service highlights:

  • Lightweight agent​
  • Scheduled & on-demand reports​
  • Guidance on current threat landscape​
  • Option to add Private Access and Multi-Factor Authentication services

Additional advanced features available:

  • Online and offline analysis of HTTP and HTTPS payloads using multiple malware analysis and detection engines​
  • Cloud sandbox for offline dynamic payload analysis
  • Real-time inline analysis of web pages to detect zero-day phishing pages
  • Real-time inline or offline analysis of files downloaded from file-sharing sites
Private Access

Provides an identity-aware proxy for secure access to private applications.

Service features:

  • Design, deployment & configuration​
  • Cloud-based, identity-aware proxied secure access for 10 applications (option to upgrade to unlimited applications)
  • Reduce risk of compromise from employees, 3rd parties, contractors, partners and mobile users without the need for network access​
  • Granular visibility of access requests​
  • Access via 288,000 global PoPs​
  • Supports Two Factor Authentication (2FA), Single Sign On (SSO), end-to-end encryption and load balancing​
  • 24×7 monitoring & alerting​
  • Managed change control​
  • Monthly security insights meeting​
  • 24×7 helpdesk​
  • 100% guaranteed uptime

Service highlights:

  • Client & clientless access​
  • Scheduled & on demand reports​
  • Guidance on current threat landscape​
  • Option to add ZTNA: Internet Access and ZTNA: Multi-Factor Authentication services

Additional advanced features available:

  • Unlimited Applications​
  • Extend log retention from 90 days to 365 days
MFA

Further reduces risk by deploying a FIDO2 authentication factor to eliminate the impact of phishing and social engineering attacks.

Service features:

  • Design, deployment & configuration
  • Lowers total cost of ownership (TCO) by digitizing the increased security of FIDO2 with an existing smartphone and web browser; no need to purchase, replace, and maintain additional hardware
  • Deploys rapidly with the MFA app on existing smartphones. No delays caused by distributing physical security keys or issuing compatible hardware.
  • Integrates with Windows Active Directory and other leading authentication providers
  • Future-proofs MFA investments with a cloud-delivered, FIDO2-based service built to evolve to support future use cases, such as passwordless authentication
  • Enables Zero Trust security by implementing the strongest available authentication and authorization protocols, and integrating with Teneo Internet Access and Private Access services
  • Authentication event reporting
  • 24×7 monitoring & alerting​
  • Managed change control​
  • Quarterly service review
  • 24×7 helpdesk

Service highlights:

  • Simple user adoption with familiar push notifications
  • Guidance on current threat landscape​
  • Option to add Private Access and Internet services

Our Approach

icon

Strategy

  • Hold a strategy workshop with all main stakeholders.
  • Understand your desired outcomes and security policy needs.

icon

Design

  • Design & create security policy.
  • Design our implementation package.
  • Prepare a custom service handbook that integrates Zero Trust Network Access with your processes.

icon

Transition

  • Service installation & configuration.
  • Monitoring system set up.
  • Installation and configuration of dashboards and reports.

icon

Operation

  • 24x7x365 proactive management, monitoring & alerting.
  • Incident management, moves, adds & changes.
  • Monthly insights & analysis.
  • Quarterly reporting, reviews & service improvement.

Service Value

  • Complete solution

    Adopt a complete, all-in one Zero Trust Network Access solution from design through implementation and lifecycle management, fully supported by Teneo.
  • Fast time-to-value

    See fast time-to-value as a result of utilizing our streamlined onboarding and tuning processes, ensuring your policy is updated as network usage changes.
  • Alerts, updates & reports

    Receive only meaningful alerts and updates, get our remediation recommendations, and access detailed reporting to address compliance, display trends, and track activity.
  • Skills & experience

    Access our security subject matter experts 24x7 and supplement your team’s own security skills and experience.
  • Always on

    Hackers don’t sleep and neither do we. We stay focused on maintaining your defense posture around the clock so you're always ready for attack.

Service Outcomes

  • Cost saving, from replacement of legacy remote access solutions with flexible and cost-effective centralized software solutions.
  • Supplemented security skills with access to our reporting and security experts.
  • Seamless user experience by removing the need to backhaul traffic to the data center.
  • Support for all types of applications, regardless of location, with no additional infrastructure.
  • Highly scalable Zero Trust Network Access solution.
  • Control of third-party access.
  • Invisible infrastructure – where access can be granted to applications without providing access to corporate networks.
  • Application segmentation provides additional security.
  • Centralized control, granular access and enhanced visibility give the complete picture and enable better policy decisions – leading to better user experience and enhanced protection.
  • Simple deployment allows for low-cost adoption and flexible installs, moves, adds and changes (IMAC).

Zero Trust Network Access Use Cases

Work From Anywhere

Zero Trust Network Access enables a work-from-anywhere workforce to access just the applications and data your users need to be productive, and gives IT teams the peace of mind that operations are secure.

Transition to SD-WAN

As SD-WAN is adopted, companies must evolve their security from a perimeter-based framework to a Zero Trust–based framework at the edge.

Many organizations that are migrating to Internet-based architectures consider SD-WAN to be the key enabler due to its link control and ability to potentially drive down the financial onus of MPLS ownership.

They may use broadband or wireless networks to augment or complement the MPLS connections, creating a hybrid WAN. But if they already embrace local or branch Internet breakouts, also known as direct Internet access (DIA), that route traffic to the cloud instead of through a data center, then surely it makes sense to employ a security architecture with the same approach.

Expanding User Ecosystem

Your third-party contractors, partners, suppliers, remote workers, and even newly acquired users from mergers and acquisitions all benefit, even accelerate, your business.

But provisioning access for this varied and fluid ecosystem introduces risk, increases costs, and creates complexity.

Multi-Cloud Environment

Using multiple private, public, and hybrid clouds for your corporate applications can reduce costs, enable flexibility, and accelerate digital transformation.

But a multi-cloud reality also creates complexity and a lack of visibility, exposing your organization to risk.

VPN Elimination

Your mobile workforce and cloud-based applications are at odds with your legacy and appliance-based access solutions.

Traditional VPNs, proxies, and RDPs drive up operational costs, monopolize already-scarce IT resources, provide limited visibility, offer little in the way of insights, and open your business to risk.

Zero Trust Network Access Customer Examples

Global Construction Organization

At this global construction organization, hundreds of the company’s engineers and consultants work remotely about 50% of the time, in meetings and on site for construction projects. As is the case for any modern business, the organization equips these employees with laptops that enable them to work from anywhere. However, without the right security measures in place, these tools could be compromised and become a conduit for threats to infiltrate the company network.

As the company grew, its management team became aware of the need to ensure strong cybersecurity. Though their Information System Security Manager had implemented a range of security solutions to address these concerns, he still saw a weakness when it came to the company’s global security strategy.

He explained, “We had such little visibility that we weren’t aware of any potential security problems, and even the smallest cybersecurity event posed a risk. Also, when users were working remotely, we had no way to ensure they were protected from any potential threats. We needed a way to strengthen our security posture during those times.”

Previously, the organization lacked the means to set up and enforce an acceptable use policy. Now, after adopting a Zero Trust Network Access approach, in addition to applying policies to employees, the company can also enforce a guest Wi-Fi policy to limit the risk of threat propagation.

Global Professional Services & Tax Advisory Firm

This Global Professional Services and Tax Advisory Firm was managing multiple VPNs and using HTTPS to enable different access requirements.

Struggling to determine who could access what and to easily deprovision users, they needed a way to reduce the management overhead of supporting a range of access needs while ensuring industry-leading security and a seamless client experience.​

By leveraging a Zero Trust Network Access approach, they dramatically reduced the number of VPNs they manage and eliminated a third of the time it took to manage and ensure user access to their Relativity application for eDiscovery.

Zero Trust Network Access Blog Posts

Zero Trust Network Access (ZTNA) vs VPN: the core evolution

In this blog, discover the four key advantages of Zero Trust Network Access (ZTNA) vs VPN.

Rapid Customer Onboarding: Teneo Security Services (Powered by Akamai)

The increased attack surface created by more users working from home proves very tempting for hackers who are launching more advanced, complex, and large-scale attacks than ever before. This means it is vital for companies to act now to avoid the risk of breach.

Why It's Not ZTNA vs. SASE, but ZTNA and SASE

Find out about the relationship between ZTNA and SASE and how they can be utilized to ensure users are secure when accessing corporate resources and sensitive information.

Book a Free ZTNA Consultation

Book a meeting to speak to one of Teneo’s seasoned Zero Trust Network Access experts. We’re here to give you a sounding board for your future ZTNA plans and can talk you through some options you might want to consider.