In security circles, the concept of zero-trust has existed for around 10 years. The idea is that you don’t want to grant privileges to users or devices without verifying who they are. Instead of assuming anyone or anything that has successfully logged onto a network can be trusted, no one gets broad access.
With a zero trust access (ZTA) strategy in place, each time people and devices access your network, you know who they are and control where they can go.
Knowing everyone and everything on your network and then providing explicit access to needed resources helps improve user experience, especially for remote workers, and helps ensure that proper protections are applied to applications, whether in the corporate network or a public cloud. And people are more mobile than ever before. They may be working remotely, often gaining access to corporate resources using a VPN.
And traditional VPNs have some drawbacks. They can be difficult to configure and are subject to security breaches. Security policies and enforcement are only applied at the point of connection, which may mean redirecting traffic through the data center for inspection before accessing cloud resources or relying on different security solutions deployed in different places in the network. And worst of all, no one likes VPN. Users who are off-network and need to connect securely back to the network need to set up a VPN tunnel, which involves launching a VPN client, selecting the right place to connect to, and waiting. It’s not exactly a seamless experience for users.
The Evolution of VPN
Given the dynamic and distributed nature of today’s networks, ensuring consistent access is increasingly problematic. Users need access to business-critical applications no matter where a user or device may be located. Network admins need to control who accesses which applications no matter where users are located. Zero trust network access (ZTNA) enables organizations to do this by extending their zero-trust model beyond the network. Instead of focusing exclusively on the network layer, ZTNA goes up a layer, effectively providing application security that is independent of the network.
And now, ZTNA is also available to Fortinet customers. With the new updates in FortiOS 7.0, Fortinet can apply ZTNA to remote users, home offices, and other locations such as retail stores by offering controlled remote access to applications that is easier and faster to initiate while providing a more granular set of security protections than traditional legacy VPNs. In fact, Fortinet is the only vendor to enable firewall based ZTNA. With FortiOS 7.0, it doesn’t matter if applications are on the network or in the cloud. Users and applications can be geographically independent and still create secure and reliable connections.
The best part is, with the FortiOS 7.0 upgrade, every FortiGate customer using FortiClient can now employ ZTNA capabilities right out of the box. ZTNA enabled by FortiOS 7.0 can provide secure remote access with a better user experience and overall better security because it delivers granular access controls combined with ongoing verification.
By verifying the user and device posture for every application session, ZTNA reduces the attack surface. And ZTNA can also hide business-critical applications from the internet. And ZTNA from Fortinet further simplifies management by using the same access policy whether users are on or off the network. And because ZTNA focuses on application access, it doesn’t matter what network the user is on. It simply delivers automatic secure connections to applications no matter where the user may be. And it does all of this transparently, in the background. The user clicks the application and immediately gets a secure connection whether the application is on premises, in a public cloud, or on a private cloud.
For IT administrators, ZTNA in FortiOS gives you confidence that you have the same policy being deployed and enforced everywhere, whether a user is on-premises or off and whether the application they’re connecting to is in a data center or a virtual cloud.
And unlike similar solutions, the ZTNA solution built into FortiOS 7.0 doesn’t require a SaaS solution. It’s simply part of our existing products, including FortiGate, FortiClient, FortiManager, and FortiAuthenticator. ZTNA is easy for end users, easy for IT teams to deploy and manage, and still has the security customers expect from a Fortinet solution because it’s built directly into your firewall infrastructure.
Learn more about Zero Trust solutions from Fortinet that enable organizations to see and control all devices, users, and applications across the entire network.