IT Security managers were faced with an unprecedented challenge as the pandemic swept across the world in 2020. Overnight almost all office-based employees were forced to connect to corporate and cloud IT assets using remote access technologies designed to support only a fraction of the enterprise population concurrently. Zero Trust Network Access (ZTNA) solutions exploded in use and were instrumental in maintaining productivity through the duration of the “stay at home” pandemic mandate.
Though the pandemic is winding down, a much higher portion of enterprise IT users are choosing to work in a hybrid manner. Weekly, a mix of work from home with a couple of days in the office is a common trend. At the same time, IT security managers have begun to investigate the benefits of applying Zero Trust Network principles to manage access to corporate IT assets more securely while on corporate premises.
Network segmentation has long been a best practice in the design of on-premises campus networks. Network Access Control, VLANs and ACLs are common technologies deployed in the quest to segment users and limit access to key IT resources to only those with a defined business need to connect. Billions of dollars have been spent on enhanced switching and firewall features, in addition to untold hours of IT workforce resources chasing the benefits of segmentation through these technologies.
ZTNA solutions most often feature authentication and identity-based access to specific applications. IT infrastructure supporting these applications can be provided by public or private cloud operators, or within a campus data center. One of the main benefits of currently available ZTNA solutions is a common user experience, along with the obvious security, visibility and flexibility benefits for the IT security manager. Most ZTNA solutions feature cloud-based authentication and policy engines. This architecture makes sense for remote users but requires a “hair-pin” trip to cloud for campus users looking to access local resources which can introduce latency and risk of “man-in-the-middle” attacks. Additionally, many popular solutions are too expensive for broad deployment now that the pandemic energy has cooled significantly.
Invisinet Transport Access Control (TAC) provides the benefit of ZTNA identity-based access control regardless of the location of the end user, or the resources they are trying to access. TAC authenticates identity and applies security policy before allowing network connections to be established, providing the following advantages:
- Hides and protects key business assets, applications and resources from network scanning and reconnaissance by attackers, protecting them from unauthorized awareness and access.
- Provides identity-based authentication overlaid on existing networks, resulting in multiple security and extensibility capabilities.
- Extends reachability to cloud and borderless networks while protecting existing investments
- Enables visibility of authorized and unauthorized network access attempts for auditing, compliance and remediation
- Synchronizes the TAC virtual appliance gateways behind the scenes whether in the cloud or on the corporate premises which simplifies user provisioning and policy administration
TAC can be deployed as a virtual software appliance in a variety of IT and Operational Technology network, data center, and cloud configurations. Endpoints, including “headless” devices such as printers and other networked services, as well as end user computers can be supported with a lightweight software driver or an inline virtual gateway. TAC was designed from the ground up to authenticate and segment legacy OT devices with minimal disruption to the existing network infrastructure. TAC provides a uniform identity-based network access and micro-segmentation solution with a single security policy engine.