Goodbye, VPN: ZTNA Improves Security and UX for Cloud-Based Organizations

Failure crisis concept and lost business career education opportunity. Lonely young man on a rock cliff island surrounded by an ocean storm waves

Increasingly, forward-thinking small and medium-sized businesses (SMBs) rely on cloud-only infrastructure, eliminating the capital expense of managing physical devices and offering improvements in performance, scalability, and flexibility. According to some estimates, more than 60% of all SMB data will be hosted on the cloud this year.

Despite this significant shift in operations, many SMBs still rely on VPNs for cybersecurity models and access management solutions, which are insufficient to meet modern needs for security, scalability, and performance.

Tech Radar sums up the issue eloquently: “VPN is the landline of the cloud era. You can still make calls, but you’re dragging a long cable and a lot of infrastructure behind you.”

As a perimeter-only defense solution, VPNs rely on an outdated implicit-trust model that delivers full network access to anyone with credentials. When threat actors gain entry—as malicious insiders or through exploits, initial access brokers, spear phishing, or social engineering—they’re essentially holding the keys to the kingdom, with unfettered access to applications, services, and data.

In addition to security issues, VPNs don’t meet the performance needs of modern cloud-based businesses. Today’s WFH and BYOD policies require authentication and secure access for multiple kinds of devices connecting through both public and private networks. Because VPNs serve as a single point-of-entry for all network services, performance and user experience can degrade as more employees take advantage of expanded workplace options. Other VPN issues include a growing skills gap for maintaining increasingly outdated VPN systems, and potential difficulties in implementing, documenting, and maintaining compliance.

ZTNA for Modern Cloud-Based Security

Zero-trust network access (ZTNA) is an efficient, effective cybersecurity model for cloud-only businesses. Unlike VPNs, which provide full access to anyone with credentials, ZTNA relies on a least-privilege model that assumes every user, device and network to be hostile until proven otherwise. This model prevents users from accessing unauthorized resources, hides applications from public view, and blocks lateral movement to prevent cyberattacks.

By limiting user access to specific applications, ZTNA reduces the threat surface area and protects against both inside and outside threats. Cloud-native ZTNA extends the flexibility and scalability of the cloud model to deliver security that can scale as the business grows. And, ZTNA meets the needs of today’s distributed workforce, empowering employees to work securely anywhere, on any device, with uninterrupted access to resources.

The most effective ZTNA solutions detect, identify, evaluate, and act on potential threat indicators based on data including user behavior, access patterns, and network flows regardless of the means of connection. And, by recognizing behaviors and patterns that may represent unknown threats, ZTNA can detect and stop zero-day malware pre-execution as well as traditional, fileless, and insider attacks.

ZTNA Benefits for Cloud-Centric Businesses

For MSSPs that support SMB clients, especially those that heavily utilize cloud-based applications, ZTNA solution (such as CylanceGATEWAY™ from BlackBerry deliver a range of benefits.

  • Accelerated zero-trust adoption: ZTNA’s predictive threat detection is crucial for meeting the goals of a holistic zero-trust security posture.
  • Improved endpoint and network security posture. ZTNA integration with strong endpoint security ensures that only healthy and trusted devices can access business resources. Overall, ZTNA enables SMBs to migrate from endpoint detection and response (EDR) toward the holistic and adaptive extended detection and response (XDR) model.
  • Improved collaboration and performance: With ZTNA, SMBs can enable fast, secure access to resources on managed and unmanaged devices for employees, contractors, vendors, and strategic partners.
  • Digital business transformation and hybrid workforce. ZTNA’s cloud-based architecture can deliver secure connectivity for effective BYOD and WFH programs.
  • Mergers, acquisitions, and divestitures: ZTNA can quickly adapt to transformative events while delivering a unified, stable, and secure experience.
  • Real-time visibility: Under ZTNA, network administrators and security personnel can access detailed user activity information and use application discovery to make informed networking and risk decisions.
  • Granular policy management: With ZTNA, administrators can take control of networks and applications with outbound-only secure access and adaptive least-privilege policy management.

Case Study: International Organization Meet ZTNA Goals

An international membership, training, and certification organization was required by their private equity company to implement a ZTNA solution by the end of 2022. The organization sought to protect their AWS-hosted customer-facing learning management services as well as access for developers and administrators.

The organization chose to implement CylanceGATEWAY. After a successful proof of concept deployment, the organization expanded the solution to meet their year-end PE requirements. The solution now provides:

  • Secure access to cloud resources for hundreds of remote employees, ensuring protection and visibility across all endpoints and networks.
  • Secured access for designated administrators and developers to critical private applications hosted in AWS.

To build on its initial ZTNA success, the organization continues working with BlackBerry to test additional features and functionality, and identify additional use cases and users. Visit our BlackBerry MSSP Partners page to learn how BlackBerry® AI-powered security solutions can deliver security, flexibility, and scalability to help you grow your business and by lowering costs and creating new revenue streams.

Guest blog courtesy of BlackBerry Cybersecurity. Read more BlackBerry Cybersecurity blogs here. Regularly contribute guest blogs are part