A better approach to support and enhance your network and physical security
By Camille Campbell, Ericsson
Camille Campbell is Director of Product Marketing, Enterprise Wireless Solutions at Ericsson.
It seems like a lifetime ago, but once upon a time physical security measures and devices were all analogue. Cameras, access control, closed security television —they operated independently, and were standalone. Back then, the biggest concern regarding the security of those devices were things like a cable being cut or a system being spoofed.
Fast forward to today, and Internet of Things (IoT) security devices are the norm. Many of those aforementioned things, as well as other IoT devices, are connected to a network. As a result, the state of an organization’s network has a great impact on physical security because thatsecurity relies on the stability and strength of a network to be effective.
The right network is critical to ensuring devices and systems run smoothly, and to avoid unnecessary risks and incidents, in turn enhancing physical security measures.For example, what if your network is experiencing high latency? Even the slightest lag or delay could impact a connected camera’s reaction to motion, compromising physical security. Redundancy is also important, to ensure there is no downtime.
While strength and latency are important, security continues to be one of the biggest concerns when it comes to a network. In particular, many connected devices are now vulnerable, and that fact has been reflected in a rise in cyberattacks specifically targeting IoT devices. In fact, according to Forrester’s The State Of IoT Security, 2023, IoT devices were the most reported target for external cyberattacks — more than computers or mobile devices.
What’s more, as the number of devices that are connected to a network continues to grow, the attack surface also grows, which in turn increases the risks of an attack from bad actors.
With physical security so intertwined with network security, having an all-encompassing strategy, — taking both physical and network security into account — is vital as organizations move forward. And as technologies continue to evolve with more systems being moved into the cloud, organizations must examine their network strategies on a regular basis.
As they do, there are a few considerations when it comes to securing the network in today’s environment. In particular, a security model that can help keep the devices and networks safe is gaining in popularity — which, in turn, ensures physical security is not impacted.
Taking a new approach
Remote access virtual private networks (VPNs) have been the corporate security standard for decades. When defining a traditional VPN setting, one often-used analogy is that network security is like a moat surrounding a castle; if there’s verification and the moat is crossed, nearly everything within its perimeter is accessible.
While moats worked well for what they were protecting at the time, today there are more highly technical security measures to keep areas safe, such as drones and satellite monitoring. By the same token, organizations that want to secure their network should consider a new alternative.
The unfortunate reality is that the functionality of VPNs hasn’t evolved nearly as quickly as the guileful tactics adopted by modern-day hackers. But one model that is gaining traction — Zero Trust Network Access (ZTNA) — provides access to private enterprise network applications and devices in a way that is significantly more secure than a VPN by using adaptive, context-aware policies that limit access and potential impacts of compromised credentials.
While organizations can leverage both security solutions, ZTNA has several advantages when compared to a VPN…and some trade-offs that should be taken into consideration.
A closer look at ZTNA
As its name implies, ZTNA is a security concept built on the assumption that no user should be trusted by default. Rather, it presumes anyone attempting to access a network or application is a bad actor, and their use needs to be subject to ongoing verification. To enforce levels of security, ZTNA uses an adaptive verification policy on a per-session basis and can take a combination of things into account such as the user’s identity, device, location, time and date of request, plus historic usage trends.
Once the user is verified, the Zero Trust Network creates a secure, authenticated tunnel from their device to the requested application, which prohibits public discovery or any lateral movement to other applications on the network.
With a Zero Trust architecture, administrators can build granular policies, eliminate risky default access, and allow isolated user-to-resource access. Ultimately, and critically, it decreases the likelihood of a cyberattack.
Limiting user access to increase security
If we go back to the moat analogy, the worst and most significant damage to a castle happens after a perpetrator has been able to cross the moat. In the case of a network, a data breach occurs when a bad actor crosses a corporate firewall through a perimeter-based VPN and is then able to move about the organization’s secure applications without much resistance.
A network with perimeter-based security that allows a lot of access ultimately opens the door to more opportunities for a cyberattack. However, ZTNA does not view any part of a network to be an implicit trust zone. Since it applies microsegmentation and prescriptive security policies to enterprise edge architecture, creating tunnels for users to access specific applications and nothing else, users are only able to access whatever exists behind the individual microsegments to which they have been granted access.
Additionally, risk is continuously mitigated with adaptive ZTNA security policies. In the case of a VPN, one-time authentication is granted to enable access to the network. But ZTNA offers security monitoring capabilities that are not possible with a VPN on its own. The adaptive policythat is used will continuously evaluate security for the duration of a user’s session. Not only will it assess if their behaviour is abnormal — such as deleting or altering data quickly or in large volumes — but also considers when a user last tried to access an application, if their location changed, and more.
Finally, consider the devices on a network and who is accessing them. Security cameras are often installed by field personnel, who can lack the knowledge or concern to change passwords on the devices, leaving them vulnerable to cyberattacks. However, by placing cameras behind a router that uses Zero Trust policies, businesses can leverage the benefits of their IoT environment while keeping their processing power and security needs top-of-mind. For example, a Zero Trust based router can offload security processes to a service gateway so that IoT devices can still adhere to Zero Trust security policies without those policies burdening the performance of the router. This means the camera is added to the network behind the router, making the device is invisible to bad actors.
Beyond the security benefits resulting from ZTNA, there are other advantages to consider:
• ZTNA improves user experiences and makes usersmore efficient with direct-to-app connections: The concept of a perimeter is eliminated with a Zero Trust Network, since it moves user traffic to a cloud inspection point anytime information is transmitted. With this move to the cloud, particularly on a 5G network, the authentication process occurs with very low latency, to the point that it’s virtually imperceptible to the end user. On the flip side, a VPN could be slowed by limited bandwidth and back-end performance limitations. As well, since ZTNA is network- and location-agnostic, employees are able to use their time more efficiently — with less time waiting for applications to load while working remotely.
• ZTNA saves time for the IT team and enterprises save on costs: VPNs are often very costly and labour-intensive, requiring dedicated resources from the IT team to manage the infrastructure and ensure VPN policy. There are also myriad purchases and costs to considerbeyond hardware, including authentication tokens and software provisions on laptops and other devices.However, ZTNA is highly scalable, agile and quick to deploy. Without a complex infrastructure to maintain, fewer IT resources need to be dedicated to things such as security management and training, freeing up the IT team’s time to spend on other projects. Plus, cost savings can be found on the hardware side by permitting employees to use their own devices — a policy that is often not compatible with VPN. Ultimately, ZTNA solutions are more economical when compared to a VPN.
Of course, despite its significant advantages, ZTNA is not necessarily the most viable option for all applications. For many organizations, a mix of ZTNA and traditional VPN might still be required, which is why it is important to gaina full understanding of all the benefits and the trade-offs.
The security, flexibility and scalability of cloud-delivered Zero Trust Network Access will make it an essential part of any enterprise’s network. If it’s not something that hasalready been considered, now is a good time to look at ZTNA more closely as a way to help protect your security devices and network, ensuring that not only is your data kept safe, but that physical security measures are not at risk.
