SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Enterprises look to zero trust network access to thwart VPN attacks
Fri, 8th Nov 2019
FYI, this story is more than a year old

An increase in the number of vitual private network (VPN) attacks is causing businesses to shift towards a new model of network security: Zero Trust Network Access.

According to a report from Zscaler and Cybersecurity Insiders, 78% of the 315 polled IT and security professionals plan to implement Zero Trust Network Access (ZTNA) at some time in the future; 59% plan to implement it in the next 12 months, and 15% have already implemented done so.

Zscaler explains that ZTNA services are built to ensure that only authorised users can access specific applications based on business policies. Unlike VPNs, users are never placed on the network and apps are never exposed to the internet. According to the company, this creates a zero attack surface, protecting the business from threats like the recent wave of malware and successful VPN attacks.

Two-thirds of polled IT security professionals (66%) say they are most excited about zero trust's ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).

Zscaler CIO Patrick Foxhoven comments that state-sponsored groups exploit known flaws in VPNs, which means organisations need to reduce their attack surface. They can do this by rethinking how they secure and provide access to their apps in a cloud and mobile-first world.

The report found that 53% of respondents believe their current security technology can mitigate their risk even though legacy technologies directly connect users to the network - expanding the attack surface.

“Though it is encouraging to see so many organisations are pursuing ZTNA to close gaps created by VPNs, I am surprised that more than half of those surveyed believe their current infrastructure is reliable enough to protect the enterprise,” Foxhoven continues.

The highest security priority for application access is privileged account management of users and multi-factor authentication (68%). This is followed by detection of, and response to, anomalous activity (61%) and securing access from personal, unmanaged devices (57%).

Additionally, 61% of organisations are concerned about partners with weak security practices accessing internal applications, despite their own internally weak security practices.

Furthermore, BYOD is still an IT security reality in 2019 as 57% of organisations are prioritizing secure access from personal, unmanaged devices.

The 2019 Zero Trust Adoptionreport surveyed 315 IT and cybersecurity professionals across multiple industries.