ZTNA ANYWHERE and EVERYWHERE
Universal ZTNA - the future of on-prem security
Universal ZTNA is applying ZTNA to both remote and on-campus networks, providing a single security policy, consistent user experience, simpler troubleshooting, and better efficiency.
THE CHALLENGES
In today's dynamic business landscape, enterprises often find themselves juggling an assortment of products to secure user access in campus networks versus remote worker environments. Within campus environments, hefty investments are made in Network Access Control (NAC) products, bolstered by an array of enhanced security capabilities. Organizations go the extra mile by configuring technologies such as DHCP snooping, IP Source Guard, MACsec, 802.1X, private VLANs, dynamic ARP inspection, and the list goes on.
On the flip side, when it comes to remote workers, enterprises have predominantly leaned towards VPN or, more recently, Zero Trust Network Access (ZTNA) technologies. However, with the advent of hybrid work, where employees seamlessly switch between remote and office settings, this reliance on multiple products has become an inefficient and cumbersome approach.
As Gartner note1: "Enterprises spend billions to secure campus networks via a combination of switching features and NAC — an approach ripe for disruption with the shift to hybrid work". Universal ZTNA or ZTNA anywhere is what Gartner sees as the way forward but they note that vendors have too much commercial invested in on-campus security. Cloudbrink is a vendor highly focused on hybrid workers with no legacy on-campus product revenue to protect.
Segmented Security Policies: Having different security infrastructure for on-prem vs remote can cause the security policies to get out of sync. This causes frustration and lost productivity for both the worker and the IT support teams.
Complex network design: Administration of campus networks is challenging. Complex switching configuration (e.g., between VLANs, 802.1X, MACsec, private VLANs, access control lists [ACLs] and micro-segmentation) and managing network access control (NAC).
Inconsistent work experience: In a diverse work environment with various connection types and locations, maintaining a consistent work experience can be challenging.
Inconsistent Network Access Implementations: Traditional network security solutions often struggle to manage access for both on-premises and remote workers
Complex visibility and control: When there are issues, having to look across multiple security consoles adds complexity which is also a security risk.
High Costs: The costs of maintaining the two separate solutions in terms of infrastructure and staffing are high.
PROTECT AND VERIFY EVERYWHERE
In line with the Gartner Universal ZTNA description, enterprises need a game-changer — a transformative approach that transcends the outdated practice of managing separate security tools for each setting. Embracing a more efficient solution, such as Universal ZTNA from Cloudbrink, empowers organizations to consolidate their access security strategies, fostering seamless user experiences across all environments. Say goodbye to the tangled web of disjointed products and usher in an era of harmony, where one powerful and all-encompassing access policy reigns supreme.
With Universal ZTNA from Cloudbrink, you can march confidently into a world where productivity soars, risks are mitigated, and employees revel in a seamless, secure, and consistent experience, whether at the office or halfway across the globe.
The benefits of Universal ZTNA technologies include:
Support for all SaaS and data center apps
Simpler troubleshooting with one solution versus multiple solutions
A common experience for end-users whether working remotely or on-prem
No complex network security controls and segmentation
A single security policy that spans remote workers and campus workers
Faster deployment with better economics and efficiency
A High-Performance Universal ZTNA service provides mutual zero trust based on mTLS 1.3 and it provides Automated Moving Target Defense (AMTD) by rotating security certificates in hours, not years, using temporal edges rather than fixed PoPs and constantly changing routes.
What advantages does Universal High-Performance ZTNA from Cloudbrink offer
| HAaaS | ZTNA 2.0 | VPN | |
|---|---|---|---|
| In-Office user optimization | |||
| Hybrid user optimization | |||
| Multi-cloud connectivity | |||
| SaaS apps optimization | |||
| Software-only (minimal maintenance) | |||
| Single pane of glass visibility for remote workers (aggregated visibility) | |||
| Granular control (per user per app) | |||
| SDP-compliant enterprise access | |||
| Automated Moving Target Defense | |||
| Single policy-definition for remote and on-prem workforce (central control plane) | |||
| Bridge mode support for on-prem devices such as IoT |
A Secure and Performant Remote Access Solution
The Brink App, FAST Edges, and Cloudbrink's connector software work together to provide a more secure and performant remote access solution than current VPN, SDP, ZTNA or ZTNA 2.0 offerings. The Brink App is powered by AI to overcome local Wi-Fi and broadband network challenges, while FAST Edges are automatically created close to the end user for maximum performance. This provides a high-performance, highly secure end-to-end connection to private apps or data sources.
Cloudbrink's High-Performance ZTNA Three Main Components
The Brink App, installed on end-user devices, leverages the power of AI to overcome any network challenges and guarantees an excellent quality of experience for the end-user, regardless of the network.
Enterprise access points called FAST (Flexible, Autonomous, Smart, Temporary) Edges are automatically created close to the end user enabling Cloudbrink to react rapidly to changes in demand, guaranteeing the highest possible performance. Cloudbrink can automatically scale thousands of FAST Edges. By contrast, traditional vendors typically provide only 100-200 PoPs at most. These edges form a mesh to create the fastest possible route through the cloud on a per-session basis. In contrast, other ZTNA vendors typically provide only 100-200 PoPs at most.
If required, Cloudbrink's connector software can be deployed in the customer's cloud environment or data center to provide a secure end-to-end connection to private apps or data sources.
Cloudbrink's High-Performance Universal ZTNA is a software-only solution that uses pre-emptive and accelerated packet recovery to minimize the impact of network issues. The zero trust network architecture combines packet recovery with FAST edges to minimize latency.
Cloundbrink Zero Trust Architecture
“We were being pressured to go with Zscalar for the remote users, however the Cloudbrink zero trust access solution not only solved upgrading our current VPN environment but also improved our users' experience which is a win/win”.
SECURITY ARCHITECT
Financial Services
- Gartner: March 2022, ZTNA Anywhere (Re-thinking Campus Network Security)
