What we do
TCS Research
TCS Research: Inventing to build sustainable futures
Highlights
- The traditional network security approach uses a virtual private network (VPN) to grant access to a user through an internet protocol (IP) address where these IPs are linked to devices or applications of a user group. But this can expose IPs to a security breach.
- A ‘five-S’ approach for zero trust network architecture adoption is based on key features that drive the core functionality of a security solution.
- A zero trust network architecture provides fast, secure, cost-efficient, and reliable connections to access network applications. It leverages the cloud and eliminates dependency on hardware stacks and human effort that goes into managing VPN gateways.
On this page
ZERO TRUST NETWORK ARCHITECTURE
A zero trust network architecture improves enterprise productivity through faster connectivity, secure authorization, and reduced latency.
Hybrid work is becoming a post-pandemic norm, given the flexibility it offers and with organizations now having digitalized processes. Enterprises rely on the internet for users to access applications either on-site, via VPN, or cloud. With cyberattacks on the rise and threats emanating from within and outside the system, the adoption of zero trust network architecture has become significant.
Vulnerabilities sneak in when unauthorized access is granted to the end user. To tackle this better, the architecture provides secure access to applications from anywhere and at any time by checking a user’s legitimacy, followed by device validation for any malicious activity. It offers integrated security and multifactor authentication capabilities using an enterprise’s existing mechanism.
The zero trust network architecture authentication flow
Moreover, the architecture secures enterprises in the cloud and ensures that no user, application, or device is trusted by default and is always verified, providing the least-privileged access. That is, the user is limited to a particular application or task based on the need-to-know principle, to keep the network and application infrastructure hidden from unauthorized users.
Challenges with existing network solutions
Existing remote access VPN solutions have certain drawbacks that bring challenges with them.
The legacy remote access VPN follows a network-centric approach that allows users to connect applications over IP addresses by extending the network to the user. Employees using VPN connections for remote work or from home expose IP addresses via VPN concentrators, which makes these networks prone to hackers. Attackers can, therefore, easily access the broader enterprise network with the IP being exposed, thereby gaining visibility into other applications.
Why and how existing remote access VPN models are vulnerable
Legacy VPN architecture, being hardware-based, is not scalable to software-as-a-service or cloud-based applications. It also impacts the business as deploying new hardware is a time-consuming activity. Every enterprise application requires its own VPN gateway, making new additions difficult and affecting scalability. Additionally, enterprises use heterogeneous VPN deployment that calls for a skilled expert to manage operations.
Also, a hybrid environment (on-premises and cloud) with the traditional security setup requires VPN traffic to be backhauled to the central data center in a remote location before it grants access over the cloud. This causes latency issues resulting in a poor user experience and high bandwidth usage. Increased hardware, manpower, and data center resources all drive up cost.
The five-S ZERO TRUST NETWORK ARCHITECTURE model
A robust and efficient zero trust network architecture for secured and seamless connectivity.
We present a ‘five-S’ (secure, scalable, seamless, simplified, and savings) approach for zero trust network architecture adoption based on key features that drive the core functionality of the security solution. This approach offers a novel network security architecture that uses an identity-centric policy to ensure a secure environment powered by a zero-trust principle.
Using this method, a security policy (a written document that defines how an enterprise must safeguard its physical and technology-based assets) is created based on a user, a device, or an application that gets access instead of the IP address, thereby reducing the attack interface. Each user session is authenticated before authorizing access, enabling application-based micro-segmentation to provide a granular level of security.
The model provides advanced visibility into connectivity aspects (such as analytical insights into user or application activity – from where and when the network is accessed and whether the user is legitimate or not), application accessibility (better and uninterrupted access per-user session), and posture management (auto-updates to security patches or anti-virus).
The five-S zero trust network architecture model
Features provided by a zero trust network architecture model for a secure and seamless enterprise network
The zero trust network architecture facilitates easy accessibility by quickly validating and onboarding new users and provides simplified access compared to traditional models that use a hardware (VPN firewall) system. An existing VPN system has limited capacity to accommodate new users and requires additional firewalls to be set up. With zero trust network architecture on the other hand, given that it is cloud-based, a request needs to be raised to add users, and within a short period grants access, supporting scalability.
Hybrid deployments which are scalable, need to be agile, where businesses integrate information technology (IT) and operational technology (OT) systems into a single network using zero trust network architecture for efficient operations. For example, a retail store can merge its OT (a software and hardware system that controls or monitors industrial processes and assets) with an enterprise IT system to get real-time updates of on-the-shelf inventory using cameras or sensors that match a customer’s checkout at the billing counter. The integration helps secure the network, speed up activities, save costs, and ease operations.
The model helps optimize bandwidth using direct internet access from remote or branch locations, offering seamless connectivity to users, applications, and devices. It eliminates hardware-based VPN requirements and the need for a human workforce that needs to operate these systems.
The zero trust network architecture also boosts IT integration during mergers and acquisitions (existing legacy VPN infrastructure may experience load on the network when enterprise users want to access applications of each other during the transition with a sudden increase in VPN requests, leading to latency, new VPN gateway setup, and vulnerability to attacks with IPs exposed), as it relies on an identity-centric approach and not on an IP address that needs validation.
A next-generation security model
The core functionality of zero trust network architecture, identity-based secure authorization, can be leveraged to upcoming technologies and the IT-OT environment.
The zero trust network architecture model helps design modern enterprise security supported by multi and hybrid cloud adoption. It drives network consolidation by integrating emerging technologies and frameworks like secure service edge or the SSE, 5G, Edge, and the internet of things (IoT) platforms. The architecture is one of the essential elements for SSE framework (an all-inclusive cloud-based security solution that provides secure access to IT applications) adoption, facilitating efficient and robust security to an enterprise’s infrastructure.
The zero trust network architecture is a next-generation network security architecture that provides comprehensive identity, dynamic authorization, risk measurement, and management automation. That is, employees, contractors, and third-party users (identity) get access to applications on the enterprise network with specific needs and use (authorization), preventing trespassing (risk) into restricted areas of the application or network. The session is terminated when the user is idle (automation) to prevent untoward security incidents.
The shift to cloud-based applications by enterprises across industries makes it imperative for businesses to adopt a robust network security solution that offers quick, secure, and seamless connectivity.
A network functions as the arteries of an organization; it transmits critical information and data. Therefore, enterprises must institute a strong security architecture to protect these networks from cyberattacks and consequent loss on account of systems getting compromised.
