SlideShare a Scribd company logo

Zero Trust Network Access

Download as PPTX, PDF
E
Er. Ajay Sirsat

The above PPT explains the working of the ZTNA model for Network Security,

Technology
1 of 21
Zero Trust Access Network (ZTNA)
“Zero Trust Access Network” PRN: 77000028C Dhole Patil College of Engineering, Pune. 2 Under the Guidance of: Prof. Vandana Navale Presented By: Ajay D. Sirsat
Contents 1. Motivation & Issue with existing system 2. Introduction 3. Literature Survey 4. Objective and Scope 5. Methodology 6. Conclusion 7. Reference 3
1. Motivation & Issue with existing system 4
5
Reasons why we need ZTNA » In the Evolving Enterprise, Perimeter-Based Security Is Ineffective. » Shared Security Responsibility is Necessary for Cloud Data Centers » The Internet is an unprotected network » Everyone in the expanding workforce shouldn't have unlimited access to information » You won't be able to check the security status of every WFH environment » Cyber-attacks are on the rise » The Security Risks Have Increased 6
2. Introduction 7
Castle and moat Concept 8
1. Zero Trust Network Access (ZTNA) is a category of technologies that provides secure remote access to applications and services based on defined access control policies. 2. Unlike VPNs, which grant complete access to a LAN, ZTNA solutions default to deny, providing only the access to services the user has been explicitly granted. 3. ZTNA gives users seamless and secure connectivity to private applications without ever placing them on the network or exposing apps to the internet. 4. Zero trust is a security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network perimeter. What is Zero Trust Access Network? 9
10
3. Literature Survey 11
Literature Survey 12 ● Satya Tyagi, “10 Reasons Why Enterprises Need Zero Trust Security”, December 7, 2020 8:39 pm ● John Kindervag for Security & Risk Professionals, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture”, November 5, 2010 ● Evan Gilman and Doug Barth, “Zero Trust Networks-Building Secure Systems in Untrusted Networks”, Published by O’Reilly Media, Inc. on July 2017 ● Fortinet White Paper, “Securing Digital Innovation Demands Zero-trust Access”, September 24, 2020 ● Sunil Potti - Google Cloud Security, “BeyondCorp Enterprise: Introducing a safer era of computing”, January 26, 2021
4. Objective and Scope 13
Objective and Scope 14 ● Embedded data and threat protection, with real-time end-to-end protection. ● Strong phishing-resistant authentication to ensure that users are who they say they are. ● Continuous authorization for every interaction between a user and resource. ● To provide secured and restricted access to all the services and servers. ● As we enter a new era of security, enterprises want a seamless security model attuned to the realities of remote work, cloud applications, and mobile communications. ● Can be used for organizations that need a solution that will not only improve their security posture but also deliver a simple experience for users and administrators.
5. Methodology 15
Main Principles behind Zero Trust Model 16 ● The philosophy behind a zero trust network assumes that there are attackers both within and outside of the network, so no users or machines should be automatically trusted. ● Another principle of zero trust security is least-privilege access. This means giving users only as much access as they need, like an army general giving soldiers information on a need-to-know basis. ● Zero trust networks also utilize microsegmentation. Microsegmentation is the practice of breaking up security perimeters into small zones to maintain separate access for separate parts of the network. ● Multi-factor authentication (MFA) is also a core value of zero trust security. MFA simply means requiring more than one piece of evidence to authenticate a user; just
17
18 How does ZTNA Works? ● Unlike network-centric solutions like VPNs or FWs, ZTNA takes a fundamentally different approach to securing access to internal applications based on these four core principles. The connection process uses the following steps: 1. Each server registers with the SDP controller. Servers can either have an internal gateway function or rely on an external gateway. 2. Clients connect to the SDP controller to authenticate, authorize and learn the desired service's connection details. 3. Clients connect to a server over an encrypted channel, either through an internal server gateway or through an external gateway.
19 Conclusion ● Allow conditional access to certain resources while restricting access to high value resources on managed/complaint devices. ● Prevents network access and lateral movement using stolen credentials and compromised devices. ● Enables users to be more productive by working however they want, when they want and where they want. ● Consider an “If-this-then-that” automated approach to zero trust. ● Identity is everything, make it the control plane.
20 References 1. Jeff Birnbaum, “Six Key Characteristics of a Modern ZTNA Solutions”, May 27, 2021 2. Fortinet Solution Brief, “Zero-Trust Access for Comprehensive Visibility and Control”, March 2020. 3. Evan Gilman, “Zero Trust Network”, May 12, 2016 4. Joe Hertvik, “What Is Zero Trust Network Access? ZTNA Explained”, September 16, 2020. 5. Zev Brodsky, “ZTNA: A Blueprint for Securely Granting Network Access”, Jan 2021. 6. Fortinet All Blogs, “What’s the Difference Between Zero Trust, ZTA, and ZTNA”, March 26, 2021 7. Sunil Potti, VP/GM, Google Cloud Security, “BeyondCorp Enterprise: Introducing a safer era of computing”, January 26, 2021 8. John Kindervag for Security & Risk Professionals, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture”, November 5, 2010.
21

Recommended

Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 

Recommended

Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptx4_Session 1- Universal ZTNA.pptx
4_Session 1- Universal ZTNA.pptxaungyekhant1
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get StartedEyesOpen Association
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE Haris Chughtai
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020Guido Marchetti
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Cloud security
Cloud security Cloud security
Cloud security n|u - The Open Security Community
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Vpn alternative whitepaper
Vpn alternative whitepaperVpn alternative whitepaper
Vpn alternative whitepaperCristian Garcia G.
 

More Related Content

What's hot

Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explainedrtp2009
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security Tripwire
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iPrecisely
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architectureDenise Bailey
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...YouAttestSlideshare
 

What's hot (20)

Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
 
NIST Zero Trust Explained
NIST Zero Trust ExplainedNIST Zero Trust Explained
NIST Zero Trust Explained
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice5 Steps to a Zero Trust Network - From Theory to Practice
5 Steps to a Zero Trust Network - From Theory to Practice
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 
Understanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM iUnderstanding Zero Trust Security for IBM i
Understanding Zero Trust Security for IBM i
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)
 
Zero trust deck 2020
Zero trust deck 2020Zero trust deck 2020
Zero trust deck 2020
 
[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture[Round table] zeroing in on zero trust architecture
[Round table] zeroing in on zero trust architecture
 
Cloud security
Cloud security Cloud security
Cloud security
 
Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...Micro segmentation and zero trust for security and compliance - Guardicore an...
Micro segmentation and zero trust for security and compliance - Guardicore an...
 

Similar to Zero Trust Network Access

Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Best Practises to Follow ZTNA.pdf
Best Practises to Follow ZTNA.pdfBest Practises to Follow ZTNA.pdf
Best Practises to Follow ZTNA.pdfInstasafe1
 
The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!Caroline Johnson
 
SEMINAR ghajkakqkqkvnnkamsmAJAY PPT.pptx
SEMINAR ghajkakqkqkvnnkamsmAJAY PPT.pptxSEMINAR ghajkakqkqkvnnkamsmAJAY PPT.pptx
SEMINAR ghajkakqkqkvnnkamsmAJAY PPT.pptxprasanna212623
 
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...cyberprosocial
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4sophiabelthome
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
What is Zero Trust Cybersecurity?
What is Zero Trust Cybersecurity?What is Zero Trust Cybersecurity?
What is Zero Trust Cybersecurity?Metaorange
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019Zscaler
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Zscaler
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Unisys Corporation
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET Journal
 

Similar to Zero Trust Network Access (20)

Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
Vpn alternative whitepaper
Vpn alternative whitepaperVpn alternative whitepaper
Vpn alternative whitepaper
 
Best Practises to Follow ZTNA.pdf
Best Practises to Follow ZTNA.pdfBest Practises to Follow ZTNA.pdf
Best Practises to Follow ZTNA.pdf
 
The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!The Zero Trust Security Model for Modern Businesses!
The Zero Trust Security Model for Modern Businesses!
 
Zero trust architecture and MIS.pdf
Zero trust architecture and MIS.pdfZero trust architecture and MIS.pdf
Zero trust architecture and MIS.pdf
 
SEMINAR ghajkakqkqkvnnkamsmAJAY PPT.pptx
SEMINAR ghajkakqkqkvnnkamsmAJAY PPT.pptxSEMINAR ghajkakqkqkvnnkamsmAJAY PPT.pptx
SEMINAR ghajkakqkqkvnnkamsmAJAY PPT.pptx
 
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
 
International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4International journal of computer science and innovation vol 2015-n2-paper4
International journal of computer science and innovation vol 2015-n2-paper4
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
BEST CYBER SECURITY PRACTICES
BEST CYBER SECURITY PRACTICESBEST CYBER SECURITY PRACTICES
BEST CYBER SECURITY PRACTICES
 
What is Zero Trust Cybersecurity?
What is Zero Trust Cybersecurity?What is Zero Trust Cybersecurity?
What is Zero Trust Cybersecurity?
 
3 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-20193 reasons-sdp-is-replacing-vpn-in-2019
3 reasons-sdp-is-replacing-vpn-in-2019
 
Another proposal
Another proposalAnother proposal
Another proposal
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
It Infrastructure Management PPT Centurion University of Technology And Manag...
It Infrastructure Management PPT Centurion University of Technology And Manag...It Infrastructure Management PPT Centurion University of Technology And Manag...
It Infrastructure Management PPT Centurion University of Technology And Manag...
 
dccn ppt-1.pptx
dccn ppt-1.pptxdccn ppt-1.pptx
dccn ppt-1.pptx
 
Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18Ma story then_now_webcast_10_17_18
Ma story then_now_webcast_10_17_18
 
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

Zero Trust Network Access

  • 2. “Zero Trust Access Network” PRN: 77000028C Dhole Patil College of Engineering, Pune. 2 Under the Guidance of: Prof. Vandana Navale Presented By: Ajay D. Sirsat
  • 3. Contents 1. Motivation & Issue with existing system 2. Introduction 3. Literature Survey 4. Objective and Scope 5. Methodology 6. Conclusion 7. Reference 3
  • 4. 1. Motivation & Issue with existing system 4
  • 5. 5
  • 6. Reasons why we need ZTNA » In the Evolving Enterprise, Perimeter-Based Security Is Ineffective. » Shared Security Responsibility is Necessary for Cloud Data Centers » The Internet is an unprotected network » Everyone in the expanding workforce shouldn't have unlimited access to information » You won't be able to check the security status of every WFH environment » Cyber-attacks are on the rise » The Security Risks Have Increased 6
  • 8. Castle and moat Concept 8
  • 9. 1. Zero Trust Network Access (ZTNA) is a category of technologies that provides secure remote access to applications and services based on defined access control policies. 2. Unlike VPNs, which grant complete access to a LAN, ZTNA solutions default to deny, providing only the access to services the user has been explicitly granted. 3. ZTNA gives users seamless and secure connectivity to private applications without ever placing them on the network or exposing apps to the internet. 4. Zero trust is a security model based on the principle of maintaining strict access controls and not trusting anyone by default, even those already inside the network perimeter. What is Zero Trust Access Network? 9
  • 10. 10
  • 12. Literature Survey 12 ● Satya Tyagi, “10 Reasons Why Enterprises Need Zero Trust Security”, December 7, 2020 8:39 pm ● John Kindervag for Security & Risk Professionals, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture”, November 5, 2010 ● Evan Gilman and Doug Barth, “Zero Trust Networks-Building Secure Systems in Untrusted Networks”, Published by O’Reilly Media, Inc. on July 2017 ● Fortinet White Paper, “Securing Digital Innovation Demands Zero-trust Access”, September 24, 2020 ● Sunil Potti - Google Cloud Security, “BeyondCorp Enterprise: Introducing a safer era of computing”, January 26, 2021
  • 14. Objective and Scope 14 ● Embedded data and threat protection, with real-time end-to-end protection. ● Strong phishing-resistant authentication to ensure that users are who they say they are. ● Continuous authorization for every interaction between a user and resource. ● To provide secured and restricted access to all the services and servers. ● As we enter a new era of security, enterprises want a seamless security model attuned to the realities of remote work, cloud applications, and mobile communications. ● Can be used for organizations that need a solution that will not only improve their security posture but also deliver a simple experience for users and administrators.
  • 16. Main Principles behind Zero Trust Model 16 ● The philosophy behind a zero trust network assumes that there are attackers both within and outside of the network, so no users or machines should be automatically trusted. ● Another principle of zero trust security is least-privilege access. This means giving users only as much access as they need, like an army general giving soldiers information on a need-to-know basis. ● Zero trust networks also utilize microsegmentation. Microsegmentation is the practice of breaking up security perimeters into small zones to maintain separate access for separate parts of the network. ● Multi-factor authentication (MFA) is also a core value of zero trust security. MFA simply means requiring more than one piece of evidence to authenticate a user; just
  • 17. 17
  • 18. 18 How does ZTNA Works? ● Unlike network-centric solutions like VPNs or FWs, ZTNA takes a fundamentally different approach to securing access to internal applications based on these four core principles. The connection process uses the following steps: 1. Each server registers with the SDP controller. Servers can either have an internal gateway function or rely on an external gateway. 2. Clients connect to the SDP controller to authenticate, authorize and learn the desired service's connection details. 3. Clients connect to a server over an encrypted channel, either through an internal server gateway or through an external gateway.
  • 19. 19 Conclusion ● Allow conditional access to certain resources while restricting access to high value resources on managed/complaint devices. ● Prevents network access and lateral movement using stolen credentials and compromised devices. ● Enables users to be more productive by working however they want, when they want and where they want. ● Consider an “If-this-then-that” automated approach to zero trust. ● Identity is everything, make it the control plane.
  • 20. 20 References 1. Jeff Birnbaum, “Six Key Characteristics of a Modern ZTNA Solutions”, May 27, 2021 2. Fortinet Solution Brief, “Zero-Trust Access for Comprehensive Visibility and Control”, March 2020. 3. Evan Gilman, “Zero Trust Network”, May 12, 2016 4. Joe Hertvik, “What Is Zero Trust Network Access? ZTNA Explained”, September 16, 2020. 5. Zev Brodsky, “ZTNA: A Blueprint for Securely Granting Network Access”, Jan 2021. 6. Fortinet All Blogs, “What’s the Difference Between Zero Trust, ZTA, and ZTNA”, March 26, 2021 7. Sunil Potti, VP/GM, Google Cloud Security, “BeyondCorp Enterprise: Introducing a safer era of computing”, January 26, 2021 8. John Kindervag for Security & Risk Professionals, “Build Security Into Your Network’s DNA: The Zero Trust Network Architecture”, November 5, 2010.
  • 21. 21