What is Zero Trust?
The term “Zero Trust” is currently considered the most important security concept for IT infrastructures. It originates from the term “Zero-Trust Network Access” or “ZTNA” for short and was coined by the analyst firm Gartner.
But what does “Zero Trust” actually mean? And what are the advantages of this form of network architecture?
We break down for you what defines Zero Trust, why this security concept offers up-to-date protection for remote access applications in particular and how you can switch to this solution quickly and easily.
Definition Zero Trust Network Access (ZTNA)
Gartner defines Zero Trust as a security concept that assumes that nothing and no one inside or outside the network is trustworthy. Essentially, this means that any access to resources in the network – whether from outside or inside – must always be minimized, authorized, and authenticated, before it is allowed.
Compared to a traditional network, the Zero Trust principle does not grant users or devices access to entire networks, but only to specific applications or network resources.
This type of “micro-segmentation” ensures that company servers no longer have to be connected to each other in an intranet. Thus, if a server is compromised, this prevents malware from spreading unhindered across the entire intranet.
Why remote access according to the Zero Trust principle?
Older VPN structures are reaching their limits
Decentralized network infrastructures, remote work, and the digital outsourcing of data and applications to clouds have changed corporate networks with their flexibility and lack of transparency of user activities to such an extent that older VPN-based network security is increasingly reaching its limits. Data traffic, usage patterns, and access can no longer be monitored to the same extent as before.
This makes the protection and management of all hybrid, widely separated, and therefore insufficiently controllable network components laborious. In the event of an attack, these circumstances can also lead to malware spreading to the entire company network in case one end device is taken over. Such cyberattacks on companies using ransomware and lateral movement are unfortunately increasing year by year and are becoming ever more difficult to identify.
What makes Zero Trust different
This makes it all the more important to close the newly created security gaps and adapt the security infrastructure to the current circumstances. The modern and proven tool of meeting these requirements is network access according to the Zero Trust principle in line with the policy “trust no one, check everything”. Zero Trust extends the one-off authentication for the entire network or entire network segments via a VPN client to include multiple, recurring and regularly verifiable authentications for specific applications.
Specially developed for remote access scenarios, Zero Trust secures all dial-ins to the network in a modern way and also securely connects external services such as data centers or clouds. This means that existing and new remote workstations, including all user and application approvals, can be managed, checked and set up more specifically.
Who needs Zero Trust?
For many companies, converting to the Zero Trust principle initially sounds complex and costly, as they fear that their entire network architecture will have to be changed. The actual necessity, benefits, and urgency of the principle are therefore quickly questioned. You are welcome to take our short check:
Your result: Zero Trust would be a recommended choice for you
There is at least one criterion that speaks in favor of increasing your network security with the Zero Trust principle.
Whether it is simply a decentralized network structure, the use of hybrid working models, the outsourcing of some data or applications to external cloud services, working with particularly sensitive data, or the required compliance with the NIS2 directive or several to all of these circumstances – you should take action. Zero Trust's comprehensive network segmentation and individual access assignment protect your IT network from major damage caused by cyber attacks, especially the dangerous lateral movement of malware.
Find out more on this page about how you can seamlessly and flexibly integrate the Zero Trust principle into your existing network infrastructure with LANCOM Trusted Access. You can also learn more about the LANCOM Trusted Access Client here and find out here to what extent you should implement the Zero Trust principle.
Your result: Zero Trust does not seem to be absolutely necessary for you at the moment
Currently, traditional, purely VPN-based remote access seems to be sufficient for your needs.
As your network is centralized and does not require Zero Trust remote access, as you do not use external cloud services for data outsourcing, as you do not work with particularly sensitive data and as the NIS2 directive does not apply to you, there is currently no need to switch to Zero Trust. Not sure if any of this does actually apply? Then you are welcome to run the test again or find out more about LANCOM Trusted Access, the remote access based on the Zero Trust principle from LANCOM.
After all, LANCOM Trusted Access (LTA) has the special advantage that it can realize even classic VPN remote access with full access to the intranet more securely and conveniently than usual. LTA can also be implemented as a cloud-managed VPN client with and without Active Directory. Find out which solution might be right for you!
You are also welcome to find out about the current information security situation in medium-sized and large companies to get an idea of the actual threat and your risk.
Last but not least, we recommend that you also keep an eye on the developments surrounding the European Network and Information Security Directive NIS2. From October 2024, this will require strict and clear risk management measures for cyber security via national laws. An IT network secured by the Zero Trust principle builds a strong foundation to meet the NIS2 requirements.
What are the advantages of Zero Trust?
The increased security factor through Zero Trust is now obvious. However, the new remote access concept has many more advantages than just network security: employees, IT, the HR department and management all benefit from the Zero Trust principle in a variety of ways:
Home office and mobile work for employees
Need: Quick and easy access to all applications and resources for day-to-day work for employees at home, on the move, and at work
Zero Trust features:
- Single sign-on: enter login details once, then seamless access to all resources
- Enhanced endpoint security: greater self-protection through endpoint security checks, multi-factor authentication, and network segmentation
Contemporary network protection for IT / security officers
Need: Protection of the network against external threats, especially ransomware; secure integration of home offices and external companies; continuous further development of security
Zero Trust features:
- Granular access control and segmentation (“software-defined perimeter”, SDP) for lateral network protection
- Highly secure “full tunnel” operation according to central security policies with 24/7 monitoring
- Fast response times thanks to cloud management
Convenient onboarding / offboarding and management for HR and management
Needs: Counteract skills shortages with effortless integration of new employees and external service providers; secure company growth; legal protection through compliance with laws and standards
Zero Trust features:
- Integration of existing user databases in the company
- Quick setup and blocking of remote access connections (zero-touch rollout and auto-configuration of clients)
- Central license management and monitoring
“Zero trust” evokes negative associations for many people. Is “no trust” really the right solution? From a cyber security perspective, the answer is clearly yes.
Nevertheless, the zero trust principle should also evoke a sense of security rather than unease, and also take into account all the concerns and needs of users. This is the idea behind LANCOM Trusted Access (LTA).
LANCOM Trusted Access shows what digitally sovereign, agile network security for companies looks like when it comes from a German SME and security specialist: User-oriented, data protection-compliant, and optimally adapted to individual security requirements.
Seamless migration to existing installations
Migrates seamlessly into existing installations by integrating existing user databases in the company (e.g. an Active Directory such as Microsoft Entra ID) and alternatively provides user management integrated into the LANCOM Management Cloud if no user database is available
100% GDPR-compliant and digitally sovereign – data traffic without decoupling via an external cloud
Secure and clear separation of control plane (LMC) and data plane after user authentication via the LANCOM Management Cloud (LMC) – for maximum data security and data protection in accordance with European legal standards
How does LANCOM implement the Zero Trust principle?
In close cooperation with users, LANCOM has developed a Zero Trust remote access concept that minimizes complexity and effort for users and can be integrated into existing networks as seamlessly and effortlessly as possible.
The idea is to use existing network components such as a LANCOM gateway and the LANCOM Management Cloud and simply extend their function with a software element and configurations.
With LANCOM Trusted Access (LTA), the user gains access to the applications and resources assigned to him via the following steps:
- The LTA client installed on the end devices communicates the login data entered with their corresponding user identification to the LANCOM Management Cloud, which acts as the LTA controller.
- The login credentials are verified by a connected identity provider such as an Active Directory or a local user database and confirmed in a multi-factor authentication process.
- Upon confirmation, the LTA client is authorized to establish a VPN connection to the LTA gateway as soon as its security compliance has been checked by the LTA controller.
- The LTA client receives the configuration data for establishing the VPN connection to the LTA gateway and the access rights assigned to it by the LTA controller.
- The VPN connection based on the zero-trust principle is established between the LTA client and the LTA gateway and access to the permitted applications is granted.
It is worth noting that the control plane and data plane are securely separated from each other: Any user data is only exchanged between the LTA client and LTA gateway, with no decoupling via the LTA controller. Not every Zero Trust solution offers this level of security and data sovereignty.
This is how LANCOM Trusted Access is set up according to the Zero Trust principle
Would you like to know more about how LANCOM Trusted Access works or do you have any questions? Then take a look at our FAQ and our techpaper:
Get started now
The LANCOM Trusted Access Onboarding Program supports you in setting up and designing your customized Zero Trust solution:
Find out which LTA expansion level is best suited for your security and network requirements and learn everything you need to know about Zero Trust and LANCOM Trusted Access with the LTA Techpaper, FAQ, and a comprehensive collection of tutorial videos.
We look forward to making your network environment more secure with LANCOM Trusted Access and restoring trust in remote work to the working world.
We will be happy to help and advise you at any time. Working together more securely – with LANCOM Trusted Access.
