Zero Trust

Network design according to the Zero Trust principle.

What is Zero Trust?

The term “Zero Trust” is currently considered the most important security concept for IT infrastructures. It originates from the term “Zero-Trust Network Access” or “ZTNA” for short and was coined by the analyst firm Gartner.

But what does “Zero Trust” actually mean? And what are the advantages of this form of network architecture?

We break down for you what defines Zero Trust, why this security concept offers up-to-date protection for remote access applications in particular and how you can switch to this solution quickly and easily.

Semi-circular infographic showing the gradual transition from perimeter security to Zero Trust: gray circle with white shield icon with checkmark in the center, with a semi-circle divided into three segments above; the left segment is colored light blue, numbered 1, contains a white icon of a cloud with networking lines coming out of the bottom, and is labeled: “Cloud-based network segmentation to contain threats”; the middle segment is colored in a strong blue, numbered with a 2, contains a white icon of two arrows pointing in different directions and the caption “Securing transitions in a hybrid architecture”; the third segment on the far right is colored dark blue, numbered with a 3, contains a white icon with a protective shield, security lock, networking lines and certificate and the caption ”Introduction of zero trust architectures”
The switch to Zero Trust usually takes place gradually: From cloud-controlled network security to security architectures for hybrid working landscapes to the fully comprehensive Zero Trust principle.

Definition Zero Trust Network Access (ZTNA)

Gartner defines Zero Trust as a security concept that assumes that nothing and no one inside or outside the network is trustworthy. Essentially, this means that any access to resources in the network – whether from outside or inside – must always be minimized, authorized, and authenticated, before it is allowed.

Compared to a traditional network, the Zero Trust principle does not grant users or devices access to entire networks, but only to specific applications or network resources.

This type of “micro-segmentation” ensures that company servers no longer have to be connected to each other in an intranet. Thus, if a server is compromised, this prevents malware from spreading unhindered across the entire intranet.

Icon: Rounded square with the letters "ZTNA" in it

Implementation of the Zero Trust principle with LANCOM Trusted Access

Our video explains briefly and clearly the Zero Trust principle in the LANCOM Trusted Access solution and what makes Zero Trust so advantageous:

Why remote access according to the Zero Trust principle?

Older VPN structures are reaching their limits

Decentralized network infrastructures, remote work, and the digital outsourcing of data and applications to clouds have changed corporate networks with their flexibility and lack of transparency of user activities to such an extent that older VPN-based network security is increasingly reaching its limits. Data traffic, usage patterns, and access can no longer be monitored to the same extent as before.

This makes the protection and management of all hybrid, widely separated, and therefore insufficiently controllable network components laborious. In the event of an attack, these circumstances can also lead to malware spreading to the entire company network in case one end device is taken over. Such cyberattacks on companies using ransomware and lateral movement are unfortunately increasing year by year and are becoming ever more difficult to identify.

What makes Zero Trust different

This makes it all the more important to close the newly created security gaps and adapt the security infrastructure to the current circumstances. The modern and proven tool of meeting these requirements is network access according to the Zero Trust principle in line with the policy “trust no one, check everything”. Zero Trust extends the one-off authentication for the entire network or entire network segments via a VPN client to include multiple, recurring and regularly verifiable authentications for specific applications.

Specially developed for remote access scenarios, Zero Trust secures all dial-ins to the network in a modern way and also securely connects external services such as data centers or clouds. This means that existing and new remote workstations, including all user and application approvals, can be managed, checked and set up more specifically.

Who needs Zero Trust?

For many companies, converting to the Zero Trust principle initially sounds complex and costly, as they fear that their entire network architecture will have to be changed. The actual necessity, benefits, and urgency of the principle are therefore quickly questioned. You are welcome to take our short check:

Test: Do you need Zero Trust security?

Your result: Zero Trust would be a recommended choice for you

There is at least one criterion that speaks in favor of increasing your network security with the Zero Trust principle.

Whether it is simply a decentralized network structure, the use of hybrid working models, the outsourcing of some data or applications to external cloud services, working with particularly sensitive data, or the required compliance with the NIS2 directive or several to all of these circumstances – you should take action. Zero Trust's comprehensive network segmentation and individual access assignment protect your IT network from major damage caused by cyber attacks, especially the dangerous lateral movement of malware.

Find out more on this page about how you can seamlessly and flexibly integrate the Zero Trust principle into your existing network infrastructure with LANCOM Trusted Access. You can also learn more about the LANCOM Trusted Access Client here and find out here to what extent you should implement the Zero Trust principle.

Your result: Zero Trust does not seem to be absolutely necessary for you at the moment

Currently, traditional, purely VPN-based remote access seems to be sufficient for your needs.

As your network is centralized and does not require Zero Trust remote access, as you do not use external cloud services for data outsourcing, as you do not work with particularly sensitive data and as the NIS2 directive does not apply to you, there is currently no need to switch to Zero Trust. Not sure if any of this does actually apply? Then you are welcome to run the test again or find out more about LANCOM Trusted Access, the remote access based on the Zero Trust principle from LANCOM.

After all, LANCOM Trusted Access (LTA) has the special advantage that it can realize even classic VPN remote access with full access to the intranet more securely and conveniently than usual. LTA can also be implemented as a cloud-managed VPN client with and without Active Directory. Find out which solution might be right for you!

Additional evaluation criteria besides Zero Trust: cyber threats and NIS2

You are also welcome to find out about the current information security situation in medium-sized and large companies to get an idea of the actual threat and your risk.

Last but not least, we recommend that you also keep an eye on the developments surrounding the European Network and Information Security Directive NIS2. From October 2024, this will require strict and clear risk management measures for cyber security via national laws. An IT network secured by the Zero Trust principle builds a strong foundation to meet the NIS2 requirements.

Icon: Star circle of the European flag with the terms "GDPR", "NIS2" and "BSI" in capital letters

What are the advantages of Zero Trust?

The increased security factor through Zero Trust is now obvious. However, the new remote access concept has many more advantages than just network security: employees, IT, the HR department and management all benefit from the Zero Trust principle in a variety of ways:

From Zero Trust to Trusted Access: Zero Trust security from Germany

“Zero trust” evokes negative associations for many people. Is “no trust” really the right solution? From a cyber security perspective, the answer is clearly yes.

Nevertheless, the zero trust principle should also evoke a sense of security rather than unease, and also take into account all the concerns and needs of users. This is the idea behind LANCOM Trusted Access (LTA).

LANCOM Trusted Access shows what digitally sovereign, agile network security for companies looks like when it comes from a German SME and security specialist: User-oriented, data protection-compliant, and optimally adapted to individual security requirements.

LANCOM Trusted Access: Special features and advantages

“Software-defined perimeter” (SDP) as access control level (Zero Trust principle)

Targeted application sharing for lateral network protection: users can only access the applications and resources they need to perform their work, and each access must be explicitly authorized

User-oriented expansion stages for individual security requirements

Choice of granular access control to dedicated applications (zero trust principle) or entire networks (cloud-managed VPN client) in four expansion stages, tailored to your needs

Maximum security through endpoint security and multi-factor authentication

Optional endpoint security check (operating system version, virus protection, local firewall) of devices and user verification including multi-factor authentication before each access

Seamless migration to existing installations

Migrates seamlessly into existing installations by integrating existing user databases in the company (e.g. an Active Directory such as Microsoft Entra ID) and alternatively provides user management integrated into the LANCOM Management Cloud if no user database is available

Complete integration into the LANCOM Management Cloud (LMC)

Convenient central network, security and license management via our cloud hosted in Germany with zero-touch commissioning and auto-configuration for quick and easy roll-out of new remote access connections and 24/7 monitoring

Easy access to external cloud applications via single sign-on (SSO)

Fast and user-friendly working: Via Single Sign-On (SSO), users can access external web applications conveniently and securely after logging in to the Active Directory once - without having to enter their access data again

100% GDPR-compliant and digitally sovereign – data traffic without decoupling via an external cloud

Secure and clear separation of control plane (LMC) and data plane after user authentication via the LANCOM Management Cloud (LMC) – for maximum data security and data protection in accordance with European legal standards

How does LANCOM implement the Zero Trust principle?

In close cooperation with users, LANCOM has developed a Zero Trust remote access concept that minimizes complexity and effort for users and can be integrated into existing networks as seamlessly and effortlessly as possible.

The idea is to use existing network components such as a LANCOM gateway and the LANCOM Management Cloud and simply extend their function with a software element and configurations.

With LANCOM Trusted Access (LTA), the user gains access to the applications and resources assigned to him via the following steps:

  1. The LTA client installed on the end devices communicates the login data entered with their corresponding user identification to the LANCOM Management Cloud, which acts as the LTA controller.
     
  2. The login credentials are verified by a connected identity provider such as an Active Directory or a local user database and confirmed in a multi-factor authentication process.
     
  3. Upon confirmation, the LTA client is authorized to establish a VPN connection to the LTA gateway as soon as its security compliance has been checked by the LTA controller.
     
  4. The LTA client receives the configuration data for establishing the VPN connection to the LTA gateway and the access rights assigned to it by the LTA controller.
     
  5. The VPN connection based on the zero-trust principle is established between the LTA client and the LTA gateway and access to the permitted applications is granted.

It is worth noting that the control plane and data plane are securely separated from each other: Any user data is only exchanged between the LTA client and LTA gateway, with no decoupling via the LTA controller. Not every Zero Trust solution offers this level of security and data sovereignty.

This is how LANCOM Trusted Access is set up according to the Zero Trust principle

Would you like to know more about how LANCOM Trusted Access works or do you have any questions? Then take a look at our FAQ and our techpaper:

FAQ: LANCOM Trusted Access

Techpaper: LANCOM Trusted Access System Architecture


Get started now

The LANCOM Trusted Access Onboarding Program supports you in setting up and designing your customized Zero Trust solution:

Find out which LTA expansion level is best suited for your security and network requirements and learn everything you need to know about Zero Trust and LANCOM Trusted Access with the LTA Techpaper, FAQ, and a comprehensive collection of tutorial videos.

We look forward to making your network environment more secure with LANCOM Trusted Access and restoring trust in remote work to the working world.

We will be happy to help and advise you at any time. Working together more securely – with LANCOM Trusted Access.


We answer your questions

Your direct line to us

Most questions can be resolved best in direct contact.

We look forward to answering your questions and requests by phone or via the contact form.

Inside Sales International Team
+49 (0)2405 49936 122