Over the Corona pandemy, remote working has evolved to the point where sharing over VPN has slowly become overloaded. For this and to ensure cyber security while working from anywhere, ZTNA (Zero Trust Network access) was developed. The data that is processed by companies from home is becoming more and more valuable. This is also the case with many car manufacturers who, with the development of “digital twins” or entire production plants via home office, are moving more and more explosive information to locations that tend to be more dangerous.

To provide users and companies with optimal security on the Internet, the ZTNA is frequently used. This is applied to provide remote users with secure access to internal applications with significantly higher security, better controllability, and transparency for the end user. Brokers are key to securing access and verifying identity, context and policy compliance to protect the application from hackers pretending to be company employees. In this regard, ZTNA is part of the “Secure Access Service Edge”(SASE), which combines WAN services and security functions into a unified cloudnative solution to provide enterprises, in addition to their corporate datacenters, with optimal security for the increasing use of various clouds and Internet services.  The principle behind ZTNA is, as the name suggests, trust no one and check everything. In this age of technification, Internet security is becoming more and more essential as home office or remote working becomes more and more important. Accordingly, even the smallest data breach can result in significant losses. This is also the case in the automotive industry. Here, people work globally on a wide variety of projects, with frequent data traffic and, in many cases, remotely. If you now work on the example of the digital twin and an external hacker gains access to it, the complete data of a vehicle that may still be in development is leaked and serious damage occurs.

VPN vs ZTNA

The advantage of ZTNA over the commonly used Virtual Private Networks (VPN) is the simpler handling of the system, as VPN requires administrators who work in time consuming and expensive full-time jobs just to set up the data network, traffic flow and IP management. Additionally, monitoring and controlling the security of those hubs are very tedious. VPN devices, in most cases, are not checked for their health, they operate on implied trust, and can therefore quickly become a target for hackers who can use a trojan to access an entire corporate network through one of these devices. Furthermore, VPN is now an outdated technology that, in addition to its slowed speed, can’t keep up with the increased volume of remote users. Also, analyzing the movement of users on the networks is only possible to a limited extent and again demands many working hours for monitoring.

ZTNA devices and users are all treated as individual perimeters in order to be able to control the respective identity and state individually. This is called Identify Access Management (IAM). As a result, enterprise applications can be protected from compromised devices. Users are also not unlocked to the entire corporate network, but are only given access to individual segments that have been pre-approved for the user and are themselves protected. Microsegmentation is used for this purpose. If the user’s identification fails or even the device status does not comply with the guidelines, access to the segments is negated.