Prior to the pandemic, a shift in networking was already underway, with an increasing percentage of the workforce beginning to work from home. This trend has dramatically accelerated over the last year, with the vast majority of organisations either mandating that their employees work from home, or strongly encouraging it.

This has transformed many organisations almost overnight into a highly-distributed model with hundreds, if not thousands, of one-person branch offices. The ‘branch office of one’ has become the new normal for many organisations.

“This massive shift has created a similarly massive challenge for many IT organisations, who have been scrambling to implement VPN access for their remote workers. As just one example, utilisation of the Sophos Connect VPN client with XG Firewall has shot up over 10x to more than 1.4 million active clients in recent months,” says Ross Anderson, Sophos Product Development Manager at Duxbury Networking.

However, while VPN technology has served the market well, it was never really designed for this new world. VPN can be difficult to deploy and enroll new staff, it can be challenging for end-users to use and creates unnecessary friction, and it does not provide the kind of granular security that most organisations require.

Gartner’s recent report, Solving the Challenges of Modern Remote Access, also highlights the challenges with VPN: licensing, efficiency, relevancy, and suitability for the task.

“If it wasn’t enough that IT organisations are grappling with this massive shift in remote working, the whole industry has come under siege by bad actors and hackers attempting to take advantage of the current situation with increasing attacks on corporate systems and data. The latest Sophos 2021 Threat Report provides an excellent look at how cybercriminals have upped their game,” Anderson points out.

With a massive collection of branch offices of one and an ever-increasing need for tighter security that is transparent and frictionless, what are the options? “Sophos is actively working to get Sophos ZTNA, or zero trust network access, into customers’ hands quickly. To help overcome some of the challenges you’re facing with remote workers, it provides a simpler, better, more secure solution to connect your users to important applications and data,” Anderson explains.

ZTNA is founded on the principle of zero trust and is all about verifying the user. It typically leverages multi-factor authentication to prevent stolen credentials from being a source of compromise, then validates the health and compliance of the device to ensure it is enrolled, up to date, and properly protected. ZTNA then uses that information to make policy-based decisions to determine access and privilege to important networked applications.

Benefits of ZTNA compared to remote access VPN

While remote access VPN continues to serve us well, ZTNA offers a number of added benefits that make it a much more compelling solution:

  • More granular control: ZTNA allows more granular control over who can access certain applications and data, minimising lateral movement and removing implied trust. VPN is all-or-nothing: once on the network, VPN generally offers access to everything.

  • Better security: ZTNA includes device and health status in access policies to further enhance security. VPN does not consider device status, which can put application data at risk to a compromised or non-compliant device.

  • Easier to enroll staff: ZTNA is much easier to roll out and is better when it comes to enrolling new employees. VPN involves more challenging and difficult setup and deployment.

  • Transparent to users: ZTNA offers ‘just works’ transparency to users with frictionless connection management. VPN can be difficult and prone to initiating support calls.

Overall, ZTNA offers a welcome solution to connecting the branch office of one. Sophos ZTNA is a brand new cloud-delivered, cloud-managed product to easily and transparently secure your important business applications with granular controls. It consists of three components:

  • Sophos Central provides the ultimate cloud management and reporting solution for all your Sophos products, including Sophos ZTNA. Sophos ZTNA is fully cloud-enabled, with Sophos Central providing easy deployment, granular policy management, and insightful reporting from the cloud.

  • Sophos ZTNA Gateway will be available as a virtual appliance for a variety of platforms to secure networked applications on-premise or in the public cloud. AWS and VMware ESXi support will be available initially, closely followed by support for Azure, Hyper-V, Nutanix, and others.

  • Sophos ZTNA Client provides transparent and frictionless connectivity to controlled applications for end users based on identity and device health. It is easy to deploy from Sophos Central, with an option to deploy alongside Intercept X with just one click or instead work standalone with any desktop AV client. It will initially support MacOS and Windows, and later Linux and mobile device platforms as well.

“The early access program (EAP) for the initial version of Sophos’ ZTNA solution will kick off shortly and Duxbury will inform its customers once it is available,” says Anderson.

Has Encryption Made Your Current Firewall Irrelevant?
The rapid increase in encrypted network traffic, coupled with the inability of most next-generation firewalls to inspect this traffic, has created a p...
Sophos Intercept X Ranks First in Three New Se Labs Reports
In a recent endpoint protection test conducted by SE Labs, Sophos’ Intercept X achieved a 100% Total Accuracy Rating for enterprise, small business, a...