The branch office of one
Prior to the pandemic, there was already a shift in networking underway, with an increasing percentage of the workforce beginning to work from home – at least part-time. This trend has dramatically accelerated over the last year, with the vast majority of organizations either mandating their employees work from home, or strongly encouraging it.
This has transformed many organizations almost overnight into a highly-distributed model with hundreds, if not thousands, of one-person branch offices. The “branch office of one” has become the new normal for many organizations.
This massive shift has created a similarly massive challenge for many IT organizations, who have been scrambling to implement VPN access for their remote workers. As just one example, utilization of our Sophos Connect VPN client with XG Firewall has shot up over 10x to more than 1.4 Million active clients in recent months.
And while VPN technology has been a savior and has served us well, it was never really designed for this new world. VPN can be difficult to deploy and enroll new staff, it can be challenging for end-users to use and creates unnecessary friction, and it does not provide the kind of granular security that most organizations require.
Protecting your data
If it wasn’t enough that IT organizations are grappling with this massive shift in remote working, the whole industry has come under siege by bad actors and hackers attempting to take advantage of the current situation with increasing attacks on corporate systems and data. The latest Sophos 2021 Threat Report provides an excellent look at how cybercriminals have upped their game.
With a massive collection of branch offices of one and an ever-increasing need for tighter security that is transparent and frictionless, what are the options?
We’re actively working to get Sophos ZTNA, or zero trust network access, into your hands as fast as possible. To help overcome some of the challenges you’re facing with remote workers, it provides a simpler, better, more secure solution to connect your users to important applications and data.
Zero trust network access
ZTNA is founded on the principle of zero trust and is all about verifying the user. It typically leverages multi-factor authentication to prevent stolen credentials from being a source of compromise, then validates the health and compliance of the device to ensure it’s enrolled, up to date, and properly protected. ZTNA then uses that information to make policy-based decisions to determine access and privilege to important networked applications.
Benefits of ZTNA compared to remote access VPN
While remote access VPN continues to serve us well, ZTNA offers a number of added benefits that make it a much more compelling solution:
- More granular control: ZTNA allows more granular control over who can access certain applications and data, minimizing lateral movement and removing implied trust. VPN is all-or-nothing: once on the network, VPN generally offers access to everything.
- Better security: ZTNA includes device and health status in access policies to further enhance security. VPN does not consider device status, which can put application data at risk to a compromised or non-compliant device.
- Easier to enroll staff: ZTNA is much easier to roll out and is better when it comes to enrolling new employees. VPN involves more challenging and difficult setup and deployment.
- Transparent to users: ZTNA offers “just works” transparency to users with frictionless connection management. VPN can be difficult and prone to initiating support calls.
Overall, ZTNA offers a welcome solution to connecting the branch office of one.
Sophos ZTNA is a brand new cloud-delivered, cloud-managed product to easily and transparently secure your important business applications with granular controls.
Sophos ZNTA consists of three components:
- Sophos Central provides the ultimate cloud management and reporting solution for all your Sophos products, including Sophos ZTNA. Sophos ZTNA is fully cloud-enabled, with Sophos Central providing easy deployment, granular policy management, and insightful reporting from the cloud.
- Sophos ZTNA Gateway will be available as a virtual appliance for a variety of platforms to secure networked applications on-premise or in the public cloud. AWS and VMware ESXi support will be available initially, closely followed by support for Azure, Hyper-V, Nutanix, and others.
- Sophos ZTNA Client provides transparent and frictionless connectivity to controlled applications for end users based on identity and device health. It is super easy to deploy from Sophos Central, with an option to deploy alongside Intercept X with just one click or instead work standalone with any desktop AV client. It will initially support MacOS and Windows, and later Linux and mobile device platforms as well.
The early access program (EAP) for the initial version of our ZTNA solution will kick off in the next couple of weeks, so stay tuned for additional news. I hope you will all join us in test-driving Sophos ZTNA to make it the best product it can be for launch!