How to adopt the cloud continues to grow and ‘work from anywhere’ (WFA) ‘rings true’ across South Africa, we thought it appropriate to reach out to our friend John Ward, Head of Systems Engineering and SME for Public Cloud: Africa at Fortinet, to reveal benefits and unravel the mystery surrounding the provision of two key movements.
Ward is a cybersecurity veteran with roots dating back to the 1990s, a time when “bad actors” were just beginning to see the gaps and take advantage of business and personal data in the developing world. Ward eloquently talks us through the basics of cloud security and zero-trust network access, two key areas that are critical to protecting users and applications that are now hosted across multiple devices and locations.
Read our transcript summary of the Q&A below:
Question: With WFA being a major shift in business since the pandemic, would you say it’s irresponsible for companies to continue operating without a zero-trust network access (ZTNA) strategy?
Answer: The answer is a resounding yes. In today’s environment, traditional methods simply aren’t good enough to keep up with bring-your-own-device (BYOD) and users connecting from multiple locations. Traditional VPNs work, but they’re clunky. With ZTNA, users don’t have to worry about which device or location. They can gain dynamic, continuous, secure access to any environment, from any location, on any device. In addition, it makes cloud migrations easier and faster.
Q: What are the main threats associated with Work from Anywhere (WFA) functionality if your security strategy is not up to scratch?
A: One particular threat is malware, including ransomware. When someone connects from home or to a coffee shop network where there are multiple users, they are exposed to an attack vector that they may not be protected against. This is where zero trust begins. When a device connects to corporate resources, ZTNA evaluates the host, checks its current status, changes over time, and verifies that no malware is running.
Q: If employees are working from home, should they be concerned about their IoT devices posing a risk to the business network?
A: We are seeing an increase in attackers targeting users through home devices to gain access to the corporate network. “Don’t attack them in the castle, get them while they’re crossing the drawbridge.” With IoT and connected devices cluttering homes and other heavily networked spaces, both businesses and users need to be aware of the risks that come with not having a ZTNA approach or strong security.
Q: Many employees work while traveling, connecting to unsecured networks while on the move. How does ZTNA make things simple and secure for these users?
A: ZTNA provides a seamless next-generation security experience for users. Not only does it offer the ability to connect securely from anywhere, but it also abstracts the underlying connection mechanism so that users don’t have to think about it. They don’t have to worry about manually setting up a connection or wondering if resources are on-premise or in the cloud.
We must remember that many attacks are opportunistic, so without ZTNA a simple out-of-date patch can spell disaster for the entire organization.
Q: How can security professionals protect business-critical web applications amid the rush to deliver new services using the cloud?
A: It’s all about protecting your environment and then being more specific about the applications in your environment. These advanced controls do not apply to the cloud; the same rules apply to the premier. But web applications and APIs are really at the forefront in terms of attacks since most of them are exposed to the public Internet. At the same time, developers are often not experts in application and network security.
It’s important to make it easy for them to publish code, but keep the environment clean.
Q: With all this in mind, users need access to both cloud and non-cloud resources where consistent security policies must be enforced. How do Fortinet Cloud Security and ZTNA solutions address this?
A: The best gift is to have a FortiGate. This industry-leading next-generation firewall is already a mainstay for protecting cloud and on-premises environments, and it offers customers the ability to easily migrate to both cloud and zero-trust approaches because ZTNA is built-in. FortiGate acts as a zero-trust access proxy that verifies the trust level of users and provides access to applications in any data center or cloud platform in which they reside. It gives users secure and seamless access to cloud or on-premises resources and provides security teams with continuous assessment of user access and associated risks. In addition, FortiGate can protect all server resources and data that threat actors are always looking for, whether on-premise or on any of the cloud platforms.
Centrally tracking all of this activity is key to being able to detect and remediate threats faster. Users can start with FortiAnalyzer to consolidate their understanding of Fortinet, expand to FortiSIEM to provide security channels from non-Fortinet devices, and progress to FortiSOAR to create automated tutorials. Wherever you are on this automation journey, it’s really the only way to effectively manage risk and keep users and networks safe as today’s environment continues to rapidly expand.
Read detailed questions and answers here.
A common thread in this discussion is a mesh architecture such as the Fortinet Security Fabric. By leveraging what many Fortinet customers already have and extending it with Cloud Security and ZTNA for these new environments and user locations, security professionals can easily “pave the way” for a future we can all trust.
As a master distributor, Maxtec is proud to offer the entire Fortinet portfolio in South Africa and has done so since 2003. Contact us to learn how we support our partners with Fortinet training and workshops to enhance your own knowledge.
For more information, visit www.maxtec.co.za, email secure@maxtec.co.za or call +27 (0) 11 803 6635.
- This promoted content has been paid for by the interested party
