Juan Alejandro Aguirre, Director of Engineering Solutions at SonicWall Latin America, explains how to make the Zero Trust Network Access model accessible to small and medium-sized businesses across Brazil.
The Zero Trust Network Access (ZTNA) model is the new security paradigm for cloud and Edge Computing users. Regardless of where the user accesses the cloud from, ZTNA promotes the least privilege required to complete tasks and consume data.
According to Gartner, by 2025 at least 70% of new remote access deployments will rely on ZTNA services. This is the fastest-growing segment of network security, and is expected to grow by 31% by the end of 2024. According to estimates by Markets and Markets, global companies are expected to invest up to US$60 billion per year in ZTNA by 2027.
The complexity of the design and implementation of this model – in addition to the cultural changes imposed by an approach in which all accesses are checked by principle, without exceptions – seems to put ZTNA’s gains within the reach only of companies with large cybersecurity teams.
The accelerated digitalization of the Brazilian SME segment, however, is leading the managers of these companies to study the ZTNA model and seek strategies to make a leap in quality in their safety culture. The urgency is real.
Losses
According to a study conducted by the Ponemon Institute, 76% of SMBs experienced a cyberattack in 2022. SMBs are an easy target because they often have limited resources to devote to cybersecurity. According to a report by AppRiver, the damage of a data breach can be devastating for this segment, with the average cost estimated at US$149,000.
Tailor-made approach to the Brazilian reality
It is in this context that ZTNA approaches designed according to the reality of the SMB market come into play. The challenge is to serve organizations with increasingly remote work teams in their cloud migration journeys. With flexible and cost-effective solutions for remote access and Internet access, the goal is to simply and securely connect employees and external users to resources from any device and location. In this strategy, the role of MSSPs (Managed Security Services Providers) is critical.
Complex solutions are left aside and a scalable and straightforward ZTNA solution is ideal for MSSPs and their medium and small customers. A differential of this strategy is the compatibility between ZTNA technology for the SME segment and other cybersecurity platforms in use in the company. The goal is to meet the digital reality of each organization, helping this company to evolve in cloud consumption with security and well-designed processes.
Given the fact that vulnerabilities often appear when companies rely too much on individuals or devices, the ZTNA model suggests that no user should be trusted by default. This paradigm shift, in order to be successful, has to be preceded by communication actions with business leaders and end-users, so that everyone understands the reason for this change. It is also recommended to adopt ZTNA solutions with very low friction – the check is carried out without delays and without imposing discomfort on the user.
One element is key in the realization of this proposal: the expertise of the MSSP that takes the ZTNA model to the medium or small company.
It is essential to analyze MSSPs that stand out in the following points:
• Training and education – MSSP professionals must be prepared to educate SME employees.
• Assessment and planning – MSSPs can review a company’s security framework and develop customized solutions that meet specific customer needs.
• Implementation and Integration – MSSPs must prove their expertise in implementing and integrating the ZTNA platform with other solutions quickly and effectively.
• Managed Services – MSSPs take care of all the ongoing management and maintenance of their clients’ solutions. At this point, it is essential to check the certifications and continuous training plans of MSSPs teams on ZTNA platforms.
• Compliance – It is essential to hire an MSSP with knowledge in the regulations and industry standards of the user company. The responsibility of the MSSP is such that this team has to collaborate with the client’s compliance.
Shared management
The MSSP becomes co-manager of the environment of the medium and small enterprise. The immediacy of security management based on a SOC that monitors the customer’s environment 24×7 means that, in the medium term, this service provider effectively gains a predictive, fact-based view of the customer’s digital maturity and what remains to be done to increase the security posture of this company.
In the era of cloud computing, the ZTNA model is mandatory, and is within the reach of the CEO of the SME who, in order to make his business grow, needs guarantees of continuity and security of processes. In this context, it is essential to study the profile of the MSSP that will serve the organization and the value of ZTNA solutions offered in the form of a service, with costs diluted over time. Those who follow this path will accelerate their business and Brazil’s digital economy.