Professional Documents
Culture Documents
ZTN and Cloud Security Overview
ZTN and Cloud Security Overview
ZTN and Cloud Security Overview
Cloud Security
Hello!
Reza Khaloakbari
⬡ IP WAN Planning and Optimization Senior Specialist
at MTNIRANCELL
My Certificate :
AWS – Advanced Networking – Specialty
Cisco - Enterprise SD-WAN Implementation
Huawei – Data Center SDN planning and design
Cisco – CCNP Routing and switching
Cisco – CCNP security linkedin.com/in/reza-khaloakbari
…
2
The Future of Security
Introduction to
Cloud Security
ZTN
1 2 3 4
Challenges in Introduction to
Traditional Security SASE
Models
3
Threats in encrypted traffic are everywhere
4
Vulnerable Centralized Points
5
Weak Internal Firewalls
6
Weak Internal Firewalls
7
Weak Internal Firewalls
8
Weak Internal Firewalls
Ransomware attacks
increased by 37% in 2023
9
Remote Working Challenges in SDWAN
10
Remote Working Challenges
11
ZTN
Zero Trust Network
12
What is ZTN
⬡ The Zero Trust model was first introduced by John Kindervag, a principal
analyst at Forrester Research, in 2010.
⬡ Zero Trust Network (ZTN) is a security model that operates on the principle
that no individual or device inside or outside the network should be
automatically trusted.
⬡ A zero-trust network relies less on specific hardware and more on new
approaches to security.
13
Zero-trust network terms
⬡ Identify assets
∙ Take an inventory of assets and make assessments about the value and vulnerability of
corporate assets
⬡ Network Segmentation
∙ Dividing the network into microsegments to control traffic flow and reduce the attack surface.
14
Zero-trust network terms
⬡ Least privilege access
∙ limiting even trusted users to only the specific applications, services, and data
⬡ Test, Monitor, and Maintain
∙ A zero-trust approach—similar to threat modeling—requires testing to ensure that the
impact on productivity is minimal and hypothetical security threats are neutralized
15
SASE
Secure Access Service Edge
What is SASE
⬡ The concept of SASE was articulated in a Gartner report titled "The Future of
Network Security Is in the Cloud," published in 2019.
⬡ SASE is a network security approach to offer a comprehensive networking and
security solution.
⬡ SASE replaces hardware data centers with infrastructure residing in the cloud.
⬡ Zero Trust Network Access (ZTNA) is a key component of the SASE framework.
17
Key Components of SASE:
18
SASE and the Future
19
Cloud Security
20
Cloud Security
⬡ Global Cloud Footprint
⬡ Proxy architecture vs. passthrough
⬡ Direct-to-Cloud Architecture
⬡ Zero Trust Network Access Security as a Service
⬡ Simplified Management
⬡ Multitenant architecture
⬡ Zero attack surface
⬡ Connect users to apps, not the network
21
Cloud Security
⬡ Global Cloud Footprint
∙ Utilizing a distributed cloud infrastructure to provide security services close to users
anywhere in the world, reducing latency and improving performance.
⬡ Direct-to-Cloud Architecture
∙ Enabling users to connect directly to the cloud for all internet and web-based services,
bypassing the need for traditional VPNs and appliances.
22
Cloud Security
⬡ Simplified Management
∙ Providing a unified platform for policy management and reporting, reducing the
complexity associated with managing multiple security products.
1 Enforce Policy
Control Content 2
and Access
24
verify identity and context
⬡ Who is connecting?
∙ Verifies the user, device, or workload identity
through integrations with third-party identity
providers.
Cloud Security
⬡ What is the access context?
∙ Validates the context of the connection
requester, looking at attributes such as role,
responsibility, request time, location, and
circumstances of the request.
⬡ Where is the connection going?
∙ Confirms that the owner has the rights and the
destination is known, understood, and
contextually categorized for access.
25
Control Content and access
⬡ Assess risk
∙ Leverages AI to dynamically compute a risk
score of the requested access based on
factors such as device posture, threats,
destination, behavior, and policy.
⬡ Prevent compromise
∙ Conducts inline decryption and deep
inspection of inbound traffic to identify and
block malicious content.
⬡ Prevent data loss
∙ Performs inline decryption and deep
inspection of outbound traffic to identify
sensitive data and prevent exfiltration
through inline controls.
26
Enforce Policy
⬡ Enforce policy
∙ Determines what conditional action to take
regarding the requested connection. This
action ultimately results in conditional allow
or conditional block of the requested access.
27
Thanks!
Any questions?
You can find me at:
linkedin.com/in/reza-khaloakbari
Khaloakbari@gmail.com
28
Source
www.gartner.com
www.cisco.com
zscaler ZTNA solution
https://www.zscaler.com/capabilities/zero-trust-network-access
29