How Zero Trust Network Access (ZTNA) is evolving for enterprise network security

In an increasingly complex world of cybersecurity, Zero Trust Network Access (ZTNA) is growing in popularity. This technology offers a more secure approach to managing access to networks and applications. The principle of cybersecurity is based on the principle of “trust no one.” In contrast to traditional security models that assume that all devices within an internal network are secure, ZTNA requires every user and device to be rigorously authenticated and authorized before being granted access to network resources, regardless of location.

Differences between ZTNA and Traditional Security Systems Traditional security systems often rely on firewalls to protect the network perimeter. Therefore, ZTNA adopts a “trust no one” approach to be more effective in countering threats from within the network. ZTNA is able to limit access and network segmentation so that it limits access permissions according to needs. That way, the risk of misuse of access and cyber attacks can be minimized.

Why is it important to implement ZTNA?

  • Shifting Work Landscape: With more employees working remotely and the widespread use of cloud computing, traditional network perimeters are becoming increasingly sparse.
  • Ever-Increasing Cyber ​​Threats: Cyber ​​attacks are becoming increasingly sophisticated and often start with compromise of user credentials. ZTNA helps reduce this risk by continuously verifying user and device identity.
  • Strict Regulations: Many industries have strict compliance requirements regarding data protection. ZTNA can help organizations meet these requirements by providing an additional layer of security.

How does ZTNA work?

  • Identity Verification: Every user and device must go through a strong authentication process before being granted access.
  • Policy-Based Authorization: Access to network resources is restricted based on strict policies, which consider factors such as user location, devices used, and access times.
  • Encryption: All network traffic is encrypted to protect data from eavesdropping.
  • Needs-Based Access Control: Access can be granted based on user or device attributes, such as role, group, or security status.

Benefits of Using ZTNA in corporate networks

  • Better Security: ZTNA provides better protection against cyber threats by reducing the attack surface and limiting access to sensitive data.
  • Better Visibility: ZTNA provides better visibility of user and device activity on the network.
  • Easier Compliance: ZTNA can help organizations meet stringent compliance requirements.
  • Better User Experience: ZTNA can provide a better user experience by enabling faster and more secure access to needed applications and data.

The ZTNA concept can be implemented as a separate solution or can be implemented as part of a SASE solution. ZTNA is included in the SASE components, along with Software-Defined Wide Area Network (SD-WAN), Cloud Access Security Broker (CASB), and Secure Web Gateway [SWG]. One of the advantages of implementing this system is simpler network security management for optimal network performance.

ACS Group is committed to always providing the right solutions and presenting a complete product portfolio ranging from Cyber Security devices, IT Infrastructure, IT Devices, Cloud, and IoT. With a wide range of services throughout Indonesia, ACS Group is ready to support and develop the businesses of its customers, as well as reduce the complexity of networks and security in one platform with integrated solutions.

Are you ready to implement it yourself in your network infrastructure? For more information about SASE (Secure Access Service Edge) solutions, you can contact Whatsapp Whatsapp +62 811-1944-534 Email ke sales.admin@acsgroup.co.id or you can visit our website at www.acsgroup.co.id.

ACS GROUP (PT.AUTOJAYA IDETECH & PT.SOLUSI PERIFERAL) as an enterprise-scale IT device provider and professional services company established in 1992, has provided the right solutions for thousands of companies throughout Indonesia, both for AIDC solutions, IT Infrastructure, Enterprise Security System, and Enterprise Business Solution. Our company has 4 branches located in Cikarang, Semarang, Surabaya, and Denpasar.

The importance of cyber security in OT sector

The development of digitalization on the OT aspect often doesn’t go as smoothly as on the IT side. Unlike IT, which priority is to update system and security to the latest version, system updates in the OT area can put critical activities at risk at the plant. Nevertheless, adopting various devices as a way to digitalization is inevitable to keep up with the trend and staying relevant.

From this, risks associated with OT arise. Listed below are some examples of conditions that are common on the production floor:

  • Variations of DCS, PLC, and HMI (Human Machine Interface) from various brands.
  • Serial Type PLC configured via PC/laptop plug-in directly into the HMI.
  • The displays of the machines have adapted to digital, but the OS is rarely / never updated to prevent hampered operations in the downtime. OS in the OT area usually still uses an outdated system like WinCE/Win7.
  • Automatic Updates disabled.
  • The OT (factory) will only operate with systems that have been proven stable. Usually, these systems are not the latest and have outdated in-house security standards that require a lot of retrofits (added features).
  • OT control is decentralized and unique per location. Therefore, remote access is impossible when an issue arises.
  • Staff / System Integrators who perform maintenance on OT devices generally do direct plug-ins on-site.

Various international cases emphasize the importance of securing OT along with developing working methods and data exchange. Production shutdown that starts from Ransomware will threaten KPI significantly.

In following the INDI 4.0 standardization and the development of data protection regulations and cloud computing (public) trends, we need to consider that OT area security ideally can provide:

  • Visibility
  • Distinct segmentation: what is accessible to certain staff.
  • Remote secure access for efficiency.

The solution that can be implemented is placing the NGFW appliance at the right point in the OT environment. The type of NGFW must be suitable so as not to hamper the ongoing operational and routine maintenance processes. Protection of production lines from various intrusions can be done in several approaches, either from regular maintenance executioners or from machines that need to be secured.

References:
1) https://www.fortinet.com/content/dam/fortinet/assets/white-papers/wp-secure-access-ot.pdf
2) https://www.fortinet.com/solutions/industries/scada-industrial-control-systems/what-is-ot-security

Get to know Cloud Solutions for Business and Industry

In recent years, more companies and organizations have started their digitization journey to improve the efficiency and effectiveness of their business operations. Cloud technology is now one of the most effective solutions existed. In addition to functioning as a technical foundation and an innovative backbone, Cloud makes it possible to secure data, especially when network security needs to be upgraded.

Cloud Computing is an internet-based technology that allows computerization, applications operation, databases (DB) processes and store them virtually to the server. Cloud computing will store all data and information on one server and it can be accessed anytime and anywhere via the internet without us needing extra time and funds to install and configure servers, storage, or databases.

The main principles of cloud computing are:

  • Available via the internet
  • Based on user needs
  • Pay as needed

In general, Cloud Computing can be categorized into three types of services according to the solution:

  • Private Cloud

Private Cloud is a “dedicated” or “internal” cloud computing service that is used specifically for enterprise organization data or applications.

Enterprise-level organizations usually choose this private Cloud because of their data privacy policy. The policy is usually related to their network security that requires a high level of data security.  Their sensitive data varies but usually range from customer information, confidential internal documents, or business plans. Naturally,  enterprise organizations require extra information system defense and security.

To meet increasing business demands and accelerate digital transformation, enterprise organizations require a simple, secure, and scalable private cloud infrastructure for VDI (Virtual Desktop Infrastructure), business applications, databases, analytics, cloud-native needs. Nutanix‘s private and hybrid cloud solution is a hyper-converged infrastructure (HCI) software that will bridge the infrastructure gap. It is equipped with native protection, consolidated data service, and it operates in an automated and intelligent manner which is an ideal foundation for private clouds in enterprises.

  • Public Cloud

Public Cloud is a cloud service consist of resources, applications, and storage that are available to public and can be used by anyone with an internet connection. Users can use its service for free or only with a rental fee, without needing to buy, install, operate, or maintain cloud servers and other equipment like when using a private cloud.

Network security  and data security are the main priority for all cloud storage services. One of the disadvantages of this public cloud service is data theft and cybercrime risk that can harm users. Therefore, users need to find an accountable provider with strict security that can backup the cloud data.  Backuping data will increase security, compliance, business continuity, and disaster recovery. It must also be accessible from various locations as long as there is a connection Internet.

ACS Group offers a comprehensive range of global cloud computing services to empower online businesses internationally and support e-commerce ecosystems around the world. In collaboration with Alibaba Cloud, ACS Group offers elaborate Public Cloud and cloud computing services suitable for large or small businesses, individual developers, and any public sector in more than 200 countries and regions.

  • Hybrid Cloud

It has combined elements from the Public Cloud and Private Cloud. Hybrid Cloud allows enterprise organizations to communicate and exchange data between public and private clouds, which provides greater flexibility. This is ideal for enterprise organizations that want to utilize the advantages of both types of deployment.

Therefore, your organization needs to understand the purpose of using the Cloud and choose one that suits your needs the best. Type of industry, operations, and business processes are several factors that can be considered when choosing the accurate Cloud Solution.

The choice of each feature or component implementation from the Cloud can be categorized into one of three service models:

  1. IaaS (Infrastructure as a Service)

The Infrastructure as a Service model is the basic foundation of Cloud Service. We can rent server virtualization storage and network configurations that are ideal for company needs. Specifications can be adjusted as needed and you only need to pay for the instances that you use. In other words, you don’t need to think about procuring server hardware and maintenance because the cloud provider will accommodate it.

On Alibaba Cloud, IaaS is covered by ECS (Elastic Compute Service) as a high-performance, stable, and reliable computing service. Not only that, but this service is also scalable. ECS can eliminate initial hardware investment and provide scalability of computation resources as needed.

  1. PaaS (Platform as a Service)

If an interface program, run-time environment, or operating system is needed for application development you can consider a Platform as a Service based solution. You only need to upload the application code to the platform and the application can be used immediately. An example of a Platform as a Service is Alibaba Cloud‘s Relational Database Service.

  1. SaaS (Software As A Service)

It is a service provided in the form of software in a web service where users can use the application without knowing how the data is stored or how the application is maintained. Software as a Service usually comes in form of a package with less flexible customization options.

Users can take advantage of the services directly for free or by paying a rental fee without having to build applications platform configuration and infrastructures. Everything about the application is guaranteed by the service provider and users do not have full control rights over the application.

Currently, many information technology (IT) operations are burdened with various data storage systems, whether in traditional ways or on-premise ways, to accommodate both structured data and unstructured data. This may not only expensive but also challenging in terms of managing flexibility.

With the rapid development of technology, Cloud Service is an increasingly mandatory and customary solution to consider. Increasing sophisticated security options allow us to achieve optimal control, flexible scalable scalability, and guaranteed availability when creating dynamic business operations.

ACS Group in association with Alibaba Cloud as a public cloud service provider, and with Nutanix as an IT infrastructure vendor with its enterprise cloud platform will always be ready to support loyal customers in implementing Private, Public, and Hybrid clouds that can provide many benefits for your company.

For more detailed information, please see the video on ACS Group’s youtube ACS Group’s youtube “Improve Business with a Flexible and Dynamic Cloud