Universal ZTNA, or what we refer to as 'seamless secure access,' integrates the best features of traditional on-premises security and remote access solutions into a unified platform. This approach simplifies IT management while boosting overall security and improving the user experience across the enterprise. It delivers consistent, seamless security controls for both on-premises and remote access, ensuring secure connections to organizational resources from any location or device.
Many businesses currently have two different solutions: one for on-prem network security and another for remote access or ZTNA, as shown in Figure 1. This creates security silos, additional capital and operating costs, and operations overhead. It is difficult to reconcile the access policies between the two systems leading to cases where greater access might be given while accessing applications remotely than while on-prem.
Given that the ZTNA systems provide modern network security, it might be conceivable to decommission the on-prem network security and use the ZTNA service for remote and on-prem access, as shown in Figure 2. However, the problem arises when even local traffic from an on-prem computer to an on-prem server needs to traverse a route that takes it off-prem to the ZTNA service’s data center. This hair-pinning of traffic causes performance degradation.
Cipherscale offers the ideal Universal ZTNA solution, as illustrated in Figure 3. A single policy, configured in cipherscale, applies to both on-premises and remote access and is enforced by the Gateway(s) deployed on-site. To ensure ZTNA, the office application servers are restricted from direct access by any office computers except for the Gateways.
When the user is on-site, their device creates a secure tunnel to the Gateway over the local office network to access private applications, following the admission rules and access policies configured in Cipherscale and enforced by the Gateway in coordination with the Cipherscale Controller. When the user is off-site, the device establishes a secure tunnel to the Gateway over the internet to access the private applications, again adhering to the same admission rules and access policies set in Cipherscale and enforced by the Gateway in coordination with the Cipherscale Controller.
This approach ensures efficient routing, avoiding unnecessary internet detours for on-premises access. Cipherscale provides truly seamless secure access by using the same on-prem Gateways to enforce access policies, regardless of the device’s location, and unifies policy definitions across all access points.