Zero-Trust is a security model that requires user identity and multiple contextual factors to authorise access, in effect making it difficult for attackers to compromise endpoint devices, impersonate employees and gain access to internal resources. Put simply, a zero-trust architecture trusts no one and nothing — in stark contrast to a traditional IT network security that trusts anyone and anything inside the network.
Hybrid work expands the corporate network and activity shifts to different locations across a variety of endpoints. This expansion of activity makes it a lot harder to keep track of everything, especially the new attack surfaces created by the disparate activities that occur in and around the network. Worse, this expansion creates numerous security gaps at various key points, whether on the endpoint, in transit, or during authentication.
It is far safer to assume that no user or device is trustworthy than to assume that preventative security measures have plugged all the holes. Zero-Trust addresses these gaps, securing the expanded network and, at the same time, improving the user experience.
If zero-trust is the model, then Zero-Trust Network Access (ZTNA) is the actual technology that makes it possible to implement said security paradigm. ZTNA requires strict verification for every user and every device before granting them to access internal resources. Additionally, ZTNA only grants access to the specific application requested and denies access to applications and data by default. It also works with other application security functions, like Web Application Firewalls and DDoS protection to provide complete protection for applications on the public Internet.
Cloudflare Access is a ZTNA solution offered by Cloudflare. It operates in client-based or clientless modes to grant access to self-hosted and SaaS applications and is part of Cloudflare One.
Instead of a VPN, users connect to corporate resources through a client or a web browser. As requests are routed and accelerated through Cloudflare’s edge, they are evaluated against zero-trust rules incorporating signals from your identity providers, devices, and other context.
Cloudflare One is Cloudflare’s zero-trust Network-as-a-Service platform that dynamically connects users to enterprise resources, with identity-based security controls delivered close to users, wherever they are.
Cloudflare One supports Secure Access Service Edge (SASE) by combining network connectivity services with zero-trust security services on a purpose-built global network. Replace expensive, proprietary circuits with a single global network that provides built-in zero-trust functionality, DDoS mitigation, network firewalling, and traffic acceleration.