As cloud adoption continues to ramp-up and with “work from anywhere” (WFA) “ringing true” across South Africa, we thought it pertinent to reach out to our friend John Ward, principal of systems engineering and SME for public cloud: Africa at Fortinet, to unpack the benefits and demystify the enigma around securing two key movements.

Ward is a cybersecurity veteran with roots stretching back to the 1990s — a time when “bad actors” were only just beginning to see the gaps and take advantage of business and personal data in an evolving landscape. Ward eloquently walks us through the essentials of cloud security and zero-trust network access, two key focus areas that are critical to defending users and applications that are now spread across a range of different devices and locations.

Read our summarised exchange in the Q&A transcript below:

Question: With WFA being a major business shift after the pandemic, would you say it’s irresponsible for companies to carry on without a zero-trust network access (ZTNA) strategy in place?

Answer: The answer is a resounding “yes”. With the current environment, traditional methods simply aren’t good enough to keep up with bring-your-own-device (BYOD) and users connecting from a range of different locations. Traditional VPNs work but they’re clunky. With ZTNA, users don’t need to worry about which device or which location. They can get dynamic, continuously secure access to any environment, from anywhere, on any device. Plus, it makes it easier and quicker to perform cloud migrations.

Q: What are some of the major threats associated with work-from-anywhere (WFA), if your security strategy is not up to scratch?

A: One specific threat is malware – including ransomware. When someone connects from home or to a coffee shop network where there are multiple users, they open themselves up to an attack vector for which they may not be protected. This is where zero trust kicks in. When that device then connects to corporate resources, ZTNA evaluates the host, checks its current status, what’s changed over time, and makes sure that there are no malicious applications running.

Q: If employees are working from home, should they worry about their IoT devices posing risks to the business network?

A: We’re seeing an increase in attackers targeting users via home devices to get to the corporate network. “Don’t attack them in the castle, get them while they are crossing the drawbridge.” With IoT and connected devices cluttering homes and other network-heavy spaces, both businesses and users should be aware of the risks posed when not enforcing a ZTNA approach or a strong security posture.

Q: A lot of employees work while travelling, connecting to unsecured networks as they move. How does ZTNA keep things simple and safe for these users?

A: ZTNA provides a seamless next-gen security experience for users. Not only does it offer the ability to securely connect from anywhere, but it also abstracts the underlying connection mechanism so that users don’t have to think about it. They don’t have to worry about manually setting up a connection or wondering whether resources are on-prem or in the cloud.

We need to remember that a lot of attacks are opportunistic, so without ZTNA, a simple outdated patch could lead to disaster for the entire organisation.

Q: With the rush to deliver new services faster with cloud, how can security professionals protect business-critical Web applications?

A: It’s all about securing the environment and then being more specific about the applications within your environment. These advanced controls aren’t specific to cloud; the same rules apply on-prem. But Web applications and APIs are really on the front line in terms of attacks since the majority of them are exposed to the public Internet. At the same time, developers are often not application nor network security experts.

Making it easy for them to publish code fast but keep their environments clean is key.

Q: Considering all of this, users need access to both cloud and non-cloud resources, where consistent security policies must be enforced. How do Fortinet’s Cloud Security and ZTNA solutions work to address this?

A: The best gift is to own a FortiGate. This industry-leading, next-generation firewall is already the mainstay for protecting cloud and on-prem environments, and it offers customers the ability to easily make the transition towards both cloud and a zero-trust approach, as ZTNA is already built in. FortiGate acts as the zero-trust access proxy that checks user trust levels and enforces access to applications in whichever data centre or cloud platform they reside. This gives users secure and seamless access to cloud or on-prem resources and provides security teams with continuous evaluation of user access and associated risks. Plus, FortiGate can protect all the backend resources and data that threat actors are always after, whether on-prem or in any of the cloud platforms.

Centrally tracking all this activity is key to being able to detect and mitigate threats sooner. Users can start with FortiAnalyzer to consolidate Fortinet insight, expand to FortiSIEM to bring in security feeds from non-Fortinet devices, and progress to FortiSOAR to create automated playbooks. Wherever you are in this automation journey, it really is the only way to effectively manage risk and keep users and networks secure as today’s environments continue to rapidly expand.

Read the in-depth Q&A here.

The common thread in this discussion is a mesh architecture, such as the Fortinet Security Fabric. By utilising what many of Fortinet’s customers already have and extending it with Cloud Security and ZTNA for these new environments and user locations, security professionals can easily “pave the way” to a future that we can all trust.

As a master distributor, Maxtec is proud to offer Fortinet’s entire portfolio in South Africa, and has done so since 2003. Reach out to us to see how we support our partners with Fortinet training and workshops to boost your in-house knowledge.

For more, visit www.maxtec.co.za, e-mail [email protected] or call +27 (0) 11 803 6635.