Customer Perspectives

For the best part of two decades, the virtual private network (VPN) has been the de facto standard for remote connectivity to enterprise systems. However, as one multinational telecom carrier discovered, the technology is beginning to show signs of age, particularly as the business world embraces to a work-from-anywhere (WFA) model.

Increased Threats Meet Substandard Controls

The carrier had noted an increase in cybersecurity threats on its networks, as well as inappropriate access from internal and external employees. Following an investigation, the carrier's cybersecurity team found that the VPN was to blame, as its security capabilities were limited, and the system was too permissive when granting users access to applications and data.

Something needed to change if the carrier was to support a secure and effective WFA model. It was at this point that the organization started to research zero-trust network access (ZTNA) as an alternative to its VPN, recognizing that the technology could deliver the granular access controls and enhanced security it needed.

ZTNA the Fortinet Way

Having already deployed FortiGate Next-Generation Firewalls (NGFWs) in its enterprise network, the carrier was aware of Fortinet's expertise and capabilities. It therefore selected Fortinet and one other vendor to present a ZTNA solution for consideration. During the proof-of-concept trials, it quickly became apparent that Fortinet's solution was far better able to enforce traffic control and provide an exceptional user experience.

Today, the carrier is in the process of deploying the Fortinet Universal ZTNA solution. Centered on its existing FortiGate NGFWs, the solution will leverage FortiAuthenticator for user identification and least-privilege access across its remote workforce. Meanwhile, the FortiClient Enterprise Management Server (EMS) provides visibility via FortiClient Fabric Agents deployed on 60,000 endpoints on the carrier's network to securely share information and assign security profiles to endpoints, enabling the least privileged access and oversight over employees' devices.

In addition, the company is using FortiAnalyzer for analytics and monitoring of traffic from remote workers, and FortiGSLB (global server load balancing) to maintain the availability of mission-critical applications. The solution is supported by FortiCare Professional Services, through which Fortinet provides access to its security experts to help the carrier roll out its systems.

Inline Security for Complete Access Control

While still in the deployment phase, it is already clear that the solution will provide a much more secure approach than the carrier's legacy VPN. FortiAuthenticator ensures identity is thoroughly verified for all users and can ease the user experience by enabling Single Sign-On (SSO). FortiAuthenticator integrates seamlessly with the FortiClient Fabric Agent for ZTNA placed in line between users and resources. It continually inspects traffic and devices to limit the risk of a threat or threat actor gaining access to enterprise applications and systems. This Fortinet Zero-Trust Network Access (ZTNA) architecture provides strict access controls so that users will only be able to access only the resources they need to do their job, protecting against inappropriate access and the threat of lateral movement by cybercriminals.

In addition to enhancing security, the solution also significantly improves the end-user experience. With a secure tunnel automatically created between user devices and enterprise systems, applications can be accessed in the same way and with the same performance regardless of location. The carrier can therefore enable its WFA model without adversely affecting productivity.

Security Management Made Easy

One of the key reasons that the carrier selected Fortinet is that it can provide ZTNA using on-premises systems rather than cloud alternatives. This approach was deemed more secure by the carrier, which wishes to retain full control of network traffic. The carrier also appreciates that it can leverage its existing investment in FortiGate NGFWs to realize its zero-trust vision. As well as increasing the return on its earlier investments, the approach will save the carrier from having to retrain its security team on new systems. In addition, the security team will benefit from a single-pane-of-glass view through which to manage its entire Fortinet footprint. 

At present, the carrier's security team is working in close collaboration with the Fortinet Professional Services team to ensure that its ZTNA rollout progresses smoothly and that best practices are put in place, while also limiting disruption to its workforce. When complete, the company will realize a greatly reduced attack surface and a remote working user experience that is fit for the modern world.

Read these customer case studies to see how Coopenaeand thisglobal financial services organizationsecure sensitive information with high-performance security solutions backed by the latest threat intelligence.