Incorporating Zero-Trust Strategies for Secure Network and Application

Executive Overview

As businesses continue to embrace digital innovation, cloud applications, and work-from-anywhere initiatives, networks become ever more complicated and dispersed with an increasing number of “edges.” And as the traditional network perimeter continues to dissolve and the more people and devices that connect to a network, the less secure a traditional perimeter-based approach to security becomes.

Every time a device or user is automatically trusted, it places an organization’s data, applications, and intellectual property at risk. CISOs need to shift the fundamental paradigm of an open network built around inherent trust to a zero-trust model. This zero-trust strategy needs to incorporate rigorous access controls that span the distributed network so devices, users, endpoint, cloud, Software-as-a-Service (SaaS), and the infrastructure are all protected.

The Fortinet Zero Trust Access (ZTA) framework uses a tightly integrated collection of security solutions that help organizations identify and classify all users and devices that seek network and application access.


As more companies shift their networks to accommodate remote workers, multi-cloud architectures, and digital innovation, their approaches to security need to change as well. Today, organizations need to establish secure and trustworthy access from any location to a wide variety of cloud-based services and enterprise resources.

Traditional security models work under the assumption that anything inside an organization’s network should be trusted. But automatically extending trust to any device or user puts the organization at risk when either is compromised, whether intentionally or unintentionally.

The increase in bring-your-own-device (BYOD) and Internet-of-Things (IoT) initiatives have led to a proliferation of access points and endpoint devices, so the traditional network perimeter has been eliminated. Attackers, malware, and infected devices that bypass edge security checkpoints often have free access to the network inside.

This ZTA approach shifts the fundamental paradigm of open networks built around inherent trust, to a zero-trust framework. This strategy leverages adoption of rigorous network access controls to identify, authenticate, and monitor users and devices, both on and off the network.

The Keys to an Effective ZTA Strategy

Today’s networks have vast, dynamic, and in some cases, even temporary edges. The fact that many devices are often offline makes continuously assessing risk and trust even more difficult. Because there’s no way to verify that users or devices on or off the network can be trusted, security leaders should assume that every device on the network is potentially infected. Further, any user is capable of compromising critical resources, intentionally or inadvertently.

An effective ZTA strategy addresses both network connection and application access based on the underlying assumption that no user or device is inherently trustworthy. No trust is granted for any transaction without first verifying that the user and the device are authorized to have access. Implementing the ZTA model requires focusing on three key elements.

1. Know every device that’s on the network

Because of the expansion of the network perimeter from the increase in applications and devices, potentially billions of edges must now be managed and protected. Network access control (NAC) tools deliver visibility into the network environment.

2. Know every user that accesses the network

To establish an effective ZTA strategy, it’s critical to determine who every user is and what role they play within an organization. The zero-trust model focuses on a “least access policy” that only grants a user access to the resources that are necessary for their role or job.

3. Know how to protect assets on and off the network

An effective ZTA strategy addresses the challenge of protecting off-network devices by improving endpoint visibility. Because of increased mobility and remote work, users can inadvertently expose their devices and company resources to threats. After being online elsewhere, once they rejoin the network these users can inadvertently expose company resources to viruses and malware they may have picked up.

The Fortinet ZTA Framework

The Fortinet ZTA framework uses a tightly integrated collection of security solutions that help organizations identify and classify all users and devices that seek network and application access. They can assess their state of compliance with internal security policies, automatically assign them to zones of control, and continuously monitor them, both on and off the network.

1. Endpoint Access Control

Endpoints are often the target of an initial compromise or attacks. In fact, a recent study found that 30 percent of breaches3 involved malware that was installed on endpoints. Fortinet strengthens endpoint security through integrated visibility, control, and proactive defense. The ability to discover, monitor, and assess endpoint risks helps to ensure endpoint compliance, mitigate risks, and reduce exposure. Fortinet FortiClient endpoint access solutions:

  • Support secure, encrypted connections across unsafe networks with support for split tunneling and secure access service edge (SASE) services
  • Provide continuous endpoint security telemetry data, including device operating system (OS) and applications, known vulnerabilities, patches, and security status

2. Identity Access Management

Today’s enterprise identity environments are made up of various systems of record that may include networking devices, servers, directory services, and cloud applications. Managing an identity that resides in these various systems can quickly grow into such a large administrative challenge that it negatively affects users, administrators, and application developers. Additionally, many of today’s most damaging security breaches have resulted from compromised user accounts and passwords that were then exacerbated by users being given inappropriate levels of access. Securely and effectively managing identity authentication and authorization for all systems and applications is crucial to minimize security breaches. Fortinet identity and access management (IAM) solutions are used to:

  • Establish identity through login, multi-factor authentication (MFA), and certificates, which may evolve to add continuous contextual authentication
  • Provide role-based information from an authentication source for use in privileged access
  • Establish and enforce role-based least access policies
  • Provide added security with support for single sign-on (SSO) to help improve user compliance and adoption

To read full download the whitepaper:
Incorporating Zero-Trust Strategies for Secure Network and Application Access


Previous articleThe Key Pillars for Protecting Sensitive Data in Any Organization
Next articleEmpower employees with fast, secure access to any file from any device