Five steps to ZTNA cybersecurity on campus

Greg Kovich
maio 19, 2023

Zero Trust Network Access (ZTNA) cybersecurity allows academic institutions to realise important benefits across all operations.

A man working on a computer

Trust no one. Sounds ominous, right? Well, unfortunately, it’s today’s reality — at least when it comes to network security. According to experts, the only network cybersecurity strategy that can effectively counter today’s threats is one that trusts no user, no device and no application, no matter where they are located — on-campus, in the cloud or off-campus. It’s a strategy known as Zero Trust Network Access (ZTNA), and is based on the following assertions:

• The network is hostile

• External and internal threats are always present

• Location is not enough to determine trust

• Every device, user and network flow must be authenticated and authorised

• Policies must be dynamic and use as many data sources as possible

Tackling these issues requires a thorough approach to security. A Zero Trust Network Access (ZTNA) strategy provides comprehensive protective mechanisms to stop unauthorised users, devices and applications from accessing the network. At ALE, we’ve identified five steps to help you develop a ZTNA cybersecurity strategy to protect your academic institution from the nefarious actors who lurk among us.

Step 1 – Monitor: Monitor the network to create an inventory of all devices and applications — authorised and unauthorised — that request or deliver information on the network and the protocols they use to do so. There are many tools available to collect information from the network and create a report that categorises devices by type, manufacturer, model, operating system and other factors. Flow monitoring tools that identify the different application traffic flows on the network are also available.

Step 2 – Assess: Assess and validate your inventory. Start by assessing devices and applications by their type and role. This process helps identify shadow IT devices that can be eliminated to reduce the attack surface, and limit risk and mitigation measures required in response to cyberattacks.

Step 3 – Plan: Plan your approach to authentication, authorisation auditing and administration. A multidimensional plan that includes macro-segmentation and micro-segmentation is best. Macro-segmentation segregates users, devices and applications on the network. Micro-segmentation defines how those users, devices and applications are mapped to their network segment and security policies.

Step 4 – Simulate: Test and validate the approach developed in Step 3. Use the insights to fine-tune security policies and ensure they cover all scenarios. Simulations should include issuing certificates, configuring policies, configuring quarantine scenarios, simulating log flows and testing firewall integrations.

Step 5 – Enforce: When tested and validated security policies are enforced, unauthorised devices are blocked from accessing the network and unexpected flows are dropped. In addition, devices can be put in quarantine and IT teams alerted to the situation.

While following these five-steps map out a path for ZTNA cybersecurity, it’s not enough on its own. Training, patch management and vigorous shadow IT management are required to ensure comprehensive security.

Successful outcomes

A secure network means faculty and students can take advantage of innovative digital technologies that improve learning opportunities and student success. For example:

• Faculty can develop lessons that inspire students, expose them to cutting-edge innovations and encourage them to participate, whether in the classroom or remote.

• Students can experiment with new technologies, collaborate with one another and faculty from anywhere, and incorporate the latest digital innovations into their assignments to showcase their potential.

With a deeper understanding of the institution’s cybersecurity status, IT teams can make better decisions about new technology strategies, such as adopting a cloud-first approach or supporting BYOD. They can also better protect and control the digital infrastructure and ensure the appropriate use of valuable network resources and bandwidth.

A trusted network foundation ensures academic institutions can remain focused on teaching and learning. To find out more, check out our "Rethinking cybersecurity in education" infographic or contact us today to discuss your specific needs.

Don’t forget to check back here for my next blog focused on what you need to know, from A to Z, for a comprehensive cybersecurity strategy.

Greg Kovich

Greg Kovich

Global Sales Lead, Education Vertical

Greg Kovich leads global sales for ALE’s Education vertical.  Greg has overseen or created several Education solutions including “The Fundamentals of Communications” – a vendor neutral course on digital network communications; “Safe Campus” – a solution uniting emergency alerts with first responder collaboration and mass notification; “Secure Campus” – a solution that allows instructors to limit student network access to determined sites; and “Pandemic Education Continuity” – a solution that enables classroom instruction in the event the institution is closed due to health or environmental crisis. 

He is a 1992 graduate of Indiana University with over 20 yrs experience in Information Technology.

Sobre o autor

Blogs mais recentes

Energy and utilities OT and IT convergence blog image
Energia e serviços públicos

Observação de tendências: Convergência TI-TO no setor de En…

A convergência de tecnologia operacional e de informação está mudando a forma como as empresas de energia e serviços públicos gerenciam seus negócios no futuro.


TAA compliant logo
USA Federal

O ALE OmniSwitch pode ser o switch mais seguro do mercado

O OmniSwitch é o switch preferido para oferecer a segurança das redes baseadas em confiança zero que os governos exigem.

a group of people looking at a laptop

3 componentes-chave para criar o local de trabalho digital

Com a base certa, os governos podem criar locais de trabalho digitais seguros com comunicações e colaboração aprimoradas e prestação de serviços.