2: Mastering Zero Trust and Multifactor Authentication

Jan 17, 2024

Join Sean Washington and Mark Vincent from XenTegra One as they unpack the essentials of Zero Trust security and multifactor authentication (MFA) in the SMB landscape. With cyber threats evolving rapidly, they discuss why adopting a Zero Trust Network Access (ZTNA) strategy and implementing MFA are critical steps for small to medium-sized businesses looking to safeguard their digital assets and streamline their security protocols. Dive into a comprehensive conversation that covers everything from the foundational concepts of ZTNA to the practicalities of integrating MFA with single sign-on solutions for a robust security posture.

Whether you’re navigating the complexities of remote work security or seeking to understand the intersection of compliance frameworks and cybersecurity, this episode offers actionable insights, expert commentary, and a touch of humor to help demystify these vital tech topics. Perfect for business owners, IT professionals, and anyone eager to enhance their company’s cyber defenses, this episode will leave you equipped to take decisive action towards securing your SMB’s future. Tune in and empower your journey toward impenetrable security and SMB success.

Sean Washington   0:09
All right, it looks like we’re live.
This is Shawn Washington and Mark Vincent with powered the SMB.

Mark Vincent   0:17
Afternoon, Sean.
How you doing man?

Sean Washington   0:19
Doing good, doing good.
So we were asked to pick a subject for this particular discussion, and I wonder to focus on zero trust.
So ZTNA Zero trust network access, not to be confused with network architecture.
So we have a blog picked out from 4 to net that was actually published in 2002.
It’s not super old, but when you actually do a Google search.

Mark Vincent   0:46
To two thousand 2022 my friend, if it was published in 2002, that would be really old.

Sean Washington   0:49
Ah, my bad.
Yeah, I don’t think they were having these conversations back then, huh?

Mark Vincent   0:56
No, definitely not.
But yeah, 2022, which is still a year back, but I think very relevant.

Sean Washington   0:58
Yes.
It it’s it’s definitely relevant.
These are the kind of conversations we have just for a little perspective.
We are the division of XENTEGRA that specifically works with small and medium sized businesses.
So we are constantly working with groups that need our help, so they generally are coming to us for expertise and they don’t wouldn’t have the guidance to figure out what any of this would be.
So we are aligning these new technologies and best practices with their specific requirements as businesses.
Whether that might be best practices for security or specific compliance requirements, et cetera, et cetera, so a type of conversation that we have every day, the specific uh blog that we’re talking about today is from Fortinet, says why multifactor authentication, universal ZTNA and zero trust matter.
So as I was saying, it was published originally in 2022.
If you do a Google search, this is one of the top one of the top logs that will pop up for this.

Mark Vincent   2:07
Yeah, specifically about the the term ZTNA and that that term is being used a lot out there.
I think a lot of folks don’t necessarily understand what that means.

Sean Washington   2:18
Yeah.
And and the reason this is relevant to me is I I just worked with a client who who came to us.
They were in existing forwarded net I am user so the use Fortinet for their firewalls.
They were also an Octa provider and out of the six or 700 employees that they had, they had 30 to 40, actually.
Maybe was about 100 that worked remote and they wanted to unify their policies for client server applications through Octa.
So this was actually the product that worked for them.
So that’s exactly what we’re discussing.
So think it’s topical, so you’re ready to jump in.

Mark Vincent   2:56
Sure, sure.

Sean Washington   2:58
Cool.

Mark Vincent   2:59
Umm, how do you want to start?
I mean, I we can talk through this, but I think to give people an overview maybe of what ZTNA is and how does that fit into the existing sort of environment that folks have and then we can talk about MFA as well because the two do go hand in hand and a lot of folks necessarily don’t understand what the difference is.
Umm, they’re they’re kind of again, worked very closely together, but yet there are some subtle differences and that’s probably where people get maybe a little naive, little more guidance in that area.

Sean Washington   3:39
Yeah, it’s it’s very confusing.
So this is Sean.
I am the sales guy and I will play the role of the ignorant sales guy today and Mark will be kind of a subject matter, maybe not expert, but specialist.

Mark Vincent   3:52
Yeah, that’s not going expert, but someone who deals with this kind of thing quite often, let’s put it that way.

Sean Washington   3:58
Yeah.
So we’re kind of do a quick summary.
Umm.
In the article, Fortinet is referencing a A report that they did.
But let’s just cyber actors are experimenting with new attack vectors, blah blah blah.
The takeaway is that cyber criminals are showing no sign of slowing down.
There’s an increase in volume and a variety of attacks.
That means there’s no better time to examine your existing security controls.
The absorbed a zero trust security model which is more important than ever for organizations to reduce their risk and strengthen their security posture.
Multifactor authentication and Universal Zero Trust network access are two of the most useful technologies organizations can adopt to start integrating zero trust principles, so that is like a basically, there’s summary of why they’re having this conversation, which is pretty much, you know what we’re talking about.
What the heck is this so perfect segue?
So what is 0 trust so Mark you?

Mark Vincent   4:59
Zero turn.

Sean Washington   5:00
Yeah, you want.

Mark Vincent   5:01
I can go with this, sure.

Sean Washington   5:02
You can go for it, or maybe I can read what they’re telling us first, and then we we could elaborate on it from there.

Mark Vincent   5:08
Or go ahead.

Sean Washington   5:09
All right, to paraphrase.

Mark Vincent   5:09
I’m good, yeah.

Sean Washington   5:12
What is 0 trust organizations of all sizes are adopting zero trust as a corporate security strategy to enable digital acceleration support remote hybrid work and reduce risk?
Is zero trust security model.
Assumes that anything or anyone trying to connect to your network is a potential threat.
So every user must be verified before permission is granted to access critical resources.
This verification applies regardless of whether the user is trying to access those resources remotely or is already within the network perimeter, helping to ensure a higher security posture for organizations with a hybrid workforce.
In particular, zero trust network access takes the principle of zero trust and applies them to application access.
It’s per session controls, meaning that users and devices are authenticated and monitored every time they seek to access an application.
Closing security gaps that can arise from things like unattended devices.
But there we go.

Mark Vincent   6:21
Well said.

Sean Washington   6:22
We don’t need to talk anymore.
We we’ve, we’ve got our answers.

Mark Vincent   6:25
Our job here is done.
I think it’s.
I think that’s a great way of explaining it, but maybe taking that down or actually up a level is probably something I think most folks need to understand.
If they don’t deal with this data day, right, let’s let’s talk about how a normal uh.

Sean Washington   6:44
Yeah.

Mark Vincent   6:49
Type of customer would work today, right?
If you go to a application, you probably gonna have to put in your username and password.
That could be on your network.
That could be like a SAS app, let’s say, like Salesforce or Office 365.
UM, generally you’re going to put in your username, password.
You gonna gain access over the last, let’s say, a year, two years now.
Most of these companies, these SAS providers, are starting to kindly ask.
Somewhere actually forcing at this point the requirement of putting in an MFA, meaning that you have to put in your username and password and then you have to be authenticated with a an additional device that says hey, here’s an additional password that only lives on your cell phone or a fob.
Some other way of of giving you a third way to prove you are who you say you are.
Not all applications networks are supporting this yet or have are forcing people to implement this at this point, but that’s really, UM, where the world needs to be going.
The reason why you would do that right is that in a lot of.
On on environments that haven’t implemented this level of security, they’re right for things like phishing, right or corporate UM attacks on on companies where they’re they’re stealing usernames and passwords and mass.
You know, if you don’t have MFA turned on, if you don’t have a third party way of being able to only also authenticate versus a user name and password, anybody could use your username and password anywhere at any time and access your data.
Uh, what a scary thought that is, you know, and it’s it’s, it’s prevalent.
It happens all the time.
That’s the gateway into getting into a person’s network and running things like, you know, crypto or something.
And then and then encrypting the entire.
Umm, you know your data set and and setting up yourself for ransomware type of attack.
MSA is is been generally been pushed out on quite a few applications and people think Oh well, that’s great.
You know I’ve logged into my network using my MFA code.
Well, now I’m set once I’m logged in, I can use this app for that app or this app and I’m fine.
Well, that’s not necessarily true, right?
ZTNA takes this sort of concept of of the way MFA works and applies it down to the application level and even more importantly, the session level.
So say you’re in Salesforce, you know you’re you’re logged in, you’ve put in your code, you put in your MFA code.
That session is protected if someone else puts in the same code somewhere else, they would still need that same information.
Having the ability to keep track of specific sessions is sort of the underpinning of how ZTNA is more powerful, right?
It looks at every application and every session, so we’re we’re validating that you are who you say you are.
We’re also validating that at this point in time, you’re at this location, so network service providers that are providing zitna services like Fortnite are looking at other things too, like where are you accessing this latest one from?
Is this really you?
Umm.
Having every application fall within having a ZTNA strategy is great because they not only are you controlling access, but you’re also controlling things.
Uh.
In addition to that, you’re you’re you’re watching, where people are coming from, where they’re connecting from.
It’s if if you have a good MFA strategy, you’re halfway there ZTNA just takes it to another level that way.

Sean Washington   10:46
Now, is it specifically work for people that are remote or is this a policy that would make sense for folks that are on a network inside and office?

Mark Vincent   10:56
It it, it should work for everything, right?
Whether you’re on premise, you’re working remotely.
Regardless, you’re going to want to implement this everywhere and it will work.
When it’s implemented, it will work regardless of your location.
That’s one of the values of this kind of proposition as well is once it’s implemented, doesn’t matter where you’re coming from, you have.
You’re covered regardless of your location.
You don’t need to be on a corporate network.
What’s even better is you don’t even need a VPN anymore, right?
It kind of eliminates the need for a lot of this sort of thing.

Sean Washington   11:30
Yeah.
And in the instance that I’ve mentioned, with the specific client, UM, so we’re Fortinet partners, this client is using Fortinet and they were using the free VPN clients.
If they wanted this functionality to be able to integrate ZTNA, then you pay for the upgrade.
So this was an additional feature.
It’s not very expensive, but it enabled them to do this, so it’s specifically from the perspective of a network technology being able to facilitate a remote connection back to their corporate network.

Mark Vincent   12:02
Yep.
And once you tie all of that in, it also from a security standpoint gives you visibility into exactly what people are doing when they’re working and what applications they’re running and when they’ve authenticated, where they’re at critical for maintaining security is to have all those pieces in place.

Sean Washington   12:21
OK, perfect.
Thank you, mark.
So we continue reading this.

Mark Vincent   12:24
Trying go for it.

Sean Washington   12:27
Right.
It might be a little redundant because we kind of went over a lot of this, but this this part mentions multi factor authentication, the foundation of ZTNA.

Mark Vincent   12:28
Something.

Sean Washington   12:35
So multifactor authentication is the foundation of new access controls and monitoring solutions like ZTNA and should be table stakes were all organizations across public and private sectors.
It’s ideal for providing a more secure way than ensuring the only that only unit. What?
Excuse me that only authorized users gain access to the network resources they need and is especially crucial in today’s work from home work from anywhere environment.
Umm.
So yeah, exactly what we just kind of said because basically poses the question that I asked you was, is this good for only remote workers or is it good for everybody?
But it’s essentially a way to unify a policy of best practices and streamlining connectivity to all data, all applications.

Mark Vincent   13:20
Correct.
Correct.
You think how many different silos a modern company has of data, right?
You might have your QuickBooks data up with into it.
You might have your office applications up in you know, Office 365 and your data for those office applications may live in OneDrive.
You know, you could have payroll software.
You could have, you know, a million there could.
This runs the gamut.
There’s so many SAS applications for every type of application you can think of nowadays equal.
There’s a lot of data that sprawled out there.
How do you protect that data and make sure that only people that really should have access do have access?
And how easy is it not to be impersonated by implementing a strategy using ZTNA?
You don’t have to worry about that.
As long as you can, UM, integrate those applications within your ZTNA plan, you can set policies per application on what people are able to access and what kind of security rules you want to put in place for that access.
It’s very powerful.

Sean Washington   14:29
Excellent.
So then it goes into MFA for many organizations, MFA is a must have.
Then I’ll probably comment rear right now.
I don’t think we have a single client that isn’t using MFA.
If they are, they’re probably run by 70 plus year olds and they just just can’t learn the new technology.

Mark Vincent   14:48
Well, they can’t learn or they don’t want to, but generally, even those folks are being forced to it at this point because of things like ransomware and the ability.
How easy it is that it’s not when a company needs some really.
I think companies nowadays need to think about not umm, you know, if you’re going to be attacked, but when and if you are, what have you done to protect yourself and your customers?
And I think everybody’s pretty much going down the same Rd.

Sean Washington   15:13
Yep.
And that’s exactly what it outlines in the next sentence.
Couple of years ago, President Biden issued executive Order 14 or 28 UM improving national cyber security, which outlines critical initiatives and steps that federal agencies must adopt to enhance security measures, including implementing MFA. Additionally.
Additionally, multiple compliance frameworks such as NIST 800, One, 71 and PCI DSS were require the use of MFA, and we’re seeing this with every single one of our clients.
You know, this is people that we do traditional managed services for where we actually are there IT department or a component of their IT department and it was probably not a week that goes by where someone’s now bringing us some sort of compliance framework.
You know, self attestation, type document or the new cyber security document that’s coming out.
That’s saying, you know, check every box that applies and we’ll dictate your premium here.
So we understand that things are changing and the small business is really needs to be more accountable for best practices because there really has never been an authority for them unless they’ve been beholden to some level of regulatory compliance, which for most small medium sized businesses is not common.

Mark Vincent   16:18
Yep.

Sean Washington   16:39
UM, so uh FTC the CNAME?
Things like that, like these kind of newer guidelines, are being pushed down and honestly, some of our clients have never even heard of these things and it’s their businesses.
So yes, clearly MFA is paramount in this conversation.

Mark Vincent   17:04
Yep, starting with an MFA.
Uh.
On on everything you can get your hands on is is definitely the start.
What makes ZTNA somewhat different in that respect is it ties in with your SSL provider, so if you have an SSO provider, let’s say Microsoft as an example, right duo, you’re going to be able to, umm, consolidate those different applications.
Different access means into a central solution that allows you to authenticate who you are without having to have 50 different million codes as well, which is something that you know as much as I love love IFA.
Having SSO plus MFA plus ZTNA is really the Holy Grail of all of this.
Give me one device that’s going to act as my third party.
Sort of smart guy in the room that tells me I am.
Who?
I say I am and also on the top of it might biometrically or some other method also take that authentication to a whole another level and allow me to do that for multiple applications through the same singular use of 1 app.
Octa Microsoft.
Anybody who’s an SSO provider that is really the reason why you wanna think about implementing this?
Because if you did them individually, you’d have a million codes for a million different applications.
You got a lot of sprawl and a lot of stuff that you have to think about in that respect.
If you have a central place where you can put all your applications together, set a policy for each one of these on how often or what triggers that question back from the application.
Saying, hey, are you who you say you are?
Umm makes that whole process way, way simpler for the end user and at the end of the day you wanna have a really good security, but you also want a really good user experience and I think that ZTNA kind of takes MFA and and dresses it up with a little lipstick on that pig or something.
I don’t know.
You say it, but it makes it a little better.

Sean Washington   19:16
E.

Mark Vincent   19:17
Uh, of a of a solution, a little bit easier to manage, a little bit easier for the end user to deal with.

Sean Washington   19:23
You know, when we we talk about how we market generally we like to pitch a solution.
So when we come to our clients, they may have four or five challenges that they may not even be aware of because they’re kind of behind the times on you know, following best practices or keeping up with the latest trends.
Clearly in 2002, this wasn’t conversation anywhere, right? So.
One thing we stress is we we like to build solutions around the digital workspace, whether that’s through VDI or an enterprise browser or some kind of a tool that can integrate ZTNA your application delivery or virtual desktop delivery.
Three uh.
And then also kind of organize single sign on for easy onboarding, offboarding and managing all these different systems.
So that’s that’s a conversation that we have quite frequently and we are kind of creating a culture of that’s kind of what our business delivers is this digital works a secure digital workspace.
So this is clear that a component of that.

Mark Vincent   20:30
Absolutely.
And what makes it cool is that if you have a digital workspace, uh, you’re by default.
If you’re doing it right, you’re reducing the attack surface right?
That someone can get you with right?
If we control very granularly what our end users connect to, how they connect to make sure that they are who they say they are, umm.
And also in in some ways like you said, we do a lot of EUC.
So end user computing, we push a lot of that.
What would be considered a desktop application into the cloud and allow it to run up there where we have very tight controls over that experience it makes it more and more difficult for a hacker to get in and do anything because we have controls at every step of the way to prevent that.
Umm, you know, I think adding ZTNA on top of that only makes things even better once you’re inside.
Let’s say that virtual desktop environment that you see environment VDI when you’re even accessing SAS apps, you’re still taking that a step further and saying, hey, I know I’m inside the network, I’ve gained this far.
I’m inside here working, but now I need to go to a cloud provider to grab some data.
We still want to make sure even in this situation that that person is who they say they are.
You it’s literally the first part, the Z&ZT right zero trust.
We trust no one and you shouldn’t trust anyone.
That’s the beauty of this.
If you have it set up right, every transaction that happens within that environment is controlled and looked at to protect both you and your data and your customers data.
That’s really what’s important here.
And if you do it right, you can do it in a way that isn’t very obtrusive.

Sean Washington   22:19
In in, in.

Mark Vincent   22:22
You don’t really feel like you’re having to jump through a bunch of extra hoops to do it.

Sean Washington   22:26
Yeah.
I would really say is you know we use this internally through Citrix and very, very nicely streamlined where we can just pick our apps and we’re good to go. UM.

Mark Vincent   22:31
Absolutely, yeah.

Sean Washington   22:39
I’d I’d going to comment that you know if you’re running everything this what I like to call modern IT when you are full identity management and single sign on and this digital workspace that you’re also helping, I don’t think you can control this 100%, but shadow IT you know like if it allows control for SAS applications at a very high level from a system admin experience.
So they can actually dictate who has what instead of people just going out and adding something onto their computer.
But that’s a bigger conversation.

Mark Vincent   23:14
Well, what’s what’s really compelling about that, too is, let’s say you have the bad apple, apple in your environment, right?
You have somebody that’s leaving the company.
Umm, you’re kind of a little bit wishy washy about what their intentions may be on the way out.
Having a network that’s designed with these kinds of controls in place allows you to offboard somebody with one click, right?
Everything is built on SSO.
There’s one throat to choke as far as the administration of this thing.
Yeah, I need to let go of Johnny because he didn’t do something right.
No problem.
We can go in and remove that one account will affect everything that that user touched.
If it’s implemented correctly, that’s that’s the really the big the big beauty here too.
Not only are you making it easier for the end user to do their job, and you’re doing it securely, but in the off chance that you need to let someone go too.
For whatever reason, it also guarantees and gives the business owner a piece of mind that, hey, I’m gonna shut off that account in one location, and by default, the way that it’s built, it kills the access across the board for that, that individual.

Sean Washington   24:24
Yes, Mr Business owner, This is why you’re paying extra for all these licenses.

Mark Vincent   24:29
Yeah, but it’s it’s money well spent.
What is?
What is the cost of, you know, a data breach?
What happens if this user takes my data and gives it away?

Sean Washington   24:35
Yep.

Mark Vincent   24:38
What happens if you know I have a user that’s not particularly bright and falls for phishing?
Gets themselves set up and you know, in an inadvertently causes a ransomware crypto attack on us.
Mean that these are all things that we see people dealing with all of the time I’m.

Sean Washington   24:51
Sure.
Uh, you know how many times I’ve seen sales guys leave from one company go to a competitor and just take the whole CRM with them?

Mark Vincent   25:04
Yep, I mean that is a huge, huge scenario that a lot of people deal with, right?

Sean Washington   25:05
It happens.

Mark Vincent   25:10
Intellectual property if I’m, you know, working in an environment where I’m building something that’s high tech and and secretive, the last thing I want to do is is is allow those people that are working on those projects and easy way to accelerate data out.
That’s not good.
Umm.
So yeah, implementing zero Trust network again solves for a lot of these type of scenarios.

Sean Washington   25:35
Cool.
So let’s continue reading.
We’re still talking about the foundation of ZTNA continuing on from the blog here.
All sectors benefit from combining MFA.
Multifactor authentication with zero trust strategy, regardless of whether they’re required to do so due to compliance frameworks or federal mandates, the healthcare industry, specifically telehealth, is a prime example.
Many health organizations shifted to offering telehealth visits because of the pandemic.
Uh, but to achieve this, these organizations were forced to revamp their security efforts to support the secure, newly remote users and patients implementing ZTNA strategy for telehealth workers.
That included MFA has been a foundation of keeping critical data like patients, personal information, secure, and it’s funny, I know these practices have been in place forever, but when COVID started, it’s when you first really started hearing about him.
Umm, you know?
Like everyone’s going to work home overnight and all of a sudden you have to create, you know you’re gonna need new technologies and to force new types of policies that were never thought about in the past.
So like people say, was the quickest adoption for digital transformation in the history of the world.

Mark Vincent   26:49
Also probably the the the the new gold rush for hackers, right?

Sean Washington   26:54
Yeah, yeah.

Mark Vincent   26:55
Because for every customer that implemented or tried to implement this correctly from day one, there were a million customers that did not, right guys that had to to be forced into thinking about how to work remotely, didn’t have the experience, didn’t have the technical chops to necessarily know what they needed.
So they just implemented whatever they could.
I I feel like COVID remote work ransomware, all of this stuff.
If you really were to look back at the time frame in the last few years, it’s it’s it’s like the 2GO hand in hand, you know you’ve you you opened your network up because you had to and at that point the hackers are just sitting there going great.
Now I just need to get on to someone’s PC and I’m gonna have keys to the Kingdom inside of those environments and that’s why we’re really have worked towards trying to, you know.
Secure that and secure it in a way to prove identity.
Because if you don’t know that who’s actually accessing your systems.
Could be anybody, right?

Sean Washington   28:01
And I would also kind of say from just experience in the market, you know people are always saying that hackers don’t really go after the small guys.
It’s just not worth their time, right?

Mark Vincent   28:11
Yes, it did. Yeah.

Sean Washington   28:13
Right.
But I could also tell you that most businesses under 100 users are not running proper now.
Controls from a cyber security perspective, it’s not even close.
They either aren’t educated, dated on it, or they don’t even want to hear about the additional costs that are associated with it.

Mark Vincent   28:32
Agreed.
And yeah, we see it all the time, right?
We’re the SMB division of xentegra.
We see small businesses forever.
We’ve been doing this for 20 plus years.
You know the guy who owns the small, you know, break entire shop down the street.
Let’s think about that.
Like he, he might have 25 to 30 employees.
He’s got out accounting package.
Might have some email, something basic couple servers to maybe hold his data for his business, but he’s not.
He’s thinking about other things.
It’s not his priority to be an IT person, he he is more concerned about running his business day to day, UM with all of these new type of of pressure is being put on small business.

Sean Washington   29:04
Yeah.

Mark Vincent   29:16
You really do need to think about, you know, bringing in someone to help you at least navigate the waters to get yourself set up the right way.
Because if you don’t, yeah, these are the people that are more prone to be.
It’s not that they’re a huge attack target for, you know, a state sponsored, you know, hacking campaign per se.
But if you think that that’s the only kind of hacking that’s going on in the world.
Ohh boy, I could tell you that you are unfortunately way mistaken.
Uh small businesses get attacked by this kind of thing all the time.
The only difference is is the ransom bounty is usually less and I’d say 9 times out of 10.
Even if you pay the ransom a lot of times, these guys aren’t gonna unlock your data anyways.
Just gonna take your money and run.
It’s unfortunate, but it’s true.

Sean Washington   30:05
Yeah.
Do they have any obligation to actually be honest, huh?

Mark Vincent   30:09
No, I mean, who trusts the pirate, right?
I mean, if you think about it really right, there’s no there’s no upside for a lot of these people to do anything positive for you once they have your money, they’re just gonna go a lot of times.
It’s unfortunate.
Maybe you find a hacker with a good soul once in a while, but I think those are few and far between.

Sean Washington   30:29
Yes, yes, the ethical hacker right.

Mark Vincent   30:31
Yeah.
Good luck with that.

Sean Washington   30:35
So continuing on this.
The benefits of using multifactor we kind of been over this, but I’m gonna read it anyway.
Organizational benefits of multi factor authentication increase protection against breaches.
Security breaches often mean loss of resources like data, time and money.
Multifactor helps protect these valuable assets by ensuring only authorized users have access.
Next bullet is a safe remote work environment with the move to work from anywhere, employees are logging into their work devices at home on the road and anywhere in between.
MFA gives them gives your employees access to the systems and the data they need while implementing appropriate security guardrails and the last one is defense in depth.
Multi Factor Authentication adds another layer of security to your organization, providing enhanced protection against potential breaches.
So kind of things, we pretty much all covered.
Umm.
If you have any more comments on that.

Mark Vincent   31:39
Not really.
I think that the gist I’d like people to get out of this particular podcast today is if you’re not using MFA or you don’t have ctna, or at least I thought about ZTNA, now is the time to really, really have a heart evaluation about what you’re doing as a bare minimum, I think you need to have an affair on everything you really do.
Right.
Because if if you don’t, you’re just opening yourself up for attack it and you won’t even know it’s coming.
Unfortunately, cause you have no controls in place to say hey my username and password of mine, they’re only mine.
There’s no way that these ever got out.
Well, that’s just not.
This is not the reality of the situation anymore.
If you have MFA in in, in, enabled and you’re using it, at least you can without a doubt say hey you know my username, my password and my physical device is validating.
I am who I say I am and only I can access this with these pieces.
If you don’t have all three, you’re you’re no good to go right?
ZTNA if if you have a very complex network where you’ve got a ton of applications, some in the cloud, some local networks that you need to access all these different things tying the MFA to an SSO single sign on for those who don’t know what that means.
Sort of puts the bow on it.
It it makes it simplified, makes it easy.
You can access multiple applications from one type of a third party application on your phone and protects your data in general.
It’s worth looking into.
I know Fortinet has a guide.
If you search up was at zero trust access for dummies, just put that in Google, it’s gonna come U it’s a dummies book that Fortinet helped write about ZTNA that explains this at a very high level, which you know, even myself.
I appreciate ohm learning when it’s brought to me in easy digestible chunks, right?
Give me the overview.
Let me understand the concept and then as I grasp and understand what I’m talking about, let me then go into the little bit further detail as I have that level of understanding.
Denny’s books are great that way.
They start off at 100,000 foot and by the time you’re done, you’re a lot of times like 25,000.
You’ve got a good working knowledge of how things should work and what to ask and what to look for, so I would highly recommend if if you’re interested in this type of topic and you haven’t spent any time with it, go to Fortinet and download the book.
I mean, what do you got to lose a little time and reading it?
Never heard anybody.
Umm.
And certainly if you need help implementing a solution like that, I might know a guy or a whole bunch of guys over his integrins integra, one that can help with that as well.
That’s my uh, that’s my sales pitch.

Sean Washington   34:34
And I want to thank you, Mark.

Mark Vincent   34:37
Pretty good now for a non sales person.

Sean Washington   34:40
And I wanted to maybe put things in perspective.
MFA’s probably been implemented by most people we know.
Microsoft is pretty much made it mandatory today.

Mark Vincent   34:50
Yes, yes.
Most people are trying to protect them from themselves, definitely.

Sean Washington   34:51
Doesn’t mean that doesn’t mean older other tools, and there’s certainly, you know, the small business is not generally embracing a a platform to manage everything singularly.
But you know, the reason they’re not is they don’t have the experience.
They don’t have the time and money to invest into doing all this research and determining what is right, but I can tell you at the enterprise level they are hiring guys and creating whole new departments.
Uh, you know, like a a director of identity Management for IT.
Who specifically works on just this or has the whole team that works on just this?

Mark Vincent   35:22
Yep.

Sean Washington   35:29
UM, clearly there be some sort of a liaison between, you know, enterprise infrastructure and also cyber security, which they probably have other departments doing the exact same things there or, you know, you know, Paramount security.
So yeah, it’s just one of those things where we have to, you know, empower our clients to understand what makes modern it, what it is.

Mark Vincent   35:54
Right.
And more importantly from our perspective, right, last time I checked, this particular podcast is called powering SMB, right.

Sean Washington   36:02
Yep.

Mark Vincent   36:03
The little guy we’re here for the little guy.
Little guys not gonna have a joganic department of these people to figure all this crap out, right?
You need guys that can help explain it to you and that’s hopefully what we’re hoping to do today as is.
If if you can take anything away from this podcast today, one you got to get MFA.
If you don’t have a set up, that’s step one.
Start getting a lot of MFA.
You want to start thinking about SSL single sign on O.
Tying all of these different accounts to a singular username and password with MFA right?
And then maybe one step further is the whole ZTNA strategy of uh?
Not only looking at, I’m looking at applications, I’m looking at sessions.
I’m looking at the bigger picture here.
Having a ZTNA framework kind of puts that all together in a nice bow and makes your life easier to deal, and that’s something that we can help people with.
If you have questions about that, feel free to reach out.
I mean, that’s the most important thing you can do in my mind for your Business Today.
When it comes to, it is making it secure everything else.

Sean Washington   37:09
Yeah.
And there’s not one.
There’s not just one answer for everything.
This would be a a consultative type of lock, would evaluate your business and make a determination on, you know one of the 500 different vendors and solutions that are out there make sense for you.

Mark Vincent   37:13
There isn’t.
There absolutely is not.
Yep, for every industry they have their specific apps and making sure that we keep track of, you know, what an employee does, what their day is is probably the most important thing.
Hey, I’m gonna use six or seven different apps today.
OK.
Well, that’s great.
Let’s make sure that those six or seven apps, if we can, are tied to a single user name, password and a third party token using MFA.
That’s the beauty of CT&AUM go out and get it.
Set it up, make it happen, you know, protect your business.
That’s the important thing.

Sean Washington   37:57
And then hope I think that’s it.
That’s today’s powering SMB where they can guys for tuning in and we’ll look forward to the next one.

Mark Vincent   38:04
Yep.
Yep.
Thank you guys.
And hope you guys have a good one out there and we’ll see you next time.