WatchGuard Blog

Wi-Fi and its relationship with the zero-trust model

Zero-trust network architecture (ZTNA) provides a holistic view of business cybersecurity that secures your applications and environment when accessed by any user, device, or location. A comprehensive zero-trust model enables you to mitigate, detect and respond to threats.

Adopting ZTNA brings significant benefits to businesses: it supports rapid Cloud adoption and user security, which is paramount as demand for remote access is growing; it improves network visibility, which helps combat cyberattacks; and it reduces management costs by providing centralized security.

Zero-trust promotes the distrust of any connection, which encompasses connections within the company's perimeter and external ones such as a public Wi-Fi network or remote connections by users working from home.

For "zero-trust" to exist in an organization, admins must configure Wi-Fi connections with extremely restrictive access permissions based on the user's identity, the device, and the context (both inside and outside the company's perimeter network). ZTNA allows security managers to control privileged network access and data traffic on Wi-Fi connections based on these three variables. 

There are four ways to implement a zero-trust network architecture within organizations:

  • AP Isolation, which prevents different wireless connections from communicating with each other. This feature adds a security level that limits attacks and threats between connected devices.
  • Individualized VLAN for each user or device. Users are dynamically assigned their VLAN when authenticating in the Wi-Fi network. Thus, any user or device can only access the resources the IT department allows when connecting to the network.
  • Individual VPNs. Each user or device has its VPN installed for its finite perimeter, only having access to the permissions set by the IT department.
  • Multi-factor authentication (MFA). Generally, to access any Wi-Fi network, users select the network connection to which they wish to connect and enter a password. To implement any of the above solutions properly, MFA must be required to tie into the network connection, including a password associated with each username or device and additional factors for authentication, such as a push notification or one-time password (OTP).

The "never trust, always verify" principle adopted by zero-trust is a safe bet for organizations and should extend to every element within the business ecosystem. Investing in solutions such as Wi-Fi 6 access points helps keep companies secure and benefit from what ZTNA offers.