Network-as-a-service vendor Alkira looks to extend security down to user policies and posture for a full zero-trust approach.
Alkira is expanding its namesake network-as-a-service (NaaS) platform with new zero trust network access (ZTNA) capabilities.
Alkira provides a SaaS service for on-demand network infrastructure. Its “backbone as a service” gives customers the ability to connect branch locations, cloud workloads and applications through Alkira’s fabric. The platform provides visibility, control and governance over the network as well as dynamic service insertion, allowing organizations to integrate third-party services like firewalls into their network.
The company was founded in 2018 by former Cisco employees who had previously founded SD-WAN vendor Viptella. Alkira raised $100 million in a Series C round of funding in May of this year.
The new ZTNA capability expands Alkira’s existing security features to enable more granular control for users that are on the network. The basic concept behind ZTNA overall is to make sure that all access is authenticated and that there is no implied trust, just because a user has access to a network.
“What ZTNA does is on the same fabric that you have, where you are doing on prem to on prem, cloud to cloud, on prem to cloud, everything to internet, so on and so forth, now you can also layer in users directly into that,” Manan Shah, senior vice president of products at Alkira, told Network World. “A user can directly terminate into a cloud exchange point and have the same kind of visibility, governance and control in terms of what resources that user can access on the network.”
Taking a network-centric approach to zero trust
The new ZTNA offering takes a distinctly network-focused approach to zero trust security, integrating directly with Alkira’s existing cloud networking fabric. Shah emphasized that the ZTNA capability is an expansion of Alkira’s existing services, not a replacement. The key additions are:
- Identity and access management: The new ZTNA functionality adds the ability to perform user authentication and authorization checks based on identity attributes.
- Granular policy control: With ZTNA, Alkira can now apply more granular access policies based on the user’s identity, device, location and other attributes. This allows for more fine-grained control over what resources a user can access.
- Posture checks: The ZTNA solution includes the ability to perform posture checks on the user’s device, such as checking browser version, OS version, installed antivirus, etc. This information is used to determine the appropriate access policies.
- Unified platform: Alkira’s approach integrates the ZTNA functionality directly into their networking platform, rather than having separate portals or management for user access vs. network connectivity. This provides a more holistic and streamlined solution.
How Alkira’s ZTNA works
On the user side, the new ZTNA capability requires a user agent to help execute the device posture checks.
Shah explained that when a user connects to the network, Alkira does an authentication check. That check validates a number of different device attributes. The platform also does a posture check based on the identity and user attributes that can come from any identity provider.
Based on the posture and identity of the user, Alkira will place users in a specific network micro-segment. Based on the network and user access policies, the user will then be able to connect with the specific applications and services that they are authorized to access.
“We already had the traffic policies through which you can control how the traffic flows on the network,” Shah said. “What we have done is added the posture attributes and the identity attributes to the policy, so that now you can essentially check on the posture and identity in a further granular control over the resources that users can access.”
Visibility and control from the network to the user
A key aspect of Alkira’s approach is the built-in visibility and troubleshooting capabilities.
The platform provides administrators with detailed dashboards. The details include information on currently logged in users, traffic generation and access. That information is critical for network administrators, especially when there is an issue or a user that can’t get access.
“Since we focus on the platform aspect of networking, all of the visibility and troubleshooting is built into our fabric,” Shah said. “Because it’s built into the fabric, you can see on a per user level, what policies are impacting the user experience and what resources they have access to.”
Looking ahead to 2025, Alkira plans to expand its global presence and service offerings. The company’s focus remains on supporting customers as they transition to cloud environments. The company plans to expand its Cloud Exchange Point (CXP) footprint across the globe and add more connectivity options and network services to its platform.
“As more and more applications move to the cloud, all of the network services that used to run in the data center have to come closer to the cloud,” Shah stated. “The user, whether they’re coming from their home or coming from their work, they should have identical policies, identical access privileges and more importantly, connectivity that is closer to them as well.”
Read more about NaaS
- Can NaaS mitigate network skills gaps? NaaS promises to give enterprise organizations quick access to new technologies and improved performance while also filling critical skills gaps, according to EMA Research.
- NaaS buyer’s guide: Who is selling network as a service and what do you get? Network as a service comes in five distinct flavors depending on whether it’s offered by hardware vendors, telcos, cloud providers, muticloud vendors, or WAN-transport carriers.
- Redefining NaaS: It’s the internet: Network-as-a-service is popularly defined as expensing network technology and management rather than doing it yourself, but there’s a better way to look at it.
- Nile boosts NaaS offering with AI, customizable services: Startup Nile is filling out its cloud-based networking service with a goal of streamlining the setup and management of wired and wireless network operations.
- Aruba introduces a simplified NaaS offering: Agile NaaS brings streamlined provisioning; Aruba Central gets better visibility, performance features.