Ericsson is introducing clientless ZTNA (Zero Trust Network Access) to secure connected IoT and OT assets.
The expansion to the NetCloud Secure Access Service Edge (SASE) platform is designed to provide organisations with a more secure and flexible method for enabling third-party contractors and vendors. It also enables internal Bring Your Own Device (BYOD) users to access authorised resources—including sensitive industrial and operational systems.
The addition of clientless ZTNA builds on Ericsson’s existing client-based offering, providing enhanced flexibility for lean IT teams navigating the complexities of managing secure access for a diverse range of devices – from corporate laptops to unmanaged vendor smartphones and specialised maintenance tools – in dynamic, wireless-first environments increasingly featuring IoT/OT deployments.
Securing access for external parties has become paramount as organisations connect more operational assets. According to KPMG, “73% of organisations have experienced at least one major disruption tied to third-party cyber incidents over the past three years.”
Ericsson’s clientless ZTNA solution aims to bolster defences against such events, particularly those originating from third-party access to critical infrastructure or connected devices, through embedded isolation technology.
Unlike some other clientless solutions that rely solely on access controls, NetCloud SASE activates application sessions within isolated cloud containers specifically when access is requested from unmanaged or BYOD devices attempting to reach resources, including IoT/OT management interfaces or data streams. This approach effectively “air-gaps” sensitive corporate systems and operational networks from potentially compromised or insecure third-party devices and prevents the potential spread of malware into vulnerable OT environments.
Pankaj Malhotra, Head of WWAN & Security, Enterprise Wireless Solutions at Ericsson, said: “5G uniquely introduces a surge of IoT and OT assets, which are frequently monitored and maintained by third-party suppliers and contractors.
“Unlike legacy VPNs that provide broad network access and are difficult to implement, NetCloud ZTNA offers a straightforward, policy-based solution that ensures users have isolated access to resources based on the principle of least privilege.”
The capabilities integrated into NetCloud SASE with clientless ZTNA offer significant benefits for securing access to connected assets:
- Clientless secure access: Facilitates secure access for contractors and BYOD users via a simple secure URL, eliminating the need for deploying VPN clients or software on potentially numerous, varied, or unmanageable third-party devices used for accessing remote IoT/OT systems.
- IoT/OT asset and corporate application protection: This feature is explicitly designed to isolate interactions between unmanaged users and critical assets. By containing sessions in cloud containers, it protects operational technology, industrial IoT devices, and associated management applications from potential malware infections originating from third-party maintenance equipment or personal devices.
- Granular access based on least privilege: Access permissions are controlled by detailed policies considering user roles, device types, and the specific assets being accessed. This is crucial for OT environments, ensuring a vendor only gets access to the exact machine or control system they need to service, rather than the entire network segment.
- Continuous risk assessment: Real-time analytics and integrated IDS/IPS monitor user context and risk levels, allowing for instant access revocation. This is vital when granting access to critical infrastructure; any suspicious activity can immediately cut off the connection.
- Zero-trust based architecture: The underlying architecture enhances security by eliminating reliance on static public IP addresses for accessing internal assets, concealing all internal IPs (including those of OT devices), defaulting to a deny-all posture, and enabling micro-segmentation. This prevents lateral movement, containing potential breaches and protecting adjacent IT or OT systems if one access session is compromised.
- Single-platform management: Integration into NetCloud Manager provides unified deployment, visibility, and policy enforcement for security across 5G WWAN, SD-WAN, and other SASE features, simplifying management of both IT and connected IoT/OT access policies.
- Seamless integration with existing identity providers: Leverages existing enterprise Identity and Access Management (IAM) platforms for user authentication and authorisation, preventing identity sprawl and simplifying management of third-party credentials accessing diverse assets.
John Grady, Principal Analyst at Enterprise Strategy Group, now part of Omdia, commented: “VPNs fail to address modern secure access needs due to their complexity, management overhead, security vulnerabilities, and performance issues, making ZTNA a must. But ZTNA solutions that rely on agents make it difficult for overburdened IT teams to deploy to third parties needing access to corporate resources.
“For organisations adopting a wireless-centric strategy, NetCloud SASE clientless ZTNA offers a unique, isolation-based approach which grants access to specified assets, while providing effective protection against malicious activity and the threat of malware.”
Ericsson highlights this as the first time an enterprise 5G router vendor has delivered a fully integrated, clientless ZTNA solution under fully unified management—positioning it strongly for securing the converged IT/OT/IoT networks enabled by 5G.
See also: Vodafone crosses 200M IoT connections milestone
Want to learn about the IoT from industry leaders? Check out IoT Tech Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Cyber Security & Cloud Expo, AI & Big Data Expo, Intelligent Automation Conference, Edge Computing Expo, and Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
