Ericsson is expanding its NetCloud SASE with clientless zero trust network access (ZTNA) to deliver seamless, secure connections to IoT and OT devices and corporate applications for third parties and BYOD users.

This innovation empowers organisations to connect third-party and BYOD users to authorised resources with enhanced security. Building on Ericsson’s existing client-based ZTNA, this offers flexibility for lean IT teams navigating managed and unmanaged devices in dynamic, wireless-first settings.

According to KPMG, 73% of organisations have experienced at least one major disruption tied to third-party cyber incidents over the past three years. Ericsson’s clientless ZTNA enhances protection against these events with embedded isolation technology. Unlike other clientless options relying solely on access controls, NetCloud SASE activates application sessions in isolated cloud containers for unmanaged or BYOD access. This air-gaps corporate systems from potentially insecure devices, preventing malware spread into the enterprise.

“5G uniquely introduces a surge of IoT and OT assets, which are frequently monitored and maintained by third-party suppliers and contractors,” said Pankaj Malhotra from Ericsson (www.ericsson.com). “Unlike legacy VPNs that provide broad network access and are difficult to implement, NetCloud ZTNA offers a straightforward, policy-based option that ensures users have isolated access to resources based on the principle of least privilege.”

Contractors and BYOD users can access isolated applications via a secure URL, eliminating the need for VPNs, clients or special browsers. Interactions between unmanaged users and corporate systems are isolated in cloud containers, safeguarding applications from potential malware infections.

Access is controlled by detailed policies based on user roles, device types and other factors, ensuring users receive only the necessary level of access.

Real-time analytics and intrusion detection system and intrusion prevention system (IDS/IPS) allow for instant access revocation in response to changes in user context and risk levels.

The zero-trust architecture removes the need for static public IP addresses, hides all internal IPs, defaults to deny all, and enables micro-segmentation, which prevents lateral movement within the network.

It is integrated into NetCloud Manager for simplified deployment, visibility and policy enforcement alongside 5G WWAN, SD-WAN and other SASE security features.And it leverages existing enterprise identity and access management (IAM) platforms for seamless user authentication and authorisation, preventing identity sprawl.

“VPNs fail to address modern secure access needs due to their complexity, management overhead, security vulnerabilities and performance issues, making ZTNA a must,” said John Grady, principal analyst at Enterprise Strategy Group, now part of Omdia. “But ZTNA that relies on agents makes it difficult for overburdened IT teams to deploy to third parties needing access to corporate resources. For organisations adopting a wireless-centric strategy, NetCloud SASE clientless ZTNA offers a unique, isolation-based approach which grants access to specified assets, while providing effective protection against malicious activity and the threat of malware.”

NetCloud SASE (cradlepoint.com/products/netcloud-sase) with clientless ZTNA is now available and included as part of the NetCloud ZTNA licence.