Today’s network perimeter has evolved as workloads have moved to the cloud while non-managed, mobile devices have become the norm rather than the exception. The location of applications, users and devices are no longer static, and data is no longer confined to the corporate data center. Gaps in visibility and protection continue to widen as the attack surface evolves, forcing companies to leverage multiple, disconnected tools to see and secure everything.
The proliferation of cloud computing, mobile device use and the internet of things (IoT) has dissolved traditional network boundaries. Zero-trust can help address the resulting gaps in security and increase the protection of data and devices.
Zero-Trust Protocols
The protocols for a zero-trust network ensure that specific rules are in place to govern access and are based on the type of user, location and other variables. If the security status of any connecting endpoint or user cannot be resolved, the zero-trust network will deny the connection by default. If the connection can be verified, it will be subject to a restrictive policy for the duration of its network access.
Zero-trust networks operate under the least-privilege principle, in which all programs, processes, devices or users are limited to the minimum privileges required to carry out their functions. Access rights don’t need to be too restrictive as they are balanced against privileges that can range from full access to no rights at all, depending on the circumstances.
It’s important to point out that zero-trust is not a technology—it’s a holistic approach to network security. Automated technology is a necessary tool for obtaining access, scanning and assessing threats, adapting to behavior changes and continually reevaluating confidence in communications. However, achieving a zero-trust architecture (ZTA) in today’s threat landscape does require some form of automation, especially in support of dynamic policy, authorization and authentication.
Choosing the Right Path on your Zero-Trust Journey
A zero-trust architecture can be designed and executed in several different ways. The journey will depend on an organization’s use cases, business flows, risk profile and the business function of the network.
Many organizations have found traditional detection and prevention technologies no longer sufficient to mitigate the threats posed by opportunistic actors. Information into how previous attacks were carried out only provides so much help. The key is to plan for the worst and assume a breach has occurred. This means organizations need to consider that all networks—and their applications and devices—are insecure. Both users and devices must be continuously authenticated and granted access to resources through disciplined verification.
To help support this, it is recommended that organizations aim to implement a holistic zero-trust approach that focuses on safeguarding critical digital resources and assets. Yes, no one solution will get organizations there, but focusing on identity management and zero-trust segmentation will point enterprises in the right direction.
Benefits of Proper Zero-Trust Implementation
Organizations that implement the zero-trust model can utilize the right mix of authentication and microsegmentation to create a much more robust barrier against attackers targeting an organization. By using zero-trust and its core foundations of microsegmentation and enforced authentication via identity providers, organizations can fully visualize networks and resources. This helps to ensure relevant least-privilege and secure access to corporate resources and control all aspects of network security across cloud and on-premises applications and services.
Zero-trust provides the visibility, control and threat inspection capabilities necessary to protect networks from ransomware, targeted attacks and the unauthorized exfiltration of sensitive data. Every organization looking to establish secure “trust boundaries” according to the zero-trust security model can improve their overall security posture. As a result, organizations gain better visibility across users, devices, containers, networks and applications because verification of their security status is required with every access request.
When approached the right way, zero-trust can help enterprises become more resilient, reduce cybersecurity risk and drive digital transformation initiatives to move their business forward. Don’t connect people to a network, don’t build a moat with firewalls and VPNs—instead, focus on a zero-trust strategy and implementation where users are connected to applications, not the network.