Don’t trust anyone - that’s the basic premise for an advanced approach to cyber security that is being increasingly deployed across forward-thinking organisations.
The concept – at its broadest definition – is relatively easy to understand. Zero trust security works on the basis that trust is a vulnerability and that anyone inside or outside the perimeter could be a potential threat. By requiring all users to be authenticated, authorised, and continuously validated before being granted access to resources on the network, an extra layer of security is added to reduce the chance of data breach.
With zero trust as a concept becoming ever-more popular, let us take a look in greater depth at how it operates and the sorts of security benefits that can be delivered.
What are the Limitations of Existing Security Strategies?
Traditional approaches to cyber security are based on ‘castle and moat’ perimeter architectures, with IP port protocols and VPN-based systems aimed at stopping hackers from getting in. But there are several points to consider here. What happens if a hacker does manage to breach a firewall? What stops them moving swiftly through internal systems, accessing the data that they want? Also, not all malicious actors are outsiders: ominously, they can come from within, so how do we prevent ‘trusted’ people from using their privilege to wreak havoc?
Why Digital Complexity Bringing New Challenges
A Zero trust approach acknowledges the fact that your network location can no longer dictate whether you are trusted or untrusted. In today’s digital world, applications can exist anywhere - traditional on-prem DCs, public cloud, private cloud, SaaS, the list is seemingly endless. The corporate attack surface area and exposures to the Internet are growing, increasing the requirement for vulnerability management. Organisations put much faith in service providers managing that with limited control. However, users are mobile and want the same experience everywhere, plus they want it to be simple and easy to access. Meanwhile, backhauling VPN traffic/split tunnelling is messy and risky. There must be a better way.
Establishing Effective Zero Trust Architecture
The application of three types of software-defined perimeters – zero trust architectures by another name - can overcome these threats, taking advantage of the overlaps between them to provide leading-edge cyber security protection.
- Identity Aware Proxy – a Cloud VPN and published application in the cloud, using an identity provider (IdP) to verify user identity before any access is granted
- Micro-segmentation – per application data centre segmentation by allowing authorised users to access applications rather than using VLANs and Ips
- SDP controller based – uses a controller for user authentication and authorisation and then multiple gateways to terminate client access before allowing access to an application (via a client to server tunnel)
The adoption of these strategies can be used to identify the applications (the data within the application and its risk may not dictate prioritisation of any migration to an SDP model) while mapping the application and data flows. They can also be used to determine user rights per application/data set, user access procedures and policies such as client posture - all being deployed to verify continuously.
The most logical way to migrate to this model is per application and can be done in parallel with traditional access methods, once all the pre-requisites such as an IdP, correct user authorisation rights and enforcement points have been implemented.
Identifying the Best Zero Trust Solution
Zero trust architectures now represent proven and well-established cyber security strategies. That means there are plenty of first-class partners available on the market. CDW takes an agnostic approach to each of these blue-chip companies and their solutions, helping organisations move from legacy infrastructure to the best software-defined solutions for the task at-hand.
With a broad portfolio of partner solutions surrounding device, user, session, application, and data trust, CDW can help roadmap, design, and implement zero trust across your enterprise’s entire network, bringing your organisation:
- Enhanced visibility through analytics: Gather credible insights into who is accessing your information and when
- Reduced risk: Cut down on the possibility of insider threats and maintain business continuity and agility
- Permission controls: Gain the ability to grant access from anywhere and allow partner connections with limited access (if any) to mission-critical systems
- Ensured security: Gain greater control over your entire cloud environment
In short, zero trust has emerged as one of the most dynamic and responsive cyber security strategies on the market. CDW can help you take it from concept to reality.
Ross Hammond, Security Solutions Architect