Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Cutting Through the Noise: What is Zero Trust Security?

With proactive steps to move toward Zero Trust, technology leaders can leverage an old, yet new, idea that must become the security norm.

ZTNA Zero Trust

The Zero Trust framework has emerged as the leading security protocol for complex enterprises.

According to ZTEdge, 80% of organizations have plans to embrace a zero-trust security strategy this year, and global spending on Zero Trust will more than double between now and 2025.

This rapid growth comes more than a decade after Forrester’s John Kindervag first coined the term “Zero Trust” and nearly 30 years since the concept’s genesis was first published. Zero Trust has become so popular recently as organizations have seen its value in multi-faceted environments that feature cloud, on-premise, and legacy architecture.

Even before the Covid-19 pandemic, the size of technology ecosystems was growing at an astounding clip thanks to the increased use of hybrid cloud solutions and Software-as-a-Service applications. The Covid-19 pandemic served as another catalyst with more remote workers further expanding services and networks, leaving enterprises with an untenable area to defend.

Zero Trust gives users the bare minimum of permissions to do their job. This helps ensure that if an account is compromised, the bad actor only has limited access and cannot easily move throughout your network. Zero Trust also goes beyond just users and provides protection for all connected devices to a network, including Internet of Things technologies like webcams, smart devices, smart televisions, and badge scanners.

Is Zero Trust Right for You?

Zero Trust works on the concept that no user should be trusted by default and by being very granular about defining and verifying exactly what resource any user or device is able to access. Since no online user can be fully trusted, they must provide identity verification, even if they’ve identified their identity in another part of the system.

Organizations have long favored a perimeter security approach where the goal was to stop bad actors from entering the network altogether. This methodology primarily worked for closed, on-premises systems but could not scale to today’s enterprise needs. The complexity of current systems ultimately leaves gaps in security coverage that bad actors can hide and use to navigate through a network.

Advertisement. Scroll to continue reading.

The most severe data breaches occurred because once the external attacker gained a foothold inside the corporate network — through a system vulnerability, compromised credentials, or a gap in the firewall – they became an internal user, able to access internal systems with minimal effort.

Zero Trust works to stop this type of internal movement. It increases the barriers users, servers, and software must navigate when operating in a larger enterprise, ensuring that only the right users have proper access to certain systems or data.

Many organizations were already on the road to Zero Trust, if even indirectly. As organizations migrated apps, data, and services to the cloud, the traditional perimeter security philosophy was disbanded. The move from boundary-based security to resource-based security means some of the tenets of Zero Trust have already been put in place.

Zero Trust in Practice

The SolarWinds breach remains one of the most devastating cybersecurity events in history. Russian hackers planted malware in some SolarWinds software which users downloaded and deployed. That vulnerability then leaked data out of the network and talked to malicious external servers.

Companies that leveraged Zero Trust could have reduced the blast radius. Even though they would have downloaded the malware, the SolarWinds software would have limitations on which servers it could communicate with. That would have reduced the servers the bad actors used to collect data.

The Benefits of Zero Trust

While Zero Trust enhances security posture, it provides ancillary benefits that aid technology leaders with other efforts. Along with improving security, Zero Trust can give enterprises:

  • A more accurate inventory of technology assets. A Zero Trust framework requires administrators to understand the users, devices, data, and applications included in their organization’s infrastructure. Leveraging Zero Trust requires they create this inventory and keep it up to date, which can aid in long-term planning.
  • Improved monitoring. Security tools popular as part of a Zero Trust framework, such as SIEM, security orchestration, and automated response paired with log and event analysis, can help identify security issues and provides insight to remediate them.
  • Smarter alerts. With Zero Trust, users have narrow access and administrators can see if an account continually attempts to access unallowed areas. Combined with the monitoring tools mentioned, Zero Trust provides a more intelligent structure to find suspicious activity.
  • Better end-user experience. Zero Trust allows organizations to use single sign-on (SSO) tools that can reduce the number of passwords they must use. With SSO, users can authenticate once to gain access to what they need while leveraging security best practices such as two-factor authentication. This helps eliminate password mismanagement and streamline user access.
  • Enhanced architecture flexibility. We continue to see IT enterprises grow at a rapid rate. Utilizing Zero Trust allows organizations to add new solutions and services without creating new security policies. Zero Trust enables technology leaders to add different cloud environments and understand they will not introduce any new vulnerabilities.

More than a BuzzWord

Security professionals constantly get sold on new products and solutions that promise to solve their problems. As we’ve learned over the years, these tools often patch specific vulnerabilities but only provide part of the security needed.

There is no silver bullet when it comes to security. Zero Trust offers a change in thinking that leverages a strict set of rules and guidelines to manage behavior. As we continue to see the technology footprint of organizations grow, Zero Trust will become paramount for enterprises that want to leverage cloud applications.

We find ourselves at a tipping point in cybersecurity. The pandemic spurred an already growing technology landscape that must have a proper defense. With proactive steps to move toward Zero Trust, technology leaders can leverage an old, yet new, idea that must become the security norm.

Related: Cyber Insights 2023 | Zero Trust and Identity and Access Management

RelatedThe History and Evolution of Zero Trust

RelatedWhite House Publishes Federal Zero Trust Strategy

RelatedDemystifying Zero Trust

RelatedUniversal ZTNA is Fundamental to Your Zero Trust Strategy

Written By

Marie Hattar is chief marketing officer (CMO) at Keysight Technologies. She has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before becoming Keysight’s CMO, Marie was CMO at Ixia and at Check Point Software Technologies. Prior to that, she was Vice President at Cisco where she led the company’s enterprise networking and security portfolio and helped drive the company’s leadership in networking. Marie also worked at Nortel Networks, Alteon WebSystems, and Shasta Networks in senior marketing and CTO positions. Marie received a master’s degree in Business Administration in Marketing from York University and a Bachelor’s degree in Electrical Engineering from the University of Toronto.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.