Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Steps to Implementing a Zero Trust Network

Steps to a Zero Trust Network – Planning for Network Security Part 2

Steps to a Zero Trust Network – Planning for Network Security Part 2

In my previous SecurityWeek column, I wrote about a variety of network security best practices that you should be planning for in 2014. One of the most fundamental is Zero Trust security segmentation.

Security segmentation has become more critical as organizations and architectures have evolved to becoming “flatter”. Technologies like cloud, ethernet switch fabrics and software defined networks make it easier to design expanded layer 2 networks which enables easier transport and delivery of applications of different trust levels. Segmentation in the past focused on compliance regulations such as HIPAA and PCI-DSS. Now, we have to consider the impact of globalization and interdependencies on global supply chains, multinational partners and global economic interactions and how to enable, yet segment them appropriately.

Zero Trust Security SegmentationZero Trust advocates for a segmented network, and security built into the architecture rather than an afterthought. It also advocates for some key principles built around the concept of “never trust, always verify” — inspect and log all traffic all the time, strictly enforce access control based on a need-to-know basis and ensure all resources are accessed in a secure manner.

The CTO of an information security organization in the Netherlands uses the analogy of the flood control systems in his country to describe Zero Trust segmentation. A combination of levees, dams and floodgates defend low-lying areas in the Netherlands against storm surges and floods from rivers like the Rhine and Meuse. Even if one levee is breached, the “breach” is contained to a specific area, a real-world representation of a Zero Trust network that can provide additional barriers against data exfiltration.

Complexity And The Wrong Technologies Are Barriers

So, what’s the problem? If segmentation helps improve your security posture, why aren’t organizations already segmenting their network? And if they are, why isn’t it working? There are several reasons. Organizations tend to fall into two categories – those who want to segment, but are worried about the complexities involved, and those who believe they are segmenting but are simply using the wrong technologies.

In the first example, organizations are challenged with a massive dilemma on where and how to start. There are also significant concerns about how to gain visibility without completely overhauling their network. After all, the business must continue to operate while security segmentation approaches are put into place.

In the second example, organizations are using technologies like VLANs and switch ACLs which provide some degree of network isolation but without critical features needed to enforce control to privileged information and not able to inspect traffic for threats.

Advertisement. Scroll to continue reading.

True Zero Trust segmentation requires a security solution that not only provides visibility into applications, users and content, and can enforce on these attributes, but can also transparently integrate into the network without impacting routing and switching protocols. This means security appliances that can provide transparent, layer 1 integration to reduce compatibility issues and configuration risks with other adjacent network devices.

Steps To A Zero Trust Network

So, how do you start? The first is to start by identifying the data and applications that you want to protect, and map the transaction flows for these applications, including where, when and to what extent specific users are using them. Critical data and applications include anything related to payment card information and credit card application access, healthcare related information, and intellectual property. Armed with this information, IT teams can then deploy Zero Trust segmentation gateways in appropriate parts of the network with the right application, user and content policies to establish trust boundaries.

Organizations that already have a good understanding of their transaction flows can map out boundaries that are associated to high-risk users. For example, branch offices in “countries of interest”, guest access networks including wireless guest access, partner B2B extranet connections, and IT management systems.

As you evaluate your security strategy in 2014, consider Zero Trust as a means to substantially improve your defensive posture against modern cyber threats and more reliably prevent exfiltration of sensitive data.

Written By

Danelle is CMO at Ordr. She has more than 20 years of experience in bring new cybersecurity technologies to market. Prior to Ordr, she was CMO at Blue Hexagon (acquired by Qualys), a company using deep-learning to detect malware, and CMO at SafeBreach where she helped build the marketing organization and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like Zero Trust, virtualization and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of a Cisco IP communications book and holds 2 US patents. She holds an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Stephanie Crowe has been appointed head of the Australian Cyber Security Centre (ACSC).

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.