Why zero trust is no longer optional
Modern networks are increasingly complex with a growing number of environments and edges. More employees are working from home all or some of the time, accessing company data and systems online via the cloud, software-as-a-service (SaaS) locations and more. They are moving between locations, expanding the edge and creating new opportunities for malicious actors to pounce. This means that deploying a zero trust edge strategy is no longer optional and must be considered essential.
Most legacy networks were built to enable access to all applications. Workers were usually located behind firewalls and the external walls of the network were considered strong enough to keep malicious actors out. However, the changing network environment means it’s no longer enough to assume a hardened exterior will achieve the same outcome. Network architectures that assume all users inside the perimeter are inherently trustworthy are no longer sufficient. Instead, it’s time to deploy zero trust in recognition of the fact that threats no longer only come from the outside.
Zero trust is a cybersecurity approach that is essential for the distributed workforce. It uniquely addresses the challenges of securing remote workers, transferring and protecting confidential data and logging and tracking activity.
It assumes there is no traditional network edge; networks could be local, cloud-based or a hybrid. It also assumes that there are no areas of implicit trust. The model is based on the principle that every device or user is potentially compromised, and therefore every access request must be authorised and continuously verified. All users, machines, applications, data sources and devices are constantly validated, and authenticity must be evaluated before access is granted to a network or anything on it. By extension, the principle of least privilege can further restrict access to only what is specifically required.
While many organisations seem to accept the validity and necessity of the zero trust model, there is some concern about the time, cost or complexity of implementing zero trust. Often, business users are concerned that zero trust will hold them back, so the business finds ways to work around stringent security to avoid slowing down business operations. However, this generally results in the business becoming compromised through increased exposure to various types of cyber attacks.
To avoid this, organisations must recognise two fundamental truths: that the business needs to adopt new technologies quickly to move fast and compete effectively; and that security should be a fundamental component of everything the company does.
This is becoming a reality through the zero trust edge strategy, which provides access to applications based on user identity and context, while restricting access to parts of the system that aren’t relevant to that user. The key to a zero trust edge strategy is the convergence between security and networking. Solutions should include secure software-defined wide area networking (SD-WAN), next-generation firewalls (NGFW) and zero trust network access (ZTNA) to guarantee consistency and resiliency.
The right SD-WAN solution will manage and protect users regardless of location, which is essential for distributed workforces. Legacy security solutions are unlikely to be up to the task of protecting dynamic and evolving networks, while converged solutions deploy consistent security everywhere. Secure remote access is crucial; it should incorporate artificial intelligence-powered filtering and cloud access security brokers (CASBs) to protect mobile users. Then, organisations should also demand a ZTNA solution that protects access from any edge.
By ensuring remote workers can have full access to the mission-critical systems and information they need to work effectively, without compromising security, a zero trust edge approach can significantly increase the resilience of modern organisations. Zero trust edge solves one of the most vexing challenges facing IT teams and frees them up to accelerate digital transformation.
Australia is turning a corner in its adoption of passkeys
The past few months have shown that people and enterprises alike are now ready to accept passkey...
Scattered Spider: where every click is one step closer to chaos
Cybercriminal group Scattered Spider often uses social engineering to gain access to identities...
The MediSecure breach thrusts the security spotlight back on service providers
Organisations have been confronting security risks in their supply chains for years, but a new...