Security strategy begins with an attitude: Never trust, always verify. The conventional notion of the enterprise perimeter—imagining it as one big bubble to be protected—is now thoroughly outdated in a world where infiltration can be accomplished via a staggering number of devices and applications, either already in the network or soon to join it.
In a modern security environment, where devices and external data sources from the internet of things and the edge are all factors, security strategies must be built around a zero trust approach—in other words, one that trusts nothing outside or inside an organization. With this model, the network and the threats that will inevitably come are viewed as constantly in motion, amorphous and invisible. Today’s perimeter should not be seen as one big protective cover over the entire enterprise.
Zero trust architecture ensures that data and access across the network are secure and based on parameters like user identity and location. It inspects and logs all traffic, learns and monitors network patterns, and adds authentication methods into the security mix, all with the goal of seeing every user and device connected to the network at any moment.
Most organizations understand that zero trust is the best way to approach security in a perimeter-free business environment. In a recent Forbes Insights survey of more than 1,000 security practitioners and security executives (such as chief information security officers), 66% of respondents say they have zero trust policies for application behavior, devices and access. And 9 in 10 organizations identified by the survey as “cybersecurity trailblazers”—those with security highly integrated into decision-making across their IT security stacks have zero trust policies in place. In fact, it’s a distinguishing feature of their leadership.
Insider Security: Protecting The Inside Of The Perimeter
Insider threats are a major source of breaches and a concern among security teams, in large part because they originate internally in a dizzying number of ways—from devices and applications that are anywhere—and are hard to detect quickly.
Gaining the upper hand is about governing the identity and access of a big cast of players. Many breaches originate from employees and, according to Accenture’s 2018 State of Cyber Resilience, the accidental publication of confidential information and insider attacks have the greatest impact, above attacks by hackers. Ultimately, this is due to a failure to manage the digital identities and behavior of individuals like employees, contractors, partners and nonhuman actors like bots or applications. And they’re not necessarily malicious in intent; they can result from careless or poorly trained personnel or a bot that acquires new privileges.
The challenge comes down to this: making data and applications accessible to the right users in a way that is fast and efficient—and secure. It’s a tug-of-war over access and control. Simply trusting vast swaths of the enterprise’s internal landscape won’t work because the ground is constantly shifting as employees move to new roles and require different access privileges. New platforms and applications appear as well. The network keeps getting bigger—and so does the attack surface.
What organizations need is the ability to authenticate and authorize users, monitor policies and privileges in place, and detect any anomalous insider activity. Visibility and validation are mission-critical capabilities that are a particular focus for security executives. So is training to make stakeholders aware of best security practices. The idea isn’t to distrust your people but to assume they are a potential source of infiltration.
Zero Trust: Enabling Business
Successful cybersecurity strategies reduce the complexity of the IT environment to something simple—or far simpler than it would be to the unaided naked eye trying to scan the network for anomalies.
The technologies and approaches that enable zero trust accomplish four core tasks:
- Micro-segmentation.
- Application behavior and visibility.
- Multi-factor authentication (MFA).
- Least privilege.
This is the process of placing security perimeters into small, isolated areas (or zones) to maintain separate access for different parts of the network. With micro-segmentation, files in a network can be placed in separate, secure zones. A user or program with access to one of those zones won’t be able to access any of the other zones without separate authorization. This ties security to individual workloads.
One of the benefits of micro-segmentation is the enablement of application security that includes built-in policies that define allowed behavior and protection for each individual build. For example, ideation through development occurs in an environment isolated from the rest of the network so that any breach of an application will be contained and prevent spreading into the rest of the network. Visibility into application behavior on devices that access applications also needs to be taken into account so that anomalous activity can be detected and action can be taken more quickly.
MFA adds more pieces to the authentication puzzle that malicious actors must solve. The age of the password, like the conventional view of the perimeter, is a thing of the past. The use of two-factor authorization—the addition of a code sent to another device—is now widely used and accepted by consumers and stakeholders. Other forms of authentication—biometrics, for example—are emerging to bolster identity verification.
This is a principle of information security that grants only as much access as an end user—a device, a worker, a bot—needs for a particular purpose or role. It’s a key part of zero trust identity and access management, and a way to unify end user and data center security. It reduces risk to a segmented level—to applications and data—and is a way of containing or shrinking the perimeter of each individual device: A smartphone or a workstation, or any other device, gets access only to what that user needs.
Security executives are being asked to be more strategic and drive revenue through technologies and integration as their businesses expand. At the same time, cybersecurity is an incredibly complex problem to solve from both the end user side and in the data center because the attack surface is so broad. It’s no longer a question of “if” a breach will happen but “when.”
The key to enabling growth and transformation means securing digital identities to enable fluid and secure work from anywhere. A zero trust approach reduces time spent pursuing false positives and increases productivity, both among security teams and the legions of workers accessing the network from anywhere through any device.