Successful zero trust can only be accomplished through the construction of an integrated platform that shares information across different security technologies.
To reach this level of security, it is essential to have an integrated platform that can centralise and correlate information from various security technologies and tools that have traditionally operated in their own silos.
To achieve a comprehensive zero trust solution, companies need to integrate existing security tools to deliver endpoint, network, information and identity security across on-premises and cloud infrastructures. Such a unified platform ensures superior visibility and control, effectively securing the workforce, data and workloads.
With the onset of the pandemic, virtually overnight, businesses around the globe found themselves facing the prospect of managing the security risks associated with a distributed workforce. In the case of many companies, this has continued to today, while with others a hybrid work model has emerged as the best way forward.
In this distributed world, companies need to manage risk even more carefully, and in new and different ways than were necessary in the past. Furthermore, add to this picture how and where technology services have moved (or are moving).
A zero trust model is considered best practice in today’s cyber security landscape due to the increasing sophistication of cyber threats.
For example, back-office software was previously purchased and installed on servers that were located inside an organisation’s office. That is not the case anymore. These services are now cloud-delivered by multiple vendors all around the world.
In a permanently distributed workforce model, the traditional trust check at physical doors longer applies. Instead, it is decentralised, distributed and involves multiple vendors. The verification of trust needs to occur on the client side, considering the worker’s location and device used for login.
In this new landscape, identity security gains heightened importance, given the decentralised trust and the presence of distributed human and machine resources.
Having explained why, I will now go into some detail on how and what needs to be secured.
Let’s start with people. Extending zero trust to people begins with authentication − positively identifying legitimate users from fraudulent ones is a critical and foundational step, as companies cannot effectively enforce access controls if they do not really know who is requesting the access.
This challenge can be addressed through multifactor authentication (MFA) and contextual risk analysis from the cloud so that stronger authentication can be applied where it is needed.
However, user authentication must abide by some critical elements, such as choosing a single source of truth for identity and access management (IAM), where all users are authenticated and provided with the correct roles for authorisation.
Protecting privileged access is a necessity to secure accounts, and credentials with elevated access and MFA must be enabled for the sensitive accounts; consider widening this to all accounts.
A clear logging and auditing mechanism for users’ authentication information must be in place, as must basic identity governance to manage the user’s role assignments, onboarding and role transitions, through to off-boarding within the IAM solution.
Once user authentication is established, it becomes crucial to associate the authentication with the user’s device. There exists a significant disparity between a user authenticating from a corporate-managed device, which complies with organisational policies, and the same user authenticating from their personal device without any security measures.
The ability to differentiate between managed and unmanaged devices holds utmost importance when considering the context of an access request.
In more advanced scenarios, the compliance of devices, along with any identified risks, such as potential malware, can be leveraged to determine the level of access permitted for a given request. User authentication must adhere to the following critical elements:
- Maintain an up-to-date inventory of managed devices.
- Establish access scenarios for managed and unmanaged devices.
- Choose an endpoint security solution that allows dynamic verification of device compliance and security state.
- Navigating the implementation of zero trust network access (ZTNA).
Deploying ZTNA within an organisation’s environment can appear daunting, potentially impeding progress towards improved security and simplicity, but the following serves as guidelines to achieving a successful ZTNA model within the network environment.
Determine the optimal IAM for the organisation. The fundamental building block of any contemporary access approach is identity, as compromised identity remains the most common attack vector. When embracing the ZTNA approach, it becomes vital to establish trust in the user’s authentication and grant access to the organisation’s resources based on that trust.
In addition to restricting access based on user and device risk, status and role, successful implementation of a zero trust model also necessitates comprehensive visibility into user actions and the data being accessed.
Securing the network. The traditional approach to securing the network perimeter has been rendered obsolete by a perfect storm of mobile users, remote offices and home working, cloud apps, compliance obligations and evolving security threats.
Network and security teams require solutions that protect a remote workforce that needs to be connected around the clock and from any location. At the same time, they need a seamless and secure solution that improves the user experience.
Secure access cloud provides highly-secure granular access management for enterprise applications deployed in IaaS clouds or on-premises data centre environments. This SaaS platform eliminates the inbound connections to the network and creates a software-defined perimeter between users and corporate application and establishes application-level access.
This zero trust access service avoids the management complexity and security limitations of traditional remote access tools, ensuring all corporate applications and services are completely invisible to attackers targeting applications, firewalls and VPNs.
Securing workloads and data. As organisations have shifted their applications to cloud environments, security concerns have been raised. Although most cloud infrastructure puts strong safeguards in place to help protect customer privacy, there is often a lack of visibility into who is using the cloud and how they are using it, especially when it comes to large workloads of sensitive data that may be stored and/or processed in the cloud.
Companies need solutions in place that empower them to confidently enable cloud applications and services, while helping them stay safe, secure and compliant. In terms of data, total visibility and control of data flowing in, out and across the organisation’s extended perimeter is required.
To summarise, implementing a zero trust model is considered best practice in today’s cyber security landscape due to the increasing sophistication of cyber threats. Traditional security approaches, such as perimeter-based defences, are no longer sufficient to protect businesses from evolving threats and advanced attacks.
Written by: Michael Brink, CTO of CA Southern Africa.
Originally featured here