Trustless, Identity-Based Security is the Future
Trust is good when it comes to interpersonal relationships. It’s not so good when it comes to corporate cyber security — at least, not in the way that it’s classically been implemented. IT systems’ approach to network security has traditionally relied on what is known as the castle-and-moat network security model.
The idea is simple and, at least in theory, makes a lot of sense: Castles employed moats, meaning a wide, deep ditch of waste that surrounded the building and acted as a deterrent and defence against attack. The focus was on keeping attackers out. However, in the event that the moat was crossed and the castle walls breached, defenders would have far fewer options available to them.
It’s the same with IT security. Previous approaches have focused on keeping bad actors out, while assuming that anyone who was operating from inside the system or on a trusted device was doing so lawfully and giving them freedom to operate. The problem is that assuming that anyone who has gained access to a system has a right to be there ignores the reality of cyber attacks. Yes, systems should be built as robustly as possible, with any vulnerabilities or unsecure architecture plugged, but assuming that any security system is ever to be 100% successful at keeping out intruders is a major error. It’s for this reason why zero trust architecture was introduced — and why it’s so rapidly changing the world of cyber security.
It’s all about identity
The ever-growing number of data breaches and supply chain attacks reported each year makes clear that even the biggest companies are not immune to falling victim to attacks. Rethinking the way that cyber security is practiced is also crucial at a time when the COVID-19 pandemic and its effects have increased remote working in which resources need to be accessed from any and everywhere. In addition, the shift to cloud computing environments means that more corporate data than ever is now stored outside of the corporate perimeter.
Zero trust is an identity-centric approach to cybersecurity built on role-based access control (RBAC). With RBAC, the role of the access requester is vital, hence the “identity centric” descriptor. It means that access to resources is awarded on a case-by-case basis centering on the notion of the principle of least privilege. In other words, users are given access to only the abilities and features that are absolutely necessary in order for them to be able to perform their job effectively.
It means, for example, that a payroll manager would receive access to the payroll management module and employee self-service portal, but not other parts of the system that they would not ordinarily be required to access. Roles — and therefore access — can be segmented according to factors like job responsibilities, location, department, organization hierarchy, and more. This approach requires the ability to identify users regardless of the device that they’re using or where they are accessing from.
Verifying identity
For this reason, strict verification of identity is integral to zero trust. This is achieved using an identify, protect, detect, and then respond workflow that requires users to authenticate their identity via a secure channel, then gives them access to just the specific apps and network resources they need. This all takes place while their behavior is being monitored for possible anomalies that could suggest that they are not acting as expected, at which case the necessary notifications can be sent out. Zero trust isn’t about stopping people from doing their job as they would like to. But it is about protecting the network at all times and stopping apparent users, erroneously or otherwise, from overstepping the bounds that have been laid out for them.
Zero trust forms an important part of Secure Access Service Edge (SASE), a next-generation network architecture combining state-of-the-art security functionality with WAN capabilities. This combination makes it perfect for a world in which, more than ever, people are working across different geographical locations. Pronounced “sassy,” SASE brings together zero trust network access (ZTNA) with other security measures like CASB (cloud access security broker), cloud SWG (secure web gateway), WaaPaaS (web API protection as a service), FWaaS (firewall as a service), and more — alongside secure network capabilities including SD-WAN.
SASE is changing everything
SASE has plenty to offer organizations, which is why it has so rapidly become a major part of cyber security strategies around the world. From a zero trust perspective, it’s essential: making scalable zero trust possible and implementing it across the entire network. In doing so, it’s changing the way that cyber security is practiced.
Cyber attacks aren’t, unfortunately, going away. In fact, they are ramping up all the time. However, by deploying the right tools to protect against them organizations needn’t be afraid of what hackers have to throw at them.
Add CEOWORLD magazine to your Google News feed.
Follow CEOWORLD magazine headlines on: Google News, LinkedIn, Twitter, and Facebook.
Copyright 2024 The CEOWORLD magazine. All rights reserved. This material (and any extract from it) must not be copied, redistributed or placed on any website, without CEOWORLD magazine' prior written consent. For media queries, please contact: info@ceoworld.biz