Written by George Wilkes on May 21, 2019
The Secure Access Paradigm Shift to Zero Trust
Legacy solutions cannot keep up with evolving security needs. Adopting a Zero Trust model allows for better authentication, monitors user accessibility, and provides control.
The basic principles of securing access to critical information have not changed, but the ecosystem your information resides in has transformed significantly. Changes in business and IT operations have introduced unnecessary complexity and risk to modern enterprises. However, the time has come for organizations to change their approach to security or risk facing the consequences of a cyberattack or data breach.
The Problem: We are trying to solve new problems with old solutions. Today, users can access sensitive networks from virtually anywhere, and interconnected systems have altered the makeup of our network architectures. Digital transformation initiatives are increasing attack surfaces and diversifying how employees, customers, and partners interact with a given organization. Amidst all of these paradigm shifts in IT, security has not been able to transform accordingly— until now.
The Solution: Enter the era of Zero Trust, a model based on the idea that no user should be inherently trusted. Zero Trust is quickly being adopted by progressive security teams who understand the need to take a different approach to securing network access. The principles of secure network access do not change; the paradigm shift is in how they are achieved.
#1) Authenticate the Identity
The outdated model of “trust, then verify” needs to end, but the secure network access principle of availability mandates that systems must be available to authorized users when they need them. The Zero Trust model, when partnered with a Software-Defined Perimeter (SDP); can successfully meet the criteria of this principle and can do so without adding unnecessary complexity.
A Software-Defined Perimeter takes an identity-centric and programmatic approach to authenticating access requests. Legacy solutions such as VPNs and Firewalls authenticate on a simple IP-address-to-Port relationship. Is this device permitted access? With VPNs, if the device, username, and password are compromised, so too is the entire organization. Conversely, identity-centric secure access takes into account the context of the user in real-time (permissions, role, time of day, location, device posture, etc.). If the criteria are not met, you can deny access privileges or require additional multifactor authentication to further verify a user’s identity before granting secure network access to sensitive data.
#2) Enforce Strict Privileges
Once secure network access has been established, the principle of confidentiality must remain intact. Lateral movement within organizations’ complex networks lends itself to significant risk from external malicious actors and insider threats. Using traditional security tools to micro-segment a network introduces complexity due to a highly manual and disparate process, especially when dealing with a heterogenous environment.
Unifying your approach to secure network access with a Software-Defined Perimeter and a fine grained microsegmentation platform simplifies the way you protect data and systems by dynamically allowing one-to-one secure connections between users and authorized network resources.
#3 Maintain Visibility and Control
The final principle requires preserving the integrity of your data. A Software-Defined Perimeter provides comprehensive audit trails and SIEM integration. This allows you to monitor access activity in real-time with tighter control over sensitive information and take the appropriate actions to mitigate threats.
Secure network access is one of three essential challenges organizations can address by adopting a focused approach to Zero Trust. If you are ready to learn about the other two, we invite you to explore Cyxtera Essential Defense.