Enterprise Security Magazine | Thursday, August 03, 2023
A post-perimeter world requires a holistic approach to network-wide security. Zero Trust is that approach. The wall was seen to protect those on the inside from untrustworthy baddies on the other side. Now, nothing is taken for granted and zero-trust environments require full authentication for everyone and do not allow free access to anyone.
Fremont, CA: An ever-widening void was filled by new holistic approaches as traditional perimeter security was crumbling. It was no longer enough to keep the bad guys out, and it was now necessary to defend yourself from the inside out. It wasn’t just basement hackers who were making cyber attacks anymore, but email attachments, login attempts, and containerized communication were also suspect – and subject to cyber subterfuge unimaginable before the digital revolution.
In the security community, Zero Trust is one of the most widely accepted philosophies, and its far-reaching tenants can make it, and the organizations that adopt it, future-proof.
Zero Trust
In essence, zero Trust involves authorizing users and services using multiple points of authentication, assuming guilt before claiming innocence, and requiring each entity to prove itself.
A post-perimeter world requires a holistic approach to network-wide security. Zero Trust is that approach. The wall was seen to protect those on the inside from untrustworthy baddies on the other side. Now, nothing is taken for granted, and zero-trust environments require full authentication for everyone and do not allow free access to anyone.
Due to the unilateral migration to digital assets over the past decade, which has accelerated in the past few years, a scrutinizing security environment has become increasingly necessary. This growth can be attributed in part to the proliferation of three types of technology:
Remote apps
Work-from-anywhere demands are bridging the gap between office environments and new services. As a result of that rush to market, many products were not created with security in mind. Remote services must be protected with VPN-only network access, multifactor authentication, and antivirus and internet security software at home in order to mitigate those built-in vulnerabilities.
Cloud apps
Similarly, cloud apps have overtaken safety in many ways, and security practitioners now bear the burden of ensuring their cloud workloads are secure. The majority of cloud service providers provide security services, but not all. Security is offered in varying degrees by those who do offer it. Due to the interconnected nature of assets and identities in the cloud, achieving zero Trust is particularly challenging. All cloud-hosted asset management solutions must be built on a foundation of full visibility.
IoT devices
Organizations must be particularly vigilant when allowing IoT devices onto their networks because there is no standard for cybersecurity. The smart TV in the break room, as well as BYODs and innocuous smart devices, should be regarded with caution.
