Work-from-home arrangements have eroded doubts about zero-trust security, leading to expanded use of this security model.
In the wake of the pandemic, the world has witnessed a significant shift in the way organizations approach cybersecurity. Zero trust, a long-term solution, has emerged as a crucial strategy, replacing temporary measures implemented in March as remote work became the norm.
Jim Richberg, field CISO at Fortinet, stresses the importance of understanding the current network segmentation and privileged access within an organization before implementing a zero trust operation. This approach ensures a static type of zero trust operation doesn't compromise security.
Zero trust, as described by NIST, is a method for verifying computing resources or data, not user identities. The zero trust edge (SASE), a term often used, authenticates users and connects them directly to the resources they need, bypassing the need for VPNs and firewalls.
David Holmes, senior analyst at Forrester, highlights the need for a balanced approach, suggesting that overwhelming all bandwidth and consuming the entire security stack in a perimeter doesn't make sense for the remote workforce. Zero trust plays into the user experience as much as it does into security.
Gerald Caron, director of Enterprise Network Management within the State Department, emphasizes the importance of moving from the data back to the user, a concept he calls the inside-out approach. This strategy prioritizes protecting the user over the data, recognizing that at the end of the day, it is the user that needs protection.
Chase Cunningham, principal analyst at Forrester, underscores the importance of having a clear understanding of one's network, assets, and activities to ensure efficient zero trust implementation.
The Department of State has gained a deeper understanding of its risk appetite throughout the pandemic. As a result, they have made progress in securing their systems, delivering them securely to users without giving them the entire network.
Organizations like the German healthcare system agency Gematik are implementing zero-trust architecture components in their Telematics Infrastructure 2.0, with rollout planned through 2025–2026. However, improvements are still needed for full coverage and gradual migration from legacy systems.
Adote, a cybersecurity firm, recommends getting visibility before implementing new controls or technologies, including understanding how applications work. They also state that AD is not an identity management solution, and organizations need a solution underlined with 'conditional access' to create trust.
Split tunneling, a process that allows a remote VPN user to access a public network and resources on the VPN, could reduce latency and bandwidth. However, it lacks the safety zero trust strategies provide and creates a potential security vulnerability.
Progress made in zero trust can be upcycled into different zero trust projects. Companies using Illumio benefit from dynamic zero-trust enforcement and rapid containment of attacks, yet continuous refinement is critical to maintaining security. Microsoft 365 and Azure also incorporate zero-trust principles but require ongoing updates and defense-in-depth strategies to address evolving threats.
In Delaware, state employees were sent home, and their network was obstructed. Now, systems can be delivered securely to users without giving them the entire network. This shift towards zero trust adoption has been observed not just in large corporations but also in unforeseen places.
In conclusion, the zero trust edge (SASE) is becoming a cornerstone of modern cybersecurity strategies. By focusing on verifying resources and data, rather than user identities, and by prioritizing user protection, organizations can create a more secure and efficient remote work environment.
Read also:
- Cyber Attack Nets $14 Million from WOO X Across Four Different Blockchains
- Auto industry giants Fescaro and TUV Nord team up for cybersecurity certification in automobiles
- Nigerian Securities and Exchange Commission (SEC) teams up with Chainalysis to combat cryptocurrency fraud activities
- International marketing firm We Are Social intensifies global strategy for gaming industry
