Introduction
The continued, high frequency of successful cyberattacks against today’s enterprises has made it abundantly clear that traditional, perimeter-centric security strategies are no longer effective. The failure of resulting architectures is a product not only of the outdated assumption that everything on the inside of an organization’s network can be trusted, but also the inability of legacy countermeasures to provide adequate visibility, control, and protection of application traffic transiting associated network boundaries.
The traditional approach to network security is failing. According to the 2014 Cyberthreat Defense Report, more than 60 percent of organizations fell, victim to one or more successful cyberattacks in 2013. Given the extent to which today’s organizations continue to rely on perimeter-centric strategies, this finding should come as no surprise. The simple truth of the matter is that perimeter-based approaches to security are no longer effective.
Benefits available to organizations that implement a Zero Trust network include:
The primary issue with a perimeter-centric security strategy where countermeasures are deployed at a handful of well-defined ingress/egress points to the network is that it relies on the assumption that everything on the internal network can be trusted.
However, this assumption is no longer a safe one to make given modern business conditions and computing environments where:
Such strategies also fail to account for:
Benefits of Adopting Zero Trust Principles and Practices
There are several technical and business advantages associated to achieve a Zero Trust security architecture. These include being able to:
It is important to realize that a broken trust model is not the only item responsible for the diminishing effectiveness of perimeter-centric approaches to network security. Another contributing factor is that legacy devices and technologies commonly used to build network perimeters let too much unwanted traffic through. Typical shortcomings in this regard include the inability to:
Care must be taken to also ensure that the devices and technologies used to implement these boundaries actually provide the visibility, control, and threat inspection capabilities needed to securely enable essential business applications while still thwarting modern malware, targeted attacks, and the unauthorized exfiltration of sensitive business data.
The Zero Trust Model—Providing Effective Security for Modern Networks
A promising alternative model for IT security, Zero Trust is intended to remedy the deficiencies with perimeter-centric strategies and the legacy devices and technologies used to implement them. It does this by promoting “never trust, always verify” as its guiding principle. This differs substantially from conventional security models which operate on the basis of “trust but verify.”
In particular, with Zero Trust there is no default trust for any entity—including users, devices, applications, and packets—regardless of what it is and its location on or relative to the corporate network. In addition, verifying that authorized entities are always doing only what they’re allowed to do is no longer optional; it’s now mandatory.
The implications for these two changes are, respectively:
The core Zero Trust principle and derivative implications are further reflected and refined in the three concepts that define the operational objectives of a Zero Trust implementation.
Conclusion
Perimeter-centric security strategies continue to be sorely challenged. The issue is not only increasingly sophisticated cyberthreats, but also major changes to the technology and business landscape—such as user mobility, hyper inter-connectivity, and globalization—that invalidate the assumption that everything “on the inside” can be trusted. The bottom line is that such strategies—along with the legacy technologies used to implement them—are, for the most part, no longer effective.
Organizations looking to substantially improve their defensive posture against modern cyberthreats and more reliably prevent exfiltration of sensitive data should consider migrating to a Zero Trust security architecture. An alternative model for IT security, Zero Trust eliminates the faulty assumption of trust and rectifies the shortcomings of traditional perimeter-centric architectures by promoting the use of a Zero Trust Segmentation Platform to establish secure “trust boundaries” throughout a computing environment and, in general, in closer proximity to sensitive resources.
If you’d like to discuss any of the above best practices or lessons learned with us or to learn more about how we are partnering with companies just like yours to ensure the availability of mission-critical applications, please contact us at (855) US STELLAR. When it comes to governance, patience and perseverance really do pay off.
Because the Zero Trust Segmentation Platform is the foundation of any Zero Trust initiative, the importance of selecting the right solution cannot be over-stated. At easySERVICE Data Solution’s next-generation security platform represents an ideal candidate—one that combines unparalleled visibility, control, and threat protection capabilities with comprehensive coverage for all IT domains, from the datacenter and Internet gateway to branch offices, mobile users, and even the cloud.