Are you currently experiencing an attack?

Are you currently experiencing an attack?

Zero Trust Security: Getting it Right

What is Zero Trust Security?

The zero trust security model permits access to a network only after it identifies a potential user or device. This protects the network, and the data and applications within it, against advanced threats.

The model was formulated by Forrester Research VP John Kindervag in 2010. Within a decade, it became an industry standard in digital transformation, impacting the security architecture of business networks and national cyber security networks around the globe.

Business Benefits of a Zero Trust Approach to Security

Improving Visibility

Visibility is crucial for managing and controlling a network. The zero trust strategy aims to ensure that all devices present on a network—not merely those with endpoint agents installed or operational—are identified and classified. 

Visibility becomes much more complex in a modern IT environment with a large number of infrastructure as a service (IaaS) resources, software as a service (SaaS) applications, and bring your own device (BYOD) policies enabling employees to connect to the network from their personal devices.

Reducing CAPEX and OPEX

By consolidating multiple security controls across a network, companies can significantly reduce operating expenses (OPEX) and capital expenditures (CAPEX). In addition, simplified security management using zero trust protocols decreases the number of management consoles on the network, further reducing operating expenses.

Reducing Compliance Scope and Cost

Because zero trust networks are typically segmented, regulation and compliance audits are limited in scope, therefore less complicated. The result is reduced overall compliance and regulatory costs.

Supporting Cohesive IT Issue Resolution

Zero trust networks offer increased visibility and transparency. This results in improved cooperation between network, storage and security specialists, contributing to improved uptime for networks and critical systems.

Expanding the Device Horizon 

Security teams employing a zero trust security model can easily introduce new services, while specifying required privileges and data protection. Organizations can more readily adopt IoT devices, for example, without impacting existing business activities, because zero trust reduces the IoT attack surface.

Implementing Zero Trust: A Four-Step Methodology

There are various approaches to implementing zero trust in your organization. Here are the key elements of the process.

1. Focus on the ‘protect surface’ instead of the attack surface

In modern computing environments, the attack surface is constantly growing, as new types of IT assets are introduced. An understanding of the attack surface is important, but often it will be a lagging indicator. 

A new approach to threat modeling is to define a “protect surface” that specifies how the organization will defend its most valuable data, applications, and services. This may include personally identifiable information (PII), mission critical business applications, equipment used in financial transactions, and DNS systems. Each protected asset should have a microperimeter with clear policies defining how it can be accessed and used.

2. Establish a baseline of traffic flows

Identify traffic flows to, from, and between protected assets. You should understand how the various assets are communicating with each other, as part of normal business operations.

3. Define zero-trust security policies and frameworks

Using the insights gained in steps 1 and 2, segment the network(s) and isolate sensitive assets from other parts of the network. Each protected asset should have a microperimeter with access control, monitoring, and other security measures. Access control and other security measures should be constructed to allow the normal baseline of traffic flows, as defined in step 2, while restricting anything beyond these.  

4. Monitor and update policies

Zero trust architectures must adapt to new assets, devices, and usage models on the network. Establish monitoring and continuously review logs and alerts to understand how the zero trust model operates. This includes identifying legitimate communications that are blocked by the model, and suspicious or malicious communications getting through to sensitive assets, and adjusting policies accordingly.

Zero Trust Security with Reblaze

Zero Trust is often contrasted with perimeter security, but this is misguided. Zero Trust cannot replace robust perimeter security, because you must not allow external threats unfettered access to the assets within your protect surface. However, Zero Trust can still be useful; for example, it can help protect against insider threats, IT errors, social engineering attacks, and so on.

For defending your perimeter against web threats, Reblaze offers an all-in-one web security solution. It includes a next-gen cloud WAF, DDoS protection, advanced bot management, API security, ATO prevention, and more, all in a fully managed platform.

Reblaze provides web security for AWS, Azure, Digital Ocean, and GCP, and runs natively on the top-tier cloud providers, supporting hybrid, multi-, and single-cloud architectures. For more information, or to get a demo, contact us here.

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.