Organizations invest a lot into their IT infrastructure and security, yet threats still find ways to get through. Complex hybrid environments generate airgaps in visibility, creating larger attack surfaces that allow persistent threats a pathway in. Over the last few years, there has been a fundamental shift in the security landscape as users, devices, and applications move outside the traditional network. Businesses have contractors, third-party vendors, and remote workers using their own devices to access business resources and SaaS applications such as Salesforce or Office 365. Meanwhile, applications and other workflows communicate across the cloud infrastructure like AWS and Azure back to private data centers creating multiple traffic flows that must be monitored. This creates challenges where static security tools such as NAC, VPN, and firewalls cannot give you the dynamic control that is required. The old approach, which is trust-based solely on network location, predefined user access and where the request originated from, creates a false sense of protection since these three pillars are often exploited. The new approach, which is based on the workforce, workload, and workplace methodology offers a more contextual approach by utilizing enforce-policy based controls. This Zero Trust methodology is making its way into security architectures as a means of securing access across your applications and environment from any user, device, or location. In the Zero Trust Network Architecture (ZTNA), the “protect surface”, which is made up of your:
- Workforce — includes your users and device access
- Workloads — often your most valuable data — includes cloud applications, hybrid infrastructure, and cloud infrastructure
- Workplace — your corporate environment which includes network traffic, wireless, IoT devices and user endpoints.
By correlating these 3 components, you minimize risk, simplify operations, and accelerate execution. Getting to a Zero Trust Network Architecture is straight forward and, in most cases, can be deployed in a nondisruptive manner. Start by defining your protect surface by looking at your data and where users access it. Consider the below:
- What are my applications?
- Do my applications reside on-premise or in the cloud?
- What services are needed? DNS, DHCP? Identity Services such as LDAP, Active Directory?
Keep in mind Zero Trust is about your business and how your users access the data, the key to the design it to make it about your business needs.
-Rick Beaupre, Security Solutions Architect