Zero Trust Architecture — the myth & reality.

COVID-19 has challenged the status quo in every aspects of our lives. One of the areas which was challenged the most from a CIO’s perspective has been Information Governance & Assurance aggravated by exponential rise in ransomware attacks to exploit the shift of most working from home(WFH).

What has helped certain organizations to better manage this shift than others? It’s all about how holistically you govern your IT assets — in terms of threat, protection, access, detection, remediation and holistic governance of these under an integrated policy framework.

Many have been talking about ZERO TRUST ARCHITECTURE (ZTA) in this heightened state of fear-psychosis without comprehensively understanding what it means, what’s possible and what are the implications. My intention here is to give you a practical perspective and bust myths about ZTA.

What is ZTA?

The wider adaption of cloud computing, mobility and the Internet of Things has dissolved traditional network boundaries we use to have in organizations where most of the users were employees. Today, with this shift hardened network perimeters alone is no longer effective for protecting the vital IT assets of an organization and that too with the increasing sophistication of the wider threat vectors.

The concept of zero trust has been around for more than a decade, but technology to support it is now moving into the mainstream. A zero trust architecture leans heavily on components and capabilities for identity management, asset management, application authentication, network segmentation, and threat intelligence. Architecting for zero trust should enhance cybersecurity without sacrificing the user experience.

Zero trust is a design approach to architecting that helps to minimize and/or reduce an organization’s risk exposure in a so called “perimeter-less” world where one is preempted to think from a “zero-based” approach to everything about security from user, device, network/access, workloads and data.

A zero trust architecture treats all users as potential threats and prevents access to data and resources until the users can be properly authenticated and their access authorized. In essence, a zero trust architecture allows a user full access but only to the bare minimum they need to perform their job. If a device is compromised, zero trust can ensure that the damage is contained.

Zero Trust further leverage micro-segmentation and granular perimeter enforcement based on users, their locations and other data to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise. It uses technologies such as multifactor authentication, IAM, orchestration, analytics, encryption, scoring and file system permissions.

Importantly, Zero Trust also calls for stringent governance policies which takes holistic view in enforcing same.

How does ZTA coexist with your LEGACY ?

To begin with ZTA is a working concept and a journey befitting an organization where it increasingly is unable to trust the proliferation of insecure, end point devices and the network connectivity they use to establish connectivity with the CORE due to its unverifiable, dynamic, random nature of USERS, DEVICES, etc. WFH fits this scenario perfectly., but we need to understand what ZTA is trying to solve and not assume it’s a prescription to be 100% secure which is a fallacy by itself.

What’s does this mean to all of us? Shrink the CORE and strengthen it rather than the perimeter around the entire user population and specially with the increasing population of roaming/mobile users. The users who are confined to fixed workstations can still be managed with the legacy mode as long as both of these worlds can be managed in a coherent and consistent manner. In order to do so, one has to identify workloads/data which needs to be accessed and then classify same and manage the access to same via AUTHENTICATED, SECURE channel to AUTHORIZED users on a need basis rather than having a PERMANENT connection to them.

We will be in a HYBRID mode for the foreseeable future where ZTA and the LEGACY mode will co-exist until the organization is mature and fully geared to adapt a ZTA holistically in line with their Business/IT strategy vis-à-vis Security strategy and adaption and in sustaining same.

Read more about it at https://r24inc.com/2BnOfQM

Stay safe. Stay blessed.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.